質問編集履歴
1
controllerを追加しました. これで足りますでしょうか?
test
CHANGED
File without changes
|
test
CHANGED
@@ -262,6 +262,174 @@
|
|
262
262
|
|
263
263
|
```
|
264
264
|
|
265
|
+
**app/controllers/users_controller.rb**
|
266
|
+
|
267
|
+
```
|
268
|
+
|
269
|
+
class UsersController < ApplicationController
|
270
|
+
|
271
|
+
before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
|
272
|
+
|
273
|
+
before_action :correct_user, only: [:edit, :update]
|
274
|
+
|
275
|
+
before_action :admin_user, only: :destroy
|
276
|
+
|
277
|
+
|
278
|
+
|
279
|
+
def destroy
|
280
|
+
|
281
|
+
User.find(params[:id]).destroy
|
282
|
+
|
283
|
+
flash[:success] = "User deleted"
|
284
|
+
|
285
|
+
redirect_to users_url
|
286
|
+
|
287
|
+
end
|
288
|
+
|
289
|
+
|
290
|
+
|
291
|
+
def index
|
292
|
+
|
293
|
+
#@users = User.paginate(page: params[:page])
|
294
|
+
|
295
|
+
@users = User.where(activated: true).paginate(page: params[:page])
|
296
|
+
|
297
|
+
end
|
298
|
+
|
299
|
+
|
300
|
+
|
301
|
+
|
302
|
+
|
303
|
+
def show
|
304
|
+
|
305
|
+
@user = User.find_by(params[:id])
|
306
|
+
|
307
|
+
redirect_to root_url and return unless @user.activated?
|
308
|
+
|
309
|
+
@microposts = @user.microposts.paginate(page: params[:page])
|
310
|
+
|
311
|
+
end
|
312
|
+
|
313
|
+
|
314
|
+
|
315
|
+
def new
|
316
|
+
|
317
|
+
@user = User.new
|
318
|
+
|
319
|
+
end
|
320
|
+
|
321
|
+
|
322
|
+
|
323
|
+
def create
|
324
|
+
|
325
|
+
@user = User.new(user_params) # params[:user]実装は終わっていないことに注意!
|
326
|
+
|
327
|
+
#マスアサインメント脆弱性
|
328
|
+
|
329
|
+
if @user.save
|
330
|
+
|
331
|
+
@user.send_activation_email
|
332
|
+
|
333
|
+
flash[:info] = "Please check your email to activate your account."
|
334
|
+
|
335
|
+
redirect_to root_url
|
336
|
+
|
337
|
+
else
|
338
|
+
|
339
|
+
render 'new'
|
340
|
+
|
341
|
+
end
|
342
|
+
|
343
|
+
end
|
344
|
+
|
345
|
+
|
346
|
+
|
347
|
+
def edit
|
348
|
+
|
349
|
+
end
|
350
|
+
|
351
|
+
|
352
|
+
|
353
|
+
def update
|
354
|
+
|
355
|
+
if @user.update(user_params)
|
356
|
+
|
357
|
+
flash[:success] = "Profile updated"
|
358
|
+
|
359
|
+
redirect_to @user
|
360
|
+
|
361
|
+
#更新に成功した場合に扱う
|
362
|
+
|
363
|
+
else
|
364
|
+
|
365
|
+
render "edit"
|
366
|
+
|
367
|
+
end
|
368
|
+
|
369
|
+
end
|
370
|
+
|
371
|
+
|
372
|
+
|
373
|
+
private
|
374
|
+
|
375
|
+
|
376
|
+
|
377
|
+
def user_params
|
378
|
+
|
379
|
+
params.require(:user).permit(:name, :email, :password,
|
380
|
+
|
381
|
+
:password_confirmation)
|
382
|
+
|
383
|
+
end
|
384
|
+
|
385
|
+
|
386
|
+
|
387
|
+
# beforeアクション
|
388
|
+
|
389
|
+
|
390
|
+
|
391
|
+
# ログイン済みユーザーかどうか確認
|
392
|
+
|
393
|
+
def logged_in_user
|
394
|
+
|
395
|
+
unless logged_in?
|
396
|
+
|
397
|
+
store_location
|
398
|
+
|
399
|
+
flash[:danger] = "Please log in."
|
400
|
+
|
401
|
+
redirect_to login_url
|
402
|
+
|
403
|
+
end
|
404
|
+
|
405
|
+
end
|
406
|
+
|
407
|
+
|
408
|
+
|
409
|
+
# 正しいユーザーかどうか確認
|
410
|
+
|
411
|
+
def correct_user
|
412
|
+
|
413
|
+
@user = User.find(params[:id])
|
414
|
+
|
415
|
+
redirect_to(root_url) unless current_user?(@user)
|
416
|
+
|
417
|
+
end
|
418
|
+
|
419
|
+
|
420
|
+
|
421
|
+
#管理者かどうか確認
|
422
|
+
|
423
|
+
def admin_user
|
424
|
+
|
425
|
+
redirect_to(root_url) unless current_user.admin?
|
426
|
+
|
427
|
+
end
|
428
|
+
|
429
|
+
end
|
430
|
+
|
431
|
+
```
|
432
|
+
|
265
433
|
|
266
434
|
|
267
435
|
|