Haby's Instructor Media Ranker

.gitignore

@@ -15,3 +15,4 @@
 
 # Ignore Byebug command history file.
 .byebug_history
+.env 

Gemfile

@@ -38,6 +38,9 @@ gem 'jbuilder', '~> 2.5'
 
 # Use the Foundation CSS framework
 gem 'foundation-rails'
+#Oauth
+gem 'omniauth'
+gem 'omniauth-github'
 
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
@@ -64,6 +67,7 @@ group :development do
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
+  gem 'dotenv-rails'
 end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem

Gemfile.lock

@@ -60,15 +60,22 @@ GEM
       execjs
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
+    dotenv (2.2.0)
+    dotenv-rails (2.2.0)
+      dotenv (= 2.2.0)
+      railties (>= 3.2, < 5.1)
     erubis (2.7.0)
     execjs (2.7.0)
+    faraday (0.11.0)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.18)
     foundation-rails (6.3.0.0)
       railties (>= 3.1.0)
       sass (>= 3.3.0, < 3.5)
       sprockets-es6 (>= 0.9.0)
     globalid (0.3.7)
       activesupport (>= 4.1.0)
+    hashie (3.5.5)
     i18n (0.8.1)
     jbuilder (2.6.3)
       activesupport (>= 3.0.0, < 5.2)
@@ -77,6 +84,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (1.5.6)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -104,9 +112,26 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.12.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.0.0)
     nokogiri (1.7.1)
       mini_portile2 (~> 2.1.0)
+    oauth2 (1.3.1)
+      faraday (>= 0.8, < 0.12)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.6.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.2.3)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
     pg (0.20.0)
     pry (0.10.4)
       coderay (~> 1.1.0)
@@ -196,6 +221,7 @@ DEPENDENCIES
   better_errors
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   foundation-rails
   jbuilder (~> 2.5)
   jquery-rails
@@ -204,6 +230,8 @@ DEPENDENCIES
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)
@@ -220,4 +248,4 @@ RUBY VERSION
    ruby 2.4.0p0
 
 BUNDLED WITH
-   1.14.4
+   1.14.6

app/controllers/application_controller.rb

@@ -2,6 +2,21 @@ class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 
   before_action :find_user
+  before_action :require_login, only: [:current_user]
+  helper_method :current_user
+
+  def require_login
+    if !session[:user_id]
+      flash[:status] = :failure
+      flash[:result_text] =
+      "You must be logged in as a user to view this page"
+      redirect_to root_path
+    end
+  end
+
+  def current_user
+    @logged_in_user ||= User.find(session[:user_id]) if session[:user_id]
+  end
 
   def render_404
     # DPR: supposedly this will actually render a 404 page in production
@@ -10,8 +25,8 @@ def render_404
 
 private
   def find_user
-    if session[:user_id]
-      @login_user = User.find_by(id: session[:user_id])
+    unless session[:user_id].nil?
+      @logged_in_user = User.find_by(id: session[:user_id])
     end
   end
 end

app/controllers/sessions_controller.rb

@@ -1,29 +1,56 @@
 class SessionsController < ApplicationController
-  def login_form
-  end
+before_action :require_login, only: [:logout], raise: false
+
+  def create
+    auth_hash = request.env['omniauth.auth']
+    user = User.find_by(uid: auth_hash["uid"], provider: auth_hash["provider"])
+
+    # if its not there (in the DB) then make/save it
+    if user.nil?
+      user = User.create_from_github(auth_hash)
+    end
 
-  def login
-    username = params[:username]
-    if username and user = User.find_by(username: username)
+    if user.nil?
+      flash[:status] = :failure
+      flash[:result_text] = "Could not log in."
+      # redirect_to :back
+    else
       session[:user_id] = user.id
       flash[:status] = :success
-      flash[:result_text] = "Successfully logged in as existing user #{user.username}"
-    else
-      user = User.new(username: username)
-      if user.save
-        session[:user_id] = user.id
-        flash[:status] = :success
-        flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
-      else
-        flash.now[:status] = :failure
-        flash.now[:result_text] = "Could not log in"
-        flash.now[:messages] = user.errors.messages
-        render "login_form", status: :bad_request
-        return
-      end
+      flash[:result_text] = "Created new account"
+      redirect_to root_path
     end
-    redirect_to root_path
+  else
+    session[:user_id] = user.id
+    flash[:status] = :success
+    flash[:result_text] = "Logged in successfully!"
+    #  redirect_to root_path
   end
+  # def login_form
+  # end
+  #
+  # def login
+  #   username = params[:username]
+  #   if username and user = User.find_by(username: username)
+  #     session[:user_id] = user.id
+  #     flash[:status] = :success
+  #     flash[:result_text] = "Successfully logged in as existing user #{user.username}"
+  #   else
+  #     user = User.new(username: username)
+  #     if user.save
+  #       session[:user_id] = user.id
+  #       flash[:status] = :success
+  #       flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
+  #     else
+  #       flash.now[:status] = :failure
+  #       flash.now[:result_text] = "Could not log in"
+  #       flash.now[:messages] = user.errors.messages
+  #       render "login_form", status: :bad_request
+  #       return
+  #     end
+  #   end
+  #   redirect_to root_path
+  # end
 
   def logout
     session[:user_id] = nil

app/controllers/users_controller.rb

@@ -1,4 +1,5 @@
 class UsersController < ApplicationController
+  before_action :require_login
   def index
     @users = User.all
   end

app/controllers/works_controller.rb

@@ -3,6 +3,8 @@ class WorksController < ApplicationController
   # of work we're dealing with
   before_action :category_from_url, only: [:index, :new, :create]
   before_action :category_from_work, except: [:root, :index, :new, :create]
+  before_action :require_ownership, only: [:edit, :update, :destroy]
+  before_action :require_login, except: [:root]
 
   def root
     @albums = Work.best_albums
@@ -22,6 +24,7 @@ def new
 
   def create
     @work = Work.new(media_params)
+    @work.user_id = session[:user_id]
     if @work.save
       flash[:status] = :success
       flash[:result_text] = "Successfully created #{@media_category.singularize} #{@work.id}"
@@ -68,8 +71,8 @@ def upvote
     # For status codes, see
     # http://stackoverflow.com/questions/3825990/http-response-code-for-post-when-resource-already-exists
     flash[:status] = :failure
-    if @login_user
-      vote = Vote.new(user: @login_user, work: @work)
+    if @logged_in_user
+      vote = Vote.new(user: @logged_in_user, work: @work)
       if vote.save
         flash[:status] = :success
         flash[:result_text] = "Successfully upvoted!"
@@ -89,7 +92,7 @@ def upvote
     redirect_back fallback_location: works_path(@media_category), status: status
   end
 
-private
+  private
   def media_params
     params.require(:work).permit(:title, :category, :creator, :description, :publication_year)
   end
@@ -103,4 +106,14 @@ def category_from_work
     render_404 unless @work
     @media_category = @work.category.downcase.pluralize
   end
+
+  def require_ownership
+    require_login
+    @work = Work.find_by(id: params[:id])
+    if @work.user_id != @logged_in_user.id
+      flash[:status] = :failure
+      flash[:result_text] = "You must be the owner of this work to make this change"
+      redirect_to :back
+    end
+  end
 end

app/models/user.rb

@@ -3,4 +3,20 @@ class User < ApplicationRecord
   has_many :ranked_works, through: :votes, source: :work
 
   validates :username, uniqueness: true, presence: true
+
+
+  def self.create_from_github(auth_hash)
+    user = User.new
+
+    if auth_hash["uid"] == nil || auth_hash["provider"] == nil || auth_hash["info"] == nil
+      return nil
+    end
+
+    user.uid = auth_hash["uid"]
+    user.provider = auth_hash["provider"]
+    user.username = auth_hash["info"]["name"]
+
+
+    user.save ? user : nil
+  end
 end

app/models/work.rb

@@ -1,6 +1,7 @@
 class Work < ApplicationRecord
   has_many :votes, dependent: :destroy
   has_many :ranking_users, through: :votes, source: :user
+  belongs_to :user
 
   validates :category,  presence: true,
                         inclusion: { in: %w(album book movie) }

app/views/layouts/application.html.erb

@@ -18,15 +18,23 @@
 
     <!-- TODO DPR: this looks really silly when the screen size is small -->
     <div class="columns large-3 small-12">
-      <% if @login_user %>
-        <p class="text-right">Logged in as <%= link_to @login_user.username, user_path(@login_user) %></p>
-        <%= link_to "Log Out", logout_path, method: :post, class: "button float-right" %>
+      <% unless
+        session[:user_id] %>
+    <p class="text-right"> <%= link_to "Sign in", "/auth/github" %>
       <% else %>
+      <%= link_to "Sign out", logout_path, method: :delete %>
+      <% end %> </p>
+
+
+      <!-- <%# if @login_user %>
+        <p class="text-right">Logged in as <%# link_to @login_user.username, user_path(@login_user) %></p>
+        <%# link_to "Log Out", logout_path, method: :post, class: "button float-right" %>
+      <%# else %>
         <p class="text-right">Not logged in</p>
-        <%= link_to "Log In", login_path, class: "button float-right" %>
-      <% end %>
+        <%# link_to "Log In", login_path, class: "button float-right" %>
+      <%# end %>
     </div>
-  </header>
+  </header> -->
 
   <% if flash[:result_text] or flash[:messages] %>
     <section class="row status <%= flash[:status] %>">

config/initializers/omniauth.rb

@@ -0,0 +1 @@
+Rails.application.config.middleware.use OmniAuth::Builder do   provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email" end

config/routes.rb

@@ -1,9 +1,10 @@
 Rails.application.routes.draw do
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
   root 'works#root'
-  get '/login', to: 'sessions#login_form', as: 'login'
-  post '/login', to: 'sessions#login'
-  post '/logout', to: 'sessions#logout', as: 'logout'
+  get "/auth/github/callback", to: "sessions#create"
+  # get '/login', to: 'sessions#login_form', as: 'login'
+  # post '/login', to: 'sessions#login'
+  delete '/logout', to: 'sessions#logout', as: 'logout'
 
   # Build the category routes for albums, books and movies
   category_constraints = { category: /(albums)|(books)|(movies)/}

db/migrate/20170501133750_add_columns_to_user.rb

@@ -0,0 +1,6 @@
+class AddColumnsToUser < ActiveRecord::Migration[5.0]
+  def change
+    add_column :users, :uid, :integer, null: false
+    add_column :users, :provider, :string, null: false 
+  end
+end

db/migrate/20170501144635_add_user_id_column_to_works.rb

@@ -0,0 +1,5 @@
+class AddUserIdColumnToWorks < ActiveRecord::Migration[5.0]
+  def change
+    add_reference :works, :user
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170407164321) do
+ActiveRecord::Schema.define(version: 20170501144635) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -19,6 +19,8 @@
     t.string   "username"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.integer  "uid",        null: false
+    t.string   "provider",   null: false
   end
 
   create_table "votes", force: :cascade do |t|
@@ -39,6 +41,8 @@
     t.datetime "updated_at",                   null: false
     t.integer  "vote_count",       default: 0
     t.integer  "publication_year"
+    t.integer  "user_id"
+    t.index ["user_id"], name: "index_works_on_user_id", using: :btree
   end
 
   add_foreign_key "votes", "users"