Jan Edrozo | Carets

.gitignore

@@ -4,6 +4,8 @@
 # or operating system, you probably want to add a global ignore instead:
 #   git config --global core.excludesfile '~/.gitignore_global'
 
+.env
+
 # Ignore bundler config.
 /.bundle
 

Gemfile

@@ -1,12 +1,15 @@
 source 'https://rubygems.org'
 
-ruby '2.4.0'
+ruby '2.4.1'
 
 git_source(:github) do |repo_name|
   repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
   "https://github.com/#{repo_name}.git"
 end
 
+gem 'omniauth'
+gem 'omniauth-github'
+
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
 gem 'rails', '~> 5.0.2'
 # Use postgresql as the database for Active Record
@@ -44,10 +47,12 @@ group :development, :test do
   gem 'byebug', platform: :mri
 
   # Improve the error message you get in the browser
-  gem 'better_errors'
+  # gem 'better_errors'
 
   # Use pry for rails console
   gem 'pry-rails'
+
+  gem 'dotenv-rails'
 end
 
 group :test do

Gemfile.lock

@@ -44,10 +44,6 @@ GEM
     babel-transpiler (0.7.0)
       babel-source (>= 4.0, < 6)
       execjs (~> 2.0)
-    better_errors (2.1.1)
-      coderay (>= 1.0.0)
-      erubis (>= 2.6.6)
-      rack (>= 0.9.0)
     bindex (0.5.0)
     builder (3.2.3)
     byebug (9.0.6)
@@ -60,15 +56,22 @@ GEM
       execjs
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
+    dotenv (2.2.1)
+    dotenv-rails (2.2.1)
+      dotenv (= 2.2.1)
+      railties (>= 3.2, < 5.2)
     erubis (2.7.0)
     execjs (2.7.0)
+    faraday (0.12.2)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.18)
     foundation-rails (6.3.0.0)
       railties (>= 3.1.0)
       sass (>= 3.3.0, < 3.5)
       sprockets-es6 (>= 0.9.0)
     globalid (0.3.7)
       activesupport (>= 4.1.0)
+    hashie (3.5.6)
     i18n (0.8.1)
     jbuilder (2.6.3)
       activesupport (>= 3.0.0, < 5.2)
@@ -77,6 +80,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (1.5.6)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -104,9 +108,26 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.12.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.0.0)
     nokogiri (1.7.1)
       mini_portile2 (~> 2.1.0)
+    oauth2 (1.4.0)
+      faraday (>= 0.8, < 0.13)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.7.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.3.0)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
     pg (0.20.0)
     pry (0.10.4)
       coderay (~> 1.1.0)
@@ -193,9 +214,9 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  better_errors
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   foundation-rails
   jbuilder (~> 2.5)
   jquery-rails
@@ -204,6 +225,8 @@ DEPENDENCIES
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)
@@ -217,7 +240,7 @@ DEPENDENCIES
   web-console (>= 3.3.0)
 
 RUBY VERSION
-   ruby 2.4.0p0
+   ruby 2.4.1p111
 
 BUNDLED WITH
-   1.14.4
+   1.16.0.pre.3

app/controllers/application_controller.rb

@@ -4,14 +4,22 @@ class ApplicationController < ActionController::Base
   before_action :find_user
 
   def render_404
-    # DPR: supposedly this will actually render a 404 page in production
-    raise ActionController::RoutingError.new('Not Found')
+    # # DPR: supposedly this will actually render a 404 page in production
+    # raise ActionController::RoutingError.new('Not Found')
+    # Above code does not seem to pass test?
+
+    render file: "#{Rails.root}/public/404.html" , status: :not_found
   end
 
 private
   def find_user
     if session[:user_id]
       @login_user = User.find_by(id: session[:user_id])
+    else
+      #if not a registered user, redirect to homepage
+      flash[:status] = :failure
+      flash[:result_text] = "You must be logged in"
+      redirect_to root_path
     end
   end
 end

app/controllers/sessions_controller.rb

@@ -1,4 +1,6 @@
 class SessionsController < ApplicationController
+  skip_before_action :find_user
+
   def login_form
   end
 
@@ -31,4 +33,25 @@ def logout
     flash[:result_text] = "Successfully logged out"
     redirect_to root_path
   end
+
+  def create
+    @auth_hash = request.env['omniauth.auth']
+
+    @user = User.find_by(uid: @auth_hash['uid'], provider: @auth_hash['provider'])
+
+    if @user
+      session[:user_id] = @user.id
+      flash[:success] = "#{@user.username} is now logged in"
+    else
+      @user = User.new(uid: @auth_hash['uid'], provider: @auth_hash['provider'], username: @auth_hash['info']['nickname'], email: @auth_hash['info']['email'])
+
+      if @user.save
+        session[:user_id] = @user.id
+        flash[:success] = "Welcome #{@user.username}"
+      else
+        flash[:error] = "Unable to save user!"
+      end
+    end
+    redirect_to root_path
+  end
 end

app/controllers/users_controller.rb

@@ -1,4 +1,5 @@
 class UsersController < ApplicationController
+
   def index
     @users = User.all
   end

app/controllers/works_controller.rb

@@ -1,9 +1,14 @@
 class WorksController < ApplicationController
   # We should always be able to tell what category
   # of work we're dealing with
+  skip_before_action :find_user, only: [:root]
   before_action :category_from_work, except: [:root, :index, :new, :create]
 
   def root
+    if session[:user_id]
+      @login_user = User.find_by(id: session[:user_id])
+    end
+
     @albums = Work.best_albums
     @books = Work.best_books
     @movies = Work.best_movies
@@ -20,6 +25,7 @@ def new
 
   def create
     @work = Work.new(media_params)
+    @work.user = @login_user
     @media_category = @work.category
     if @work.save
       flash[:status] = :success
@@ -41,24 +47,39 @@ def edit
   end
 
   def update
-    @work.update_attributes(media_params)
-    if @work.save
-      flash[:status] = :success
-      flash[:result_text] = "Successfully updated #{@media_category.singularize} #{@work.id}"
-      redirect_to work_path(@work)
+
+    if @work.user == @login_user
+      @work.update_attributes(media_params)
+      if @work.save
+        flash[:status] = :success
+        flash[:result_text] = "Successfully updated #{@media_category.singularize} #{@work.id}"
+        redirect_to work_path(@work)
+      else
+        flash.now[:status] = :failure
+        flash.now[:result_text] = "Could not update #{@media_category.singularize}"
+        flash.now[:messages] = @work.errors.messages
+        render :edit, status: :not_found
+      end
     else
-      flash.now[:status] = :failure
-      flash.now[:result_text] = "Could not update #{@media_category.singularize}"
-      flash.now[:messages] = @work.errors.messages
-      render :edit, status: :not_found
+      flash[:status] = :failure
+      flash[:result_text] = "Sorry, you cannot edit this work. Only the user who added the work can edit this work."
+      flash[:messages] = @work.errors.messages
+      redirect_to work_path(@work)
     end
   end
 
   def destroy
-    @work.destroy
-    flash[:status] = :success
-    flash[:result_text] = "Successfully destroyed #{@media_category.singularize} #{@work.id}"
-    redirect_to root_path
+    if @work.user == @login_user
+      @work.destroy
+      flash[:status] = :success
+      flash[:result_text] = "Successfully destroyed #{@media_category.singularize} #{@work.id}"
+      redirect_to root_path
+    else
+      flash[:status] = :failure
+      flash[:result_text] = "Sorry, you cannot delete this work. Only the user who added the work can delete this work."
+      flash[:messages] = @work.errors.messages
+      redirect_to work_path(@work)
+    end
   end
 
   def upvote

app/models/user.rb

@@ -1,4 +1,5 @@
 class User < ApplicationRecord
+  has_many :works
   has_many :votes
   has_many :ranked_works, through: :votes, source: :work
 

app/models/work.rb

@@ -1,5 +1,8 @@
 class Work < ApplicationRecord
   CATEGORIES = %w(album book movie)
+
+  belongs_to :user
+
   has_many :votes, dependent: :destroy
   has_many :ranking_users, through: :votes, source: :user
 

app/views/layouts/application.html.erb

@@ -51,5 +51,6 @@
   <main class="row">
     <%= yield %>
   </main>
+
 </body>
 </html>

app/views/sessions/create.html.erb

@@ -0,0 +1 @@
+<h2>Create</h2>

app/views/sessions/login_form.html.erb

@@ -1,8 +1,11 @@
 <h2>Log In</h2>
+
+
 <%= form_tag do %>
   <%= label_tag(:username, "Username") %>
   <%= text_field_tag(:username) %>
-  <%= submit_tag("Log In", class: "button") %>
+  <%= submit_tag("Log In[Temp. Disabled]", class: "button") %>
+  <%= link_to("Log in with Github", "/auth/github", class: "button") %>
 <% end %>
 
 <article>

config/initializers/omniauth.rb

@@ -0,0 +1,3 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email"
+end

config/routes.rb

@@ -1,6 +1,9 @@
 Rails.application.routes.draw do
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
   root 'works#root'
+
+  get "/auth/github/callback", to: "sessions#create", as: 'auth_callback_github'
+
   get '/login', to: 'sessions#login_form', as: 'login'
   post '/login', to: 'sessions#login'
   post '/logout', to: 'sessions#logout', as: 'logout'

db/migrate/20171016203516_add_ui_dand_provider.rb

@@ -0,0 +1,6 @@
+class AddUiDandProvider < ActiveRecord::Migration[5.0]
+  def change
+    add_column :users, :uid, :integer, null: false
+    add_column :users, :provider, :string,  null: false
+  end
+end

db/migrate/20171016205024_add_emailto_user.rb

@@ -0,0 +1,5 @@
+class AddEmailtoUser < ActiveRecord::Migration[5.0]
+  def change
+    add_column :users, :email, :string
+  end
+end

db/migrate/20171016224038_add_user_i_dto_work.rb

@@ -0,0 +1,5 @@
+class AddUserIDtoWork < ActiveRecord::Migration[5.0]
+  def change
+    add_reference :works, :user, foreign_key: true
+  end
+end

db/migrate/20171016224423_remove_user_integerfrom_works.rb

@@ -0,0 +1,5 @@
+class RemoveUserIntegerfromWorks < ActiveRecord::Migration[5.0]
+  def change
+    remove_column :works, :user_id
+  end
+end

db/migrate/20171016224619_add_user_i_dto_work2ndtime.rb

@@ -0,0 +1,5 @@
+class AddUserIDtoWork2ndtime < ActiveRecord::Migration[5.0]
+  def change
+    add_reference :works, :user, foreign_key: true
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170407164321) do
+ActiveRecord::Schema.define(version: 20171016224619) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -19,6 +19,9 @@
     t.string   "username"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.integer  "uid",        null: false
+    t.string   "provider",   null: false
+    t.string   "email"
   end
 
   create_table "votes", force: :cascade do |t|
@@ -39,8 +42,11 @@
     t.datetime "updated_at",                   null: false
     t.integer  "vote_count",       default: 0
     t.integer  "publication_year"
+    t.integer  "user_id"
+    t.index ["user_id"], name: "index_works_on_user_id", using: :btree
   end
 
   add_foreign_key "votes", "users"
   add_foreign_key "votes", "works"
+  add_foreign_key "works", "users"
 end