Chantal's instructor media ranker

.gitignore

@@ -15,3 +15,4 @@
 
 # Ignore Byebug command history file.
 .byebug_history
+.env

Gemfile

@@ -38,6 +38,8 @@ gem 'jbuilder', '~> 2.5'
 
 # Use the Foundation CSS framework
 gem 'foundation-rails'
+gem "omniauth"
+gem "omniauth-github"
 
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
@@ -48,6 +50,8 @@ group :development, :test do
 
   # Use pry for rails console
   gem 'pry-rails'
+
+  gem 'dotenv-rails'
 end
 
 group :test do
@@ -64,6 +68,8 @@ group :development do
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
+  gem 'binding_of_caller'
+
 end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem

Gemfile.lock

@@ -49,6 +49,8 @@ GEM
       erubis (>= 2.6.6)
       rack (>= 0.9.0)
     bindex (0.5.0)
+    binding_of_caller (0.7.2)
+      debug_inspector (>= 0.0.1)
     builder (3.2.3)
     byebug (9.0.6)
     coderay (1.1.1)
@@ -60,15 +62,23 @@ GEM
       execjs
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
+    debug_inspector (0.0.2)
+    dotenv (2.2.0)
+    dotenv-rails (2.2.0)
+      dotenv (= 2.2.0)
+      railties (>= 3.2, < 5.1)
     erubis (2.7.0)
     execjs (2.7.0)
+    faraday (0.11.0)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.18)
     foundation-rails (6.3.0.0)
       railties (>= 3.1.0)
       sass (>= 3.3.0, < 3.5)
       sprockets-es6 (>= 0.9.0)
     globalid (0.3.7)
       activesupport (>= 4.1.0)
+    hashie (3.5.5)
     i18n (0.8.1)
     jbuilder (2.6.3)
       activesupport (>= 3.0.0, < 5.2)
@@ -77,6 +87,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (1.5.6)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -104,9 +115,26 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.12.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.0.0)
     nokogiri (1.7.1)
       mini_portile2 (~> 2.1.0)
+    oauth2 (1.3.1)
+      faraday (>= 0.8, < 0.12)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.6.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.2.3)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
     pg (0.20.0)
     pry (0.10.4)
       coderay (~> 1.1.0)
@@ -194,8 +222,10 @@ PLATFORMS
 
 DEPENDENCIES
   better_errors
+  binding_of_caller
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   foundation-rails
   jbuilder (~> 2.5)
   jquery-rails
@@ -204,6 +234,8 @@ DEPENDENCIES
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)
@@ -220,4 +252,4 @@ RUBY VERSION
    ruby 2.4.0p0
 
 BUNDLED WITH
-   1.14.4
+   1.14.5

app/controllers/application_controller.rb

@@ -1,14 +1,24 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
-
   before_action :find_user
+  before_action :require_login
+
+  def require_login
+    if !session[:user_id]
+      # flash[:warning] = "You must be logged in to do that!"
+      flash[:status] = :failure
+      flash[:result_text] = "You must be logged in to do that!"
+      redirect_to root_path
+    end
+  end
+
 
   def render_404
     # DPR: supposedly this will actually render a 404 page in production
     raise ActionController::RoutingError.new('Not Found')
   end
 
-private
+  private
   def find_user
     if session[:user_id]
       @login_user = User.find_by(id: session[:user_id])

app/controllers/sessions_controller.rb

@@ -1,34 +1,54 @@
 class SessionsController < ApplicationController
-  def login_form
-  end
+  skip_before_action :require_login, only: [:create]
+
+  def login_form; end
+
+  def create
+    auth_hash = request.env['omniauth.auth']
+
+    user = User.find_by(uid: auth_hash["uid"], provider: auth_hash["provider"])
 
-  def login
-    username = params[:username]
-    if username and user = User.find_by(username: username)
-      session[:user_id] = user.id
-      flash[:status] = :success
-      flash[:result_text] = "Successfully logged in as existing user #{user.username}"
-    else
-      user = User.new(username: username)
-      if user.save
-        session[:user_id] = user.id
-        flash[:status] = :success
-        flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
-      else
-        flash.now[:status] = :failure
-        flash.now[:result_text] = "Could not log in"
-        flash.now[:messages] = user.errors.messages
-        render "login_form", status: :bad_request
-        return
+    if user.nil?
+      user = User.create_from_github(auth_hash)
+      if user.nil?
+        flash[:error] = "Could not log in"
+        redirect_to root_path
       end
     end
+
+
+    session[:user_id] = user.id
+    flash[:success] = "Logged in successfully!"
     redirect_to root_path
   end
 
   def logout
-    session[:user_id] = nil
-    flash[:status] = :success
-    flash[:result_text] = "Successfully logged out"
+    session.delete(:user_id)
+    flash[:success] = "You are successfully logged out"
     redirect_to root_path
   end
+
 end
+
+# def login
+#   username = params[:username]
+#   if username and user = User.find_by(username: username)
+#     session[:user_id] = user.id
+#     flash[:status] = :success
+#     flash[:result_text] = "Successfully logged in as existing user #{user.username}"
+#   else
+#     user = User.new(username: username)
+#     if user.save
+#       session[:user_id] = user.id
+#       flash[:status] = :success
+#       flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
+#     else
+#       flash.now[:status] = :failure
+#       flash.now[:result_text] = "Could not log in"
+#       flash.now[:messages] = user.errors.messages
+#       render "login_form", status: :bad_request
+#       return
+#     end
+#   end
+#   redirect_to root_path
+# end

app/controllers/works_controller.rb

@@ -3,6 +3,8 @@ class WorksController < ApplicationController
   # of work we're dealing with
   before_action :category_from_url, only: [:index, :new, :create]
   before_action :category_from_work, except: [:root, :index, :new, :create]
+  before_action :require_permission, only: [:edit, :destroy]
+  skip_before_action :require_login, only: [:root]
 
   def root
     @albums = Work.best_albums
@@ -38,8 +40,7 @@ def show
     @votes = @work.votes.order(created_at: :desc)
   end
 
-  def edit
-  end
+  def edit; end
 
   def update
     @work.update_attributes(media_params)
@@ -89,6 +90,14 @@ def upvote
     redirect_back fallback_location: works_path(@media_category), status: status
   end
 
+def require_permission
+  if @login_user != Work.find(params[:id]).creator
+    flash[:result_text] = "You must log in to do that"
+    status = :unauthorized
+    redirect_back fallback_location: works_path(@media_category), status: status
+  end
+end
+
 private
   def media_params
     params.require(:work).permit(:title, :category, :creator, :description, :publication_year)

app/models/user.rb

@@ -2,5 +2,17 @@ class User < ApplicationRecord
   has_many :votes
   has_many :ranked_works, through: :votes, source: :work
 
-  validates :username, uniqueness: true, presence: true
+  validates :username, uniqueness: true
+
+  def self.create_from_github(auth_hash)
+      user = User.new
+      user.uid = auth_hash["uid"]
+      user.provider = auth_hash["provider"]
+      user.name = auth_hash["info"]["name"]
+      user.email = auth_hash["info"]["email"]
+
+      user.save! ? user : nil
+  end
+
+
 end

app/views/layouts/application.html.erb

@@ -23,7 +23,7 @@
         <%= link_to "Log Out", logout_path, method: :post, class: "button float-right" %>
       <% else %>
         <p class="text-right">Not logged in</p>
-        <%= link_to "Log In", login_path, class: "button float-right" %>
+        <%= link_to "Login using GitHub", "/auth/github", class: "button float-right" %>
       <% end %>
     </div>
   </header>

config/initializers/omniauth.rb

@@ -0,0 +1,4 @@
+
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email"
+end

config/routes.rb

@@ -1,10 +1,12 @@
 Rails.application.routes.draw do
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
   root 'works#root'
-  get '/login', to: 'sessions#login_form', as: 'login'
-  post '/login', to: 'sessions#login'
+  # get '/login', to: 'sessions#login_form', as: 'login'
+  # post '/login', to: 'sessions#login'
   post '/logout', to: 'sessions#logout', as: 'logout'
 
+  get "/auth/:provider/callback", to: "sessions#create"
+
   # Build the category routes for albums, books and movies
   category_constraints = { category: /(albums)|(books)|(movies)/}
   get '/:category', to: 'works#index', as: 'works', constraints: category_constraints

db/migrate/20170417222439_change_user_columns.rb

@@ -0,0 +1,12 @@
+class ChangeUserColumns < ActiveRecord::Migration[5.0]
+  def change
+    add_column :users, :uid, :integer
+
+    add_column :users, :provider, :string
+
+    add_column :users, :name, :string
+
+    add_column :users, :email, :string
+
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170407164321) do
+ActiveRecord::Schema.define(version: 20170417222439) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -19,6 +19,10 @@
     t.string   "username"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.integer  "uid"
+    t.string   "provider"
+    t.string   "name"
+    t.string   "email"
   end
 
   create_table "votes", force: :cascade do |t|