Require authentication for most actions

2024-09-08 20:53:07 -04:00 · 2024-09-08 20:53:07 -04:00 · 108959f2b0
commit 108959f2b0
parent d0b4d000eb
14 changed files with 73 additions and 5 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,3 +1,4 @@
 class ApplicationController < ActionController::Base
  include Authenticatable
+  include Authorizable
 end
--- a/app/controllers/concerns/authorizable.rb
+++ b/app/controllers/concerns/authorizable.rb
@ -0,0 +1,37 @@
+module Authorizable
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :require_registered_user
+  end
+
+  class_methods do
+    def allow_unregistered_user(**args)
+      skip_before_action :require_registered_user, **args
+    end
+
+    def require_unregistered_user(**args)
+      skip_before_action :require_registered_user, **args
+      before_action :require_unregistered_user, **args
+    end
+  end
+
+  private
+
+  def require_registered_user
+    Current.user.registered? || redirect_to_sign_in
+  end
+
+  def require_unregistered_user
+    Current.user.unregistered? || redirect_to_dashboard
+  end
+
+  def redirect_to_sign_in
+    session[:return_url] = request.url
+    redirect_to new_session_url, alert: "You must be logged in to continue."
+  end
+
+  def redirect_to_dashboard
+    redirect_to root_url, alert: "You are already logged in."
+  end
+end
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -1,4 +1,5 @@
 class SessionsController < ApplicationController
+  require_unregistered_user only: %i[new create]
  # GET /sessions/new
  def new
    @session = Session.new
@ -11,7 +12,6 @@ class SessionsController < ApplicationController
    respond_to do |format|
      if @session.save
        session[:current_user_id] = @session.user_id
-        Rails.logger.info("ID: #{@session.user_id}")

        format.html { redirect_to root_url, notice: "Session was successfully created." }
        format.json { render :show, status: :created, location: @session }
@ -27,7 +27,7 @@ class SessionsController < ApplicationController
    session[:current_user_id] = nil

    respond_to do |format|
-      format.html { redirect_to root_url, notice: "Session was successfully destroyed." }
+      format.html { redirect_to new_session_url, notice: "Session was successfully destroyed." }
      format.json { head :no_content }
    end
  end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,4 +1,6 @@
 class UsersController < ApplicationController
+  require_unregistered_user only: %i[new create]
+
  before_action :set_user, only: %i[ show edit update destroy ]

  # GET /users or /users.json
@ -25,6 +27,9 @@ class UsersController < ApplicationController

    respond_to do |format|
      if @user.save
+        @session = Session.new(session_params).save
+        session[:current_user_id] = @session.user_id
+
        format.html { redirect_to user_url(@user), notice: "User was successfully created." }
        format.json { render :show, status: :created, location: @user }
      else
@ -67,4 +72,8 @@ class UsersController < ApplicationController
    def user_params
      params.require(:user).permit(:email, :password, :password_confirmation)
    end
+
+    def session_params
+      user_params.slice(:email, :password)
+    end
 end
--- a/app/models/guest_user.rb
+++ b/app/models/guest_user.rb
@ -1,3 +1,5 @@
 class GuestUser
  def registered? = false
+
+  def unregistered? = true
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -2,4 +2,6 @@ class User < ApplicationRecord
  has_secure_password

  def registered? = true
+
+  def unregistered? = false
 end