Require authentication for most endpoints (#29)

Reviewed-on: #29
2024-09-08 21:07:51 -04:00 · 2024-09-08 21:07:51 -04:00 · c64550785e
commit c64550785e
parent 0f95034e8e
15 changed files with 84 additions and 11 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,4 +1,6 @@
 class UsersController < ApplicationController
+  require_unregistered_user only: %i[new create]
+
  before_action :set_user, only: %i[ show edit update destroy ]

  # GET /users or /users.json
@ -25,6 +27,9 @@ class UsersController < ApplicationController

    respond_to do |format|
      if @user.save
+        @session = Session.new(session_params).save
+        session[:current_user_id] = @session.user_id
+
        format.html { redirect_to user_url(@user), notice: "User was successfully created." }
        format.json { render :show, status: :created, location: @user }
      else
@ -67,4 +72,8 @@ class UsersController < ApplicationController
    def user_params
      params.require(:user).permit(:email, :password, :password_confirmation)
    end
+
+    def session_params
+      user_params.slice(:email, :password)
+    end
 end