califa · May 8, 2011 20:53
diff --git a/_form.html.erb b/_form.html.erb
 <%= error_messages_for(@user) %>

 <table summary="User form fields">
  <% if @page_title == 'Create User' %>
  <tr>
    <th><%= f.label(:type, "User Type") %></th>
    <td><%= f.select(:type, ["Admin", "Teacher", "User"]) %></td>
  </tr>
  <% end %>
  <tr>
    <th><%= f.label(:email) %></th>
    <td><%= f.text_field(:email) %></td>
  </tr>
  <tr>
    <th><%= f.label(:password) %></th>
    <td><%= f.password_field(:password) %></td>
  </tr>
  <tr>
    <th><%= f.label(:first_name) %></th>
    <td><%= f.text_field(:first_name) %></td>
  </tr>
  <tr>
    <th><%= f.label(:last_name) %></th>
    <td><%= f.text_field(:last_name) %></td>
  </tr>
 </table>
diff --git a/new.html.erb b/new.html.erb
 <% @page_title = 'Create User' %>

 <%= link_to("<< Back to List", users_path, :class => 'back-link') %>

 <div class="user new">
  <h2>Create User</h2>

  <%= form_for(@user) do |f| %>

    <%= render(:partial => 'form', :locals => {:f => f} ) %>
  
    <div class="form-buttons">
      <%= submit_tag('Create User') %>
    </div>
  
  <% end %>
 </div>
diff --git a/user.rb b/user.rb
 class User  < ActiveRecord::Base

  attr_accessor :password

  EMAIL_REGEX = /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i

  validates :first_name, :presence => true, :length => { :maximum => 50 }
  validates :last_name, :presence => true, :length => { :maximum => 50 }
  validates :email, :presence => true, :length => { :maximum => 100 },
    :format => EMAIL_REGEX, :confirmation => true

  validates_uniqueness_of :email
  validates_length_of :password, :within => 8..25, :on => :create

  before_save :create_hashed_password
  after_save :clear_password

  scope :sorted_by_type, order("users.type ASC, users.last_name ASC, users.first_name ASC")

  attr_protected :hashed_password, :salt


 #  @child_classes = ["Admin", "Teacher", "Student"]

 #  def self.inherited(child)
 #    @child_classes << child
 #    super # important!
 #  end
 #
 #  def self.child_classes
 #    @child_classes
 #  end

 #  def self.inherited(child)
 #    child.instance_eval do
 #      def model_name
 #        self.model_name
 #      end
 #    end
 #    super
 #  end
 #
 #  def self.select_options
 #    subclasses.map{ |c| c.to_s }.sort
 #  end

  def name
    "#{first_name} #{last_name}"
  end

  def list_name
    "#{last_name}, #{first_name}"
  end

 #  def self.inherited(child)
 #    child.instance_eval do
 #      def model_name
 #        User.model_name
 #      end
 #    end
 #    super
 #  end

  def self.authenticate(email="", password="")
    user = self.find_by_email(email)
    if user && user.password_match?(password)
      return user
    else
      return false
    end
  end

  # The same password string with the same hash method and salt
  # should always generate the same hashed_password.
  def password_match?(password="")
    hashed_pass == self.class.hash_with_salt(password, salt)
  end

  def self.make_salt(email="")
    Digest::SHA1.hexdigest("Use #{email} with #{Time.now} to make salt")
  end

  def self.hash_with_salt(password="", salt="")
    Digest::SHA1.hexdigest("Put #{salt} on the #{password}")
  end

  protected

  def create_hashed_password
    # Whenever :password has a value hashing is needed
    unless password.blank?
      self.salt = self.class.make_salt(email) if salt.blank?
      self.hashed_pass = self.class.hash_with_salt(password, salt)
    end
  end

  def clear_password
    # for security and b/c hashing is not needed
    self.password = nil
  end


  private

  def attributes_protected_by_default
    super - [self.class.type]
  end
 end
diff --git a/users_controller.rb b/users_controller.rb
 class UsersController < ApplicationController

  before_filter :confirm_logged_in
  
  def index
    list
    render('list')
  end
  
  def list
    @users = User.sorted_by_type
  end

  def new
    @user = User.new
 #    @possible_classes = User.child_classes
  end

 #  def new_admin
 #    @user = Admin.new
 #  end
 #
 #  def new_teacher
 #    @user = Teacher.new
 #  end
 #
 #  def new_student
 #    @user = Student.new
 #  end

  def create
    @user = User.new(params[:user])
    if @user.save
      flash[:notice] = "#{params[:type]} user created."
      redirect_to(users_path)
    else
 #      @possible_classes = User.child_classes
      render("new")
    end
  end

  def edit
    @user = User.find(params[:id])
  end
  
  def update
    @user = User.find(params[:id])
    if @user.update_attributes(params[:user])
      flash[:notice] = 'User updated.'
      redirect_to(users_path)
    else
 #      @possible_classes = User.child_classes
      render("edit")
    end
  end

  def delete
    @user = User.find(params[:id])
  end

  def destroy
    User.find(params[:id]).destroy
    flash[:notice] = "User destroyed."
    redirect_to(users_path)
  end
  
  
 end
	<%= error_messages_for(@user) %>

	<table summary="User form fields">
	<% if @page_title == 'Create User' %>
	<tr>
	<th><%= f.label(:type, "User Type") %></th>
	<td><%= f.select(:type, ["Admin", "Teacher", "User"]) %></td>
	</tr>
	<% end %>
	<tr>
	<th><%= f.label(:email) %></th>
	<td><%= f.text_field(:email) %></td>
	</tr>
	<tr>
	<th><%= f.label(:password) %></th>
	<td><%= f.password_field(:password) %></td>
	</tr>
	<tr>
	<th><%= f.label(:first_name) %></th>
	<td><%= f.text_field(:first_name) %></td>
	</tr>
	<tr>
	<th><%= f.label(:last_name) %></th>
	<td><%= f.text_field(:last_name) %></td>
	</tr>
	</table>
	<% @page_title = 'Create User' %>

	<%= link_to("<< Back to List", users_path, :class => 'back-link') %>

	<div class="user new">
	<h2>Create User</h2>

	<%= form_for(@user) do \|f\| %>

	<%= render(:partial => 'form', :locals => {:f => f} ) %>

	<div class="form-buttons">
	<%= submit_tag('Create User') %>
	</div>

	<% end %>
	</div>
	class User < ActiveRecord::Base

	attr_accessor :password

	EMAIL_REGEX = /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i

	validates :first_name, :presence => true, :length => { :maximum => 50 }
	validates :last_name, :presence => true, :length => { :maximum => 50 }
	validates :email, :presence => true, :length => { :maximum => 100 },
	:format => EMAIL_REGEX, :confirmation => true

	validates_uniqueness_of :email
	validates_length_of :password, :within => 8..25, :on => :create

	before_save :create_hashed_password
	after_save :clear_password

	scope :sorted_by_type, order("users.type ASC, users.last_name ASC, users.first_name ASC")

	attr_protected :hashed_password, :salt


	# @child_classes = ["Admin", "Teacher", "Student"]

	# def self.inherited(child)
	# @child_classes << child
	# super # important!
	# end
	#
	# def self.child_classes
	# @child_classes
	# end

	# def self.inherited(child)
	# child.instance_eval do
	# def model_name
	# self.model_name
	# end
	# end
	# super
	# end
	#
	# def self.select_options
	# subclasses.map{ \|c\| c.to_s }.sort
	# end

	def name
	"#{first_name} #{last_name}"
	end

	def list_name
	"#{last_name}, #{first_name}"
	end

	# def self.inherited(child)
	# child.instance_eval do
	# def model_name
	# User.model_name
	# end
	# end
	# super
	# end

	def self.authenticate(email="", password="")
	user = self.find_by_email(email)
	if user && user.password_match?(password)
	return user
	else
	return false
	end
	end

	# The same password string with the same hash method and salt
	# should always generate the same hashed_password.
	def password_match?(password="")
	hashed_pass == self.class.hash_with_salt(password, salt)
	end

	def self.make_salt(email="")
	Digest::SHA1.hexdigest("Use #{email} with #{Time.now} to make salt")
	end

	def self.hash_with_salt(password="", salt="")
	Digest::SHA1.hexdigest("Put #{salt} on the #{password}")
	end

	protected

	def create_hashed_password
	# Whenever :password has a value hashing is needed
	unless password.blank?
	self.salt = self.class.make_salt(email) if salt.blank?
	self.hashed_pass = self.class.hash_with_salt(password, salt)
	end
	end

	def clear_password
	# for security and b/c hashing is not needed
	self.password = nil
	end


	private

	def attributes_protected_by_default
	super - [self.class.type]
	end
	end
	class UsersController < ApplicationController

	before_filter :confirm_logged_in

	def index
	list
	render('list')
	end

	def list
	@users = User.sorted_by_type
	end

	def new
	@user = User.new
	# @possible_classes = User.child_classes
	end

	# def new_admin
	# @user = Admin.new
	# end
	#
	# def new_teacher
	# @user = Teacher.new
	# end
	#
	# def new_student
	# @user = Student.new
	# end

	def create
	@user = User.new(params[:user])
	if @user.save
	flash[:notice] = "#{params[:type]} user created."
	redirect_to(users_path)
	else
	# @possible_classes = User.child_classes
	render("new")
	end
	end

	def edit
	@user = User.find(params[:id])
	end

	def update
	@user = User.find(params[:id])
	if @user.update_attributes(params[:user])
	flash[:notice] = 'User updated.'
	redirect_to(users_path)
	else
	# @possible_classes = User.child_classes
	render("edit")
	end
	end

	def delete
	@user = User.find(params[:id])
	end

	def destroy
	User.find(params[:id]).destroy
	flash[:notice] = "User destroyed."
	redirect_to(users_path)
	end


	end