Allow users to be created/updated

Author: Ryan Closner

app/controllers/users_controller.rb

@@ -1,9 +1,12 @@
 class UsersController < ApplicationController
-  before_action :set_user, only: [:edit, :update,:destroy]
+  before_action :set_user, only: [:edit, :update, :approve, :destroy]
   before_action :authenticate_user!
   before_action :check_admin
   before_action :count_admins
 
+  def new
+    @user = User.new
+  end
 
   def index
     if params[:approved] == "false"
@@ -30,24 +33,33 @@ def update
   end
 
   def destroy
-    if current_user.admin?
-      if @user.destroy
-        redirect_to users_path, notice: "User was successfully deleted."
-      else
-        redirect_to :back, alert: "An error occurred when deleting the user."
-      end
+    if @user.destroy
+      redirect_to users_path, notice: "User was successfully deleted."
+    else
+      redirect_to :back, alert: "An error occurred when deleting the user."
+    end
+  end
+
+  def create
+    @user = User.new(user_params)
+
+    if @user.save
+      redirect_to users_path, notice: "User was successfully created."
     else
-      redirect_to :back, alert: "Your account is not authorized to delete users."
+      render :new
     end
   end
 
+  def approve
+  end
+
   private
     def set_user
       @user = User.find(params[:id])
     end
 
     def user_params
-      params.require(:user).permit(:approved, :organization_id, :admin)
+      params.require(:user).permit(:approved, :organization_id, :admin, :password, :password_confirmation, :email)
     end
 
     def check_admin

app/views/users/_form.html

@@ -12,7 +12,7 @@ <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from bein
   <% end %>
 
   <div class="field">
-    <span class='h3-Edit'><%= f.label :email %></span><span class='formAnswer'><%= @user.email %></span>
+    <span class='h3-Edit'><%= f.label :email %></span><span class='formAnswer'><%= f.text_field(:email) %></span>
   </div>
   <div class="field">
     <span class='h3-Edit'><%= f.label :approved %></span>
@@ -23,6 +23,17 @@ <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from bein
     <!-- <%= f.text_field :organization %> -->
     <%= f.select :organization_id, Organization.all.collect{ |org| [org.code, org.id]}, include_blank: true %>
   </div>
+  <div class="field">
+    <span class='h3-Edit'><%= f.label :password %></span>
+    <!-- <%= f.text_field :organization %> -->
+    <%= f.password_field(:password) %>
+  </div>
+  <div class="field">
+    <span class='h3-Edit'><%= f.label :password_confirmation %></span>
+    <!-- <%= f.text_field :organization %> -->
+    <%= f.password_field(:password_confirmation) %>
+  </div>
+
   <div class="field">
     <span class='h3-Edit'><%= f.label :admin %></span>
     <% if (@user.admin) && (@admin_count == 1) %>
@@ -35,4 +46,4 @@ <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from bein
   <div class="actions">
     <%= f.submit %>
   </div>
-<% end %>
+<% end %>

app/views/users/approve.html

@@ -0,0 +1,48 @@
+<h1>User Approval</h1>
+
+<div class='formContent'>
+  <%= form_for(@user) do |f| %>
+  <% if @user.errors.any? %>
+  <div id="error_explanation">
+    <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
+
+    <ul>
+      <% @user.errors.full_messages.each do |msg| %>
+      <li><%= msg %></li>
+      <% end %>
+    </ul>
+  </div>
+  <% end %>
+
+  <div class="field">
+    <span class='h3-Edit'><%= f.label :email %></span><span class='formAnswer'><%= @user.email %></span>
+  </div>
+  <div class="field">
+    <span class='h3-Edit'><%= f.label :approved %></span>
+    <%= f.check_box :approved %>
+  </div>
+  <div class="field">
+    <span class='h3-Edit'><%= f.label :organization %></span>
+    <!-- <%= f.text_field :organization %> -->
+    <%= f.select :organization_id, Organization.all.collect{ |org| [org.code, org.id]}, include_blank: true %>
+  </div>
+  <div class="field">
+    <span class='h3-Edit'><%= f.label :admin %></span>
+    <% if (@user.admin) && (@admin_count == 1) %>
+    <span class='finePrint'><%= f.check_box :admin, disabled: true %>
+      (Note:  You can't deselect the only admin account.)</span>
+    <% else %>
+    <%= f.check_box :admin %>
+    <% end %>
+  </div>
+  <div class="actions">
+    <%= f.submit %>
+  </div>
+  <% end %>
+</div>
+
+<div class='formButtons'>
+  <!--back button <span class='addNewButton'>	
+    <%= link_to 'Back', users_path %>
+  </span> -->	  
+</div>

app/views/users/edit.html

@@ -1,4 +1,4 @@
-<h1>User Approval</h1>
+<h1>Edit User</h1>
 
 <div class='formContent'>
 	<%= render 'form' %>
@@ -8,4 +8,4 @@ <h1>User Approval</h1>
 	<!--back button <span class='addNewButton'>	
 		<%= link_to 'Back', users_path %>
 	</span> -->	  
-</div>
+</div>

app/views/users/index.html

@@ -26,7 +26,7 @@ <h1>Users</h1>
       <td><%= user.approved %></td>
       <td><%= user.admin? %></td>
       <td><%= user.organization.code if user.organization %></td>
-      <td><%= link_to "Edit", edit_user_path(user), :class => "tableLink" %></td>
+      <td><%= link_to "Edit", approve_user_path(user), :class => "tableLink" %></td>
       <% if user == current_user %>
         <td>Delete</td>
       <% else %>
@@ -35,3 +35,9 @@ <h1>Users</h1>
     </tr>
   <% end %>
 </table>
+
+<div class='formButtons'>
+  <% if current_user.admin? %>
+  <span class='buttonBelow'><%= link_to 'Add New User', new_user_path%></span>
+  <% end %>
+</div>

app/views/users/new.html

@@ -0,0 +1,11 @@
+<h1>New User</h1>
+
+<div class='formContent'>
+	<%= render 'form' %>
+</div>
+
+<div class='formButtons'>
+	<!--back button <span class='addNewButton'>	
+		<%= link_to 'Back', users_path %>
+	</span> -->	  
+</div>

config/routes.rb

@@ -4,7 +4,11 @@
   devise_for :users, :controllers => { :registrations => "registrations" }
 
   scope "/admin" do
-    resources :users
+    resources :users do
+      member do
+        get :approve
+      end
+    end
   end
 
   resources :trailsegments do