Lock down pages
Add a `require_login` before_action to ApplicationController so we need to specifically make pages public rather than the reverse.
This commit is contained in:
Trevor Vallender
parent
d5b5bbdbfd
commit
b246c5ac70
|
|
@ -1,2 +1,9 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class ApplicationController < ActionController::Base
|
class ApplicationController < ActionController::Base
|
||||||
|
before_action :require_login
|
||||||
|
|
||||||
|
def require_login
|
||||||
|
redirect_to new_session_path unless helpers.logged_in?
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class EmailConfirmationsController < ApplicationController
|
class EmailConfirmationsController < ApplicationController
|
||||||
|
skip_before_action :require_login, only: [:confirm]
|
||||||
def confirm
|
def confirm
|
||||||
@user = User.find_by(email: params[:email])
|
@user = User.find_by(email: params[:email])
|
||||||
if params[:confirmation_string] == @user.email_confirmation_string
|
if params[:confirmation_string] == @user.email_confirmation_string
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class SessionsController < ApplicationController
|
class SessionsController < ApplicationController
|
||||||
|
skip_before_action :require_login, only: [:new, :create]
|
||||||
|
|
||||||
before_action :set_user, only: [:create]
|
before_action :set_user, only: [:create]
|
||||||
before_action :ensure_email_confirmed, only: [:create]
|
before_action :ensure_email_confirmed, only: [:create]
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class UsersController < ApplicationController
|
class UsersController < ApplicationController
|
||||||
|
skip_before_action :require_login, only: [:new, :create, :show]
|
||||||
|
|
||||||
before_action :set_user, only: [:edit, :update, :show]
|
before_action :set_user, only: [:edit, :update, :show]
|
||||||
|
|
||||||
def new
|
def new
|
||||||
|
|
|
||||||
|
|
@ -13,12 +13,12 @@
|
||||||
<body>
|
<body>
|
||||||
<header>
|
<header>
|
||||||
<%= link_to root_path do %>
|
<%= link_to root_path do %>
|
||||||
<h1>Summon Player</h1>
|
<h1><%= t("site_title") %></h1>
|
||||||
<% end %>
|
<% end %>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li><%= link_to t("home"), root_path %></li>
|
|
||||||
<% if logged_in? %>
|
<% if logged_in? %>
|
||||||
|
<li><%= link_to t("home"), root_path %></li>
|
||||||
<li><%= link_to t("profile"), user_path(current_user) %></li>
|
<li><%= link_to t("profile"), user_path(current_user) %></li>
|
||||||
<li><%= link_to t("log_out"), log_out_path, data: { turbo_method: :delete } %></li>
|
<li><%= link_to t("log_out"), log_out_path, data: { turbo_method: :delete } %></li>
|
||||||
<% else %>
|
<% else %>
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,10 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require "test_helper"
|
||||||
|
|
||||||
|
class UsersControllerTest < ActionDispatch::IntegrationTest
|
||||||
|
test "cannot edit a user when not logged in" do
|
||||||
|
get edit_user_path(users(:user))
|
||||||
|
assert_redirected_to new_session_path
|
||||||
|
end
|
||||||
|
end
|
||||||
Loading…
Reference in New Issue