songtianlun
2b03661431
- Implement friendly forwarding for user login - Add correct_user method to ensure users can only edit their own profiles - Update sessions_controller to handle forwarding URL - Enhance user controller tests to verify redirection for unauthorized access These changes improve user experience by allowing users to be redirected back to their intended page after logging in. Additionally, the new correct_user method enhances security by preventing users from editing other users' profiles, ensuring proper authorization checks are in place.
62 lines
1.2 KiB
Ruby
62 lines
1.2 KiB
Ruby
class UsersController < ApplicationController
|
|
include SessionsHelper
|
|
before_action :logged_in_user, only: [:edit, :update]
|
|
before_action :correct_user, only: [:edit, :update]
|
|
def show
|
|
@user = User.find(params[:id])
|
|
# debugger
|
|
end
|
|
def new
|
|
@user = User.new
|
|
# debugger
|
|
end
|
|
|
|
def create
|
|
@user = User.new(user_params)
|
|
if @user.save
|
|
reset_session
|
|
log_in @user
|
|
flash[:success] = "Welcome to the Sample App!"
|
|
redirect_to @user
|
|
# redirect_to user_url(@user)
|
|
else
|
|
render 'new'
|
|
end
|
|
end
|
|
|
|
def edit
|
|
@user = User.find(params[:id])
|
|
end
|
|
|
|
def update
|
|
@user = User.find(params[:id])
|
|
if @user.update(user_params)
|
|
flash[:success] = "Profile updated"
|
|
redirect_to @user
|
|
# redirect_to user_url(@user)
|
|
else
|
|
render 'edit'
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def user_params
|
|
params.require(:user).permit(:name, :email, :password,
|
|
:password_confirmation)
|
|
end
|
|
|
|
def logged_in_user
|
|
unless logged_in?
|
|
store_location
|
|
flash[:danger] = "Please log in."
|
|
redirect_to login_url
|
|
end
|
|
end
|
|
|
|
def correct_user
|
|
@user = User.find(params[:id])
|
|
redirect_to(root_url) unless current_user?(@user)
|
|
end
|
|
end
|