Alonessix/sessions_helper.rb Secret

## sessions_helper.rb
module SessionsHelper
  def sign_in(user)
    remember_token = User.new_remember_token
    cookies.permanent[:remember_token] = remember_token
    user.update_attributes(remember_token: User.digest(remember_token),
                           online: true)
    self.current_user = user
  end

  def sign_out
    current_user.update_attributes(remember_token: User.digest(User.new_remember_token),
                                   online: true)
    cookies.delete(:remember_token)
    self.current_user = nil
  end

  def online?(user)
    return true if user.online?
    return false if !user.online?
  end

  def signed_in?
    !current_user.nil?
  end

  def current_user=(user)
    @current_user = user
  end

  def current_user
    remember_token = User.digest(cookies[:remember_token])
    @current_user ||= User.find_by(remember_token: remember_token)
  end

  def current_user?(user)
    user == current_user
  end

  def require_authentication
    unless signed_in?
      store_location
      redirect_to login_url, :notice => "You must log in to do that."
    end
  end

  def correct_user
    @user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
    redirect_to(root_url) unless current_user?(@user)
  end

  def admin_user
    redirect_to(root_url) unless current_user.group.permissions =~ /ModerateSite/ or current_user.id == 1
  end

  def redirect_back_or(default)
    redirect_to(session[:return_to] || default)
    session.delete(:return_to)
  end

  def store_location
    session[:return_to] = request.url if request.get?
  end
end

## user.rb
class User < ActiveRecord::Base
  belongs_to :group
  has_many :microposts, dependent: :destroy
  has_many :relationships, foreign_key: "follower_id", dependent: :destroy
  has_many :reverse_relationships, foreign_key: "followed_id",
                                   class_name: "Relationship",
                                   dependent: :destroy
  has_many :followed_users, through: :relationships, source: :followed
  has_many :followers, through: :reverse_relationships, source: :follower

  before_save { self.email = email.downcase }
  after_find  { self.group.who_can_manage = self.group.who_can_manage.split(" ") }
  before_save :create_remember_token
  validates :name,  presence: true, length: { maximum: 50 }
  ValidEmailRegex = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
  validates :email, presence: true, format: { with: ValidEmailRegex },
                    uniqueness: { case_sensitive: false }
  validates :password, length: { minimum: 6 }
  validates :username, length: { within: 3..18 },
                       uniqueness: { case_sensitive: false },
                       format: { with: /[a-zA-Z0-9_.-]+/ }

  validates :terms_of_service, acceptance: true, on: :create

  has_secure_password
  def feed
    Micropost.from_users_followed_by(self)
  end

  def following?(other_user)
    relationships.find_by(followed_id: other_user.id)
  end

  def follow!(other_user)
    relationships.create!(followed_id: other_user.id)
  end

  def unfollow!(other_user)
    relationships.find_by(followed_id: other_user.id).destroy
  end

  def User.new_remember_token
    SecureRandom.urlsafe_base64
  end

  def User.digest(token)
    Digest::SHA1.hexdigest(token.to_s)
  end
  private
    def create_remember_token
      self.remember_token = User.digest(User.new_remember_token)
    end
end

## users_controller.rb
class UsersController < ApplicationController
  before_action :require_authentication,
                only: [:index, :edit, :update, :destroy, :following, :followers]
  before_action :correct_user,
                only: [:edit, :update]
  before_action :admin_user, only: [:destroy]
  layout :user_layout

  def index
    @users = User.paginate(:page => params[:page])
  end

  def new
    @user = User.new
  end

  def create
    @user = User.new(create_params)
    if @user.save
      sign_in @user
      flash[:success] = "Welcome to #{site_name}! Enjoy your time here."
      redirect_to user_path @user.username
    else
      render 'new'
    end
  end

  def edit
    @user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
  end

  def update
    @user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
    if @user.update_attributes(update_params)
      flash[:success] = "Profile updated."
      redirect_to user_path(@user.username)
    else
      render 'edit'
    end
  end

  def show
    @user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
    @microposts = @user.microposts.paginate(page: params[:page])
  end

  def destroy
    @user = User.find(params[:id])
    if @user.id != 1
      @user.destroy
      flash[:success] = "User removed."
      redirect_to users_url
    else
      flash[:error] = "You cannot remove the main admin."
    end
  end

  def following
    @title = "Following"
    @user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
    @users = @user.followed_users.paginate(page: params[:page])
    render 'show_follow'
  end

  def followers
    @title = "Followers"
    @user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
    @users = @user.followers.paginate(page: params[:page])
    render 'show_follow'
  end

  private
    def create_params
      params.require(:user).permit(:name, :email, :username,
                                   :password, :password_confirmation)
    end

    def update_params
      if current_user? and signed_in?
        params.require(:user).permit(:name, :email, :password, :password_confirmation,
                                     :bio)
      elsif current_user.group.id == 1 or current_user.id == 1 or current_user.group.permissions =~ /ModerateSite/
        params.require(:user).permit(:name, :email, :password, :password_confirmation,
                                     :bio, :credits, :group_id)
      else

      end
    end

    def user_layout
      if action_name == 'show'
        "show_user"
      else
        "application"
      end
    end
end
	module SessionsHelper
	def sign_in(user)
	remember_token = User.new_remember_token
	cookies.permanent[:remember_token] = remember_token
	user.update_attributes(remember_token: User.digest(remember_token),
	online: true)
	self.current_user = user
	end

	def sign_out
	current_user.update_attributes(remember_token: User.digest(User.new_remember_token),
	online: true)
	cookies.delete(:remember_token)
	self.current_user = nil
	end

	def online?(user)
	return true if user.online?
	return false if !user.online?
	end

	def signed_in?
	!current_user.nil?
	end

	def current_user=(user)
	@current_user = user
	end

	def current_user
	remember_token = User.digest(cookies[:remember_token])
	@current_user \|\|= User.find_by(remember_token: remember_token)
	end

	def current_user?(user)
	user == current_user
	end

	def require_authentication
	unless signed_in?
	store_location
	redirect_to login_url, :notice => "You must log in to do that."
	end
	end

	def correct_user
	@user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
	redirect_to(root_url) unless current_user?(@user)
	end

	def admin_user
	redirect_to(root_url) unless current_user.group.permissions =~ /ModerateSite/ or current_user.id == 1
	end

	def redirect_back_or(default)
	redirect_to(session[:return_to] \|\| default)
	session.delete(:return_to)
	end

	def store_location
	session[:return_to] = request.url if request.get?
	end
	end
	class User < ActiveRecord::Base
	belongs_to :group
	has_many :microposts, dependent: :destroy
	has_many :relationships, foreign_key: "follower_id", dependent: :destroy
	has_many :reverse_relationships, foreign_key: "followed_id",
	class_name: "Relationship",
	dependent: :destroy
	has_many :followed_users, through: :relationships, source: :followed
	has_many :followers, through: :reverse_relationships, source: :follower

	before_save { self.email = email.downcase }
	after_find { self.group.who_can_manage = self.group.who_can_manage.split(" ") }
	before_save :create_remember_token
	validates :name, presence: true, length: { maximum: 50 }
	ValidEmailRegex = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
	validates :email, presence: true, format: { with: ValidEmailRegex },
	uniqueness: { case_sensitive: false }
	validates :password, length: { minimum: 6 }
	validates :username, length: { within: 3..18 },
	uniqueness: { case_sensitive: false },
	format: { with: /[a-zA-Z0-9_.-]+/ }

	validates :terms_of_service, acceptance: true, on: :create

	has_secure_password
	def feed
	Micropost.from_users_followed_by(self)
	end

	def following?(other_user)
	relationships.find_by(followed_id: other_user.id)
	end

	def follow!(other_user)
	relationships.create!(followed_id: other_user.id)
	end

	def unfollow!(other_user)
	relationships.find_by(followed_id: other_user.id).destroy
	end

	def User.new_remember_token
	SecureRandom.urlsafe_base64
	end

	def User.digest(token)
	Digest::SHA1.hexdigest(token.to_s)
	end
	private
	def create_remember_token
	self.remember_token = User.digest(User.new_remember_token)
	end
	end
	class UsersController < ApplicationController
	before_action :require_authentication,
	only: [:index, :edit, :update, :destroy, :following, :followers]
	before_action :correct_user,
	only: [:edit, :update]
	before_action :admin_user, only: [:destroy]
	layout :user_layout

	def index
	@users = User.paginate(:page => params[:page])
	end

	def new
	@user = User.new
	end

	def create
	@user = User.new(create_params)
	if @user.save
	sign_in @user
	flash[:success] = "Welcome to #{site_name}! Enjoy your time here."
	redirect_to user_path @user.username
	else
	render 'new'
	end
	end

	def edit
	@user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
	end

	def update
	@user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
	if @user.update_attributes(update_params)
	flash[:success] = "Profile updated."
	redirect_to user_path(@user.username)
	else
	render 'edit'
	end
	end

	def show
	@user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
	@microposts = @user.microposts.paginate(page: params[:page])
	end

	def destroy
	@user = User.find(params[:id])
	if @user.id != 1
	@user.destroy
	flash[:success] = "User removed."
	redirect_to users_url
	else
	flash[:error] = "You cannot remove the main admin."
	end
	end

	def following
	@title = "Following"
	@user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
	@users = @user.followed_users.paginate(page: params[:page])
	render 'show_follow'
	end

	def followers
	@title = "Followers"
	@user = User.where("lower(username) = :user", { :user => params[:id].downcase }).first
	@users = @user.followers.paginate(page: params[:page])
	render 'show_follow'
	end

	private
	def create_params
	params.require(:user).permit(:name, :email, :username,
	:password, :password_confirmation)
	end

	def update_params
	if current_user? and signed_in?
	params.require(:user).permit(:name, :email, :password, :password_confirmation,
	:bio)
	elsif current_user.group.id == 1 or current_user.id == 1 or current_user.group.permissions =~ /ModerateSite/
	params.require(:user).permit(:name, :email, :password, :password_confirmation,
	:bio, :credits, :group_id)
	else

	end
	end

	def user_layout
	if action_name == 'show'
	"show_user"
	else
	"application"
	end
	end
	end