Objective: Use Rails to build a full-stack blog application. You will be building this app over the course of three evenings.
Your objective for this evening is to set up the users
resource of your blog and implement authentication, validations, and error-handling.
- Fork this repo, and clone it into your
develop
folder on your local machine. - Change directories into
rails_blog_app
, and runrake db:create db:migrate
from the Terminal. - Start your Rails server, then you're ready to go!
- RESTful routes for the
users
resource. Your app should have the following routes:GET /users
GET /users/new
(orGET /signup
)POST /users
GET /users/:id
GET /users/:id/edit
PUT /users/:id
and/orPATCH /users/:id
(Railsresources
generates both)DELETE /users/:id
- Controller actions for each of your RESTful routes that implement CRUD for
users
(for now, you can let any user update or delete another user in the database). - A
User
model and corresponding database table with the minimum attributesemail
andpassword_digest
. - Model validations on
User
:email
: presence, uniqueness, validates formatpassword
: presence, minimum 6 characters
- Error-handling in the
UsersController
that redirects the user if they submit invalid form data and shows a flash message with the error. - The ability for users to sign up with a secure password and log back into your site. You will need the following routes for authentication in addition to the RESTful routes listed above:
GET /login
POST /login
orPOST /sessions
GET /logout
If you get stuck at any point or need extra guidance, feel free to look at the solution branch or follow along with the Ruby on Rails Tutorial by Michael Hartl.
- Authorize your site by only letting users update and delete their own accounts. Hints:
- You'll need to check for the
current_user
in the view to determine whether or not to show the edit and delete buttons. You'll also need to check for thecurrent_user
in any controller method you want to authorize. - If
current_user
is the same@user
found by theid
in the URL params, the user is authorized to update and delete.
- You'll need to check for the
- Another step to authorization is making sure the
current_user
cannot sign up or log in again. Use thecurrent_user
method in your controllers to authorize those routes as well.
Refer to the solution_authorization branch for guidance.
- As you make code changes, frequently commit and push to GitHub.
- Once you've finished the assignment and pushed your work to GitHub, make a pull request from your fork to the original repo.