From 634cf4ee06a4820eaa2431a272b9a223118cf884 Mon Sep 17 00:00:00 2001 From: Matthew Lemon Date: Mon, 11 Nov 2024 21:09:06 +0000 Subject: Adds is_admin to the User model and ensures only admin users can add new resource --- app/controllers/pdfresources_controller.rb | 8 ++++++++ app/views/registrations/new.html.erb | 2 +- config/routes.rb | 1 + db/migrate/20241111204736_add_is_admin_to_user.rb | 5 +++++ db/schema.rb | 3 ++- 5 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 db/migrate/20241111204736_add_is_admin_to_user.rb diff --git a/app/controllers/pdfresources_controller.rb b/app/controllers/pdfresources_controller.rb index 068b61a..1f8a6af 100644 --- a/app/controllers/pdfresources_controller.rb +++ b/app/controllers/pdfresources_controller.rb @@ -1,5 +1,6 @@ class PdfresourcesController < ApplicationController before_action :set_pdfresource, only: %i[ show edit update destroy ] + before_action :require_admin, only: %i[ new create update destroy ] # GET /pdfresources or /pdfresources.json def index @@ -67,4 +68,11 @@ class PdfresourcesController < ApplicationController def pdfresource_params params.expect(pdfresource: [ :name, :stripe_product_id, :price, :age_range, :curriculum, :feature_slot, :description, :card_description, pdfs: [], thumbnails: [] ]) end + + #must be admin! + def require_admin + unless Current.session.user&.is_admin + redirect_to root_path, notice: "You must be an admin to perform this action." + end + end end diff --git a/app/views/registrations/new.html.erb b/app/views/registrations/new.html.erb index b9e01e1..f70d143 100644 --- a/app/views/registrations/new.html.erb +++ b/app/views/registrations/new.html.erb @@ -26,7 +26,7 @@ <%= label_tag "email_address", nil, class: "font-bold text-gray-700" %> <%= form.email_field :email_address, required: true, autocomplete: "email_address", placeholder: "Enter your email address", value: params[:email_address], class: "block shadow rounded-md border border-gray-400 outline-none px-3 py-2 mt-2 w-full" %> - +
<%= label_tag "password", nil, class: "font-bold text-gray-700" %> <%= form.password_field :password, required: true, autocomplete: "new-password", placeholder: "Enter new password", maxlength: 72, class: "block shadow rounded-md border border-gray-400 outline-none px-3 py-2 mt-2 w-full" %> diff --git a/config/routes.rb b/config/routes.rb index 66bd997..3cf676f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,5 +1,6 @@ Rails.application.routes.draw do resources :pdfresources + resources :users resource :session resources :passwords, param: :token resource :registration, only: [:new, :create] diff --git a/db/migrate/20241111204736_add_is_admin_to_user.rb b/db/migrate/20241111204736_add_is_admin_to_user.rb new file mode 100644 index 0000000..a055513 --- /dev/null +++ b/db/migrate/20241111204736_add_is_admin_to_user.rb @@ -0,0 +1,5 @@ +class AddIsAdminToUser < ActiveRecord::Migration[8.0] + def change + add_column :users, :is_admin, :boolean, default: false + end +end diff --git a/db/schema.rb b/db/schema.rb index 96d2113..1977b3f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[8.0].define(version: 2024_11_11_162806) do +ActiveRecord::Schema[8.0].define(version: 2024_11_11_204736) do create_table "active_storage_attachments", force: :cascade do |t| t.string "name", null: false t.string "record_type", null: false @@ -68,6 +68,7 @@ ActiveRecord::Schema[8.0].define(version: 2024_11_11_162806) do t.string "password_digest", null: false t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.boolean "is_admin", default: false t.index ["email_address"], name: "index_users_on_email_address", unique: true end -- cgit v1.2.3