質問編集履歴

1

controllerを追加しました. これで足りますでしょうか?

2020/06/12 02:11

投稿

sasaharukimedes
sasaharukimedes

スコア27

test CHANGED
File without changes
test CHANGED
@@ -262,6 +262,174 @@
262
262
 
263
263
  ```
264
264
 
265
+ **app/controllers/users_controller.rb**
266
+
267
+ ```
268
+
269
+ class UsersController < ApplicationController
270
+
271
+ before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
272
+
273
+ before_action :correct_user, only: [:edit, :update]
274
+
275
+ before_action :admin_user, only: :destroy
276
+
277
+
278
+
279
+ def destroy
280
+
281
+ User.find(params[:id]).destroy
282
+
283
+ flash[:success] = "User deleted"
284
+
285
+ redirect_to users_url
286
+
287
+ end
288
+
289
+
290
+
291
+ def index
292
+
293
+ #@users = User.paginate(page: params[:page])
294
+
295
+ @users = User.where(activated: true).paginate(page: params[:page])
296
+
297
+ end
298
+
299
+
300
+
301
+
302
+
303
+ def show
304
+
305
+ @user = User.find_by(params[:id])
306
+
307
+ redirect_to root_url and return unless @user.activated?
308
+
309
+ @microposts = @user.microposts.paginate(page: params[:page])
310
+
311
+ end
312
+
313
+
314
+
315
+ def new
316
+
317
+ @user = User.new
318
+
319
+ end
320
+
321
+
322
+
323
+ def create
324
+
325
+ @user = User.new(user_params) # params[:user]実装は終わっていないことに注意!
326
+
327
+ #マスアサインメント脆弱性
328
+
329
+ if @user.save
330
+
331
+ @user.send_activation_email
332
+
333
+ flash[:info] = "Please check your email to activate your account."
334
+
335
+ redirect_to root_url
336
+
337
+ else
338
+
339
+ render 'new'
340
+
341
+ end
342
+
343
+ end
344
+
345
+
346
+
347
+ def edit
348
+
349
+ end
350
+
351
+
352
+
353
+ def update
354
+
355
+ if @user.update(user_params)
356
+
357
+ flash[:success] = "Profile updated"
358
+
359
+ redirect_to @user
360
+
361
+ #更新に成功した場合に扱う
362
+
363
+ else
364
+
365
+ render "edit"
366
+
367
+ end
368
+
369
+ end
370
+
371
+
372
+
373
+ private
374
+
375
+
376
+
377
+ def user_params
378
+
379
+ params.require(:user).permit(:name, :email, :password,
380
+
381
+ :password_confirmation)
382
+
383
+ end
384
+
385
+
386
+
387
+ # beforeアクション
388
+
389
+
390
+
391
+ # ログイン済みユーザーかどうか確認
392
+
393
+ def logged_in_user
394
+
395
+ unless logged_in?
396
+
397
+ store_location
398
+
399
+ flash[:danger] = "Please log in."
400
+
401
+ redirect_to login_url
402
+
403
+ end
404
+
405
+ end
406
+
407
+
408
+
409
+ # 正しいユーザーかどうか確認
410
+
411
+ def correct_user
412
+
413
+ @user = User.find(params[:id])
414
+
415
+ redirect_to(root_url) unless current_user?(@user)
416
+
417
+ end
418
+
419
+
420
+
421
+ #管理者かどうか確認
422
+
423
+ def admin_user
424
+
425
+ redirect_to(root_url) unless current_user.admin?
426
+
427
+ end
428
+
429
+ end
430
+
431
+ ```
432
+
265
433
 
266
434
 
267
435