Add basic authentication to ApplicationController and implement CRUD actions for PostsController

tuanle03 · tuanle03 · commit 9e10fad902ed · 2023-12-21T15:30:01.000+07:00
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,2 +1,12 @@
 class ApplicationController < ActionController::Base
+  before_action :authenticate
+
+  private
+
+  def authenticate
+    authenticate_or_request_with_http_basic do |username, password|
+      username == Rails.application.credentials.dig(:basic_auth, :admin_username) &&
+        password == Rails.application.credentials.dig(:basic_auth, :admin_password)
+    end
+  end
 end
diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
@@ -1,57 +1,52 @@
 class PostsController < ApplicationController
+  before_action :set_post, only: %i[show edit update destroy]
+
   def index
     @posts = Post.all
   end
 
   def show
-    @post = Post.find_by_id(params[:id])
+    @post = Post.friendly.find(params[:id])
   end
 
   def new
     @post = Post.new
+    @post.save
   end
 
   def create
-    post = Post.new(params[:post])
-
-    if post.save
-      redirect_to posts_path
+    @post = Post.new(post_params)
+    if @post.save
+      redirect_to posts_path, notice: 'Post was successfully created.'
     else
       render :new
     end
   end
 
   def edit
-    @post = Post.find_by_id(params[:id])
-
-    if @post.nil?
-      redirect_to posts_path
-    end
+    @post = Post.friendly.find(params[:id])
   end
 
   def update
-    post = Post.find_by_id(params[:id])
-
-    if post.update_attributes(params[:post])
-      redirect_to posts_path
+    if @post.update(post_params)
+      redirect_to posts_path, notice: 'Post was successfully updated.'
     else
       render :edit
     end
   end
 
   def destroy
-    post = Post.find_by_id(params[:id])
-
-    if post.destroy
-      redirect_to posts_path, notice: "Post deleted"
-    else
-      redirect_to posts_path, notice: "Post could not be deleted"
-    end
+    @post.destroy
+    redirect_to posts_path, notice: 'Post was successfully destroyed.'
   end
 
   private
 
+  def set_post
+    @post = Post.friendly.find(params[:id])
+  end
+
   def post_params
-    params.require(:post).permit(:user_id, :title, :body, :status, :total_view)
+    params.require(:post).permit(:title, :body, :user_id, :status)
   end
 end
diff --git a/app/models/post.rb b/app/models/post.rb
@@ -2,6 +2,8 @@ class Post < ApplicationRecord
   extend FriendlyId
   friendly_id :title, use: :slugged
 
+  enum status: { approved: 'approved', pending: 'pending', rejected: 'rejected' }
+
   validates :title, presence: true
 
   belongs_to :user
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
@@ -3,6 +3,7 @@
   <head>
     <title>CodeLearnApi</title>
     <meta name="viewport" content="width=device-width,initial-scale=1">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
     <%= csrf_meta_tags %>
     <%= csp_meta_tag %>
 
@@ -13,4 +14,6 @@
   <body>
     <%= yield %>
   </body>
+
+  <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL" crossorigin="anonymous"></script>
 </html>
diff --git a/app/views/posts/_form.html.erb b/app/views/posts/_form.html.erb
@@ -0,0 +1,43 @@
+<div class="container">
+  <%= form_with(model: post, local: true, url: post.persisted? ? post_path(post) : posts_path, method: post.persisted? ? :patch : :post) do |form| %>
+    <div class="row justify-content-center">
+      <div class="col-md-6">
+        <% if post.errors.any? %>
+          <div class="alert alert-danger" role="alert">
+            <h2><%= pluralize(post.errors.count, 'error') %> prohibited this post from being saved:</h2>
+
+            <ul>
+              <% post.errors.full_messages.each do |message| %>
+                <li><%= message %></li>
+              <% end %>
+            </ul>
+          </div>
+        <% end %>
+
+        <div class="mb-3">
+          <%= form.label :user_id, class: 'form-label' %>
+          <%= form.collection_select :user_id, User.all, :id, :email, { include_blank: true }, class: 'form-control' %>
+        </div>
+
+        <div class="mb-3">
+          <%= form.label :title, class: 'form-label' %>
+          <%= form.text_field :title, class: 'form-control' %>
+        </div>
+
+        <div class="mb-3">
+          <%= form.label :body, class: 'form-label' %>
+          <%= form.text_area :body, class: 'form-control' %>
+        </div>
+
+        <div class="mb-3">
+          <%= form.label :status, class: 'form-label' %>
+          <%= form.select :status, Post.statuses.keys, class: 'form-control' %>
+        </div>
+
+        <div class="mb-3">
+          <%= form.submit post.persisted? ? 'Update' : 'Create', class: 'btn btn-primary' %>
+        </div>
+      </div>
+    </div>
+  <% end %>
+</div>
diff --git a/app/views/posts/edit.html.erb b/app/views/posts/edit.html.erb
@@ -0,0 +1,7 @@
+<div class="container mt-5">
+  <h1>New Post</h1>
+
+  <%= render 'form', post: @post %>
+
+  <%= link_to 'Back', posts_path, class: 'btn btn-secondary mt-3' %>
+</div>
diff --git a/app/views/posts/index.html.erb b/app/views/posts/index.html.erb
@@ -0,0 +1,30 @@
+<div class="container mt-5">
+  <h1>Posts</h1>
+
+  <%= link_to 'New Post', new_post_path, class: 'btn btn-primary mb-3' %>
+
+  <table class="table">
+    <thead>
+      <tr>
+        <th>Title</th>
+        <th>Body</th>
+        <th>Action</th>
+      </tr>
+    </thead>
+
+    <tbody>
+      <% @posts.each do |post| %>
+        <tr>
+          <td><%= post.title %></td>
+          <td><%= post.body %></td>
+          <td>
+            <%= link_to 'Edit', edit_post_path(post), class: 'btn btn-warning btn-sm mr-1' %>
+            <%= form_with(model: post, local: false, method: :delete, data: { confirm: 'Are you sure?' }) do |form| %>
+              <%= form.submit 'Destroy', class: 'btn btn-danger btn-sm' %>
+            <% end %>
+          </td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+</div>
diff --git a/app/views/posts/new.html.erb b/app/views/posts/new.html.erb
@@ -0,0 +1,7 @@
+<div class="container mt-5">
+  <h1>New Post</h1>
+
+  <%= render 'form', post: @post %>
+
+  <%= link_to 'Back', posts_path, class: 'btn btn-secondary mt-3' %>
+</div>
diff --git a/app/views/posts/show.html.erb b/app/views/posts/show.html.erb
@@ -0,0 +1,5 @@
+<div class="container mt-5">
+  <h1><%= @post.title %></h1>
+  <p><%= @post.body %></p>
+  <%= link_to 'Back', posts_path, class: 'btn btn-secondary' %>
+</div>
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
@@ -1 +1 @@
-/5yz8VLM7DrJNIrILtZxu+A7/+223BmNBsZB1KfSeqbQsEMkmSEWLF+YOzG2ETtbj41pqGupTCf0akiy3n9dX1mnVFAA+/C3OjvGZVjxhTdR9Rt/Co+vahMoCP1mZRf59l0eV3yAvuNjjFpqleuNVeCbxuK8xHz1ENvCUg8qK0bqRfTx/2nkDidz2eeFj8MNh8kIZqpfiuZRo6RIfePQOc6XBjefeua5mXMecv0MxnU/wjBYZLPO70EO6mwGDFLybrFzqG1pB7GBzLWgqIHiEg4G8KKbAgVRss4HQI6gyboU46B56aZOO1lMQKR5LGCOxT5Ihs9PyLb1kSXbz81QBIUul1oBV3f5CbQo39l0d83hwFLgVN/je4PrcYOiOPsPqghQ/kygbT6/VD3s6KaIiI3fHbVMbWv/O1VL4j9CJq5T+rgA1fp8l16kW8xFyZr4sgBhSy3qvaKsZkAqyMl3lkjUmqQvcURrynvirIEPExiKYs4HEgksiNHwvAQpRJDK4vlkfgSvWZD8CJybtq/WlpA4mJpgejNJ52kczEvp6aZPC2KHLiLy1neDAuXNn+zKiy0Qz86lOtn5Bi7YgyMD8jU9QrfKkwvar0U2XBqwviIUmV5oWJ6SsJ+OsuhFJEKr5+Feb4Vhv4W+BEKiBTjB1v8D9KU2+3rvDJVBQjviSKvGR5U0Il3q8q3fU5Hv+ncJ8SH50hO81smGjhJJCUpww/bRZUpNzE3CJC8/Jo2EsAy2BPvqk3Z1uU168yc0ehm1fq6AHY7BLYojLykO345aw8u08v0gsVPU3p57PLeSvJMCUQOBRiCUUYVvDfRwZ9bpZS+JLWLdwTQ=--6K39PbTRHgLrjOAj--QfO8wiryYSc3K9VzQPLT8A==
+jWiOipgnTmWwOTESv5LI97s89okNkWyeM0h6x2IFzWjErEaIYMj/0oJ1g6RRWu6K743BGjLLJ+G1puwDmAuMLiXaTtfBvmpBQQ8RGGQBiV8tsm76XEJ20nvZkDd4RsVK28R20FpqtMVoZOZSxIa7PMwI8yPnx3exkTkX9A7nDOrcYx6MGsiBR0a5aSAXyG+GymNjyQLlxODTLn269kggQz8j0xcUnuO8Vcz9QAmROLfgUop/pz9jSIiRecIYNQc5LgWLQXJTqzeOKFYxOvBo6pepj7gLi/RfF2H9WagsTixdB3dumeoDxnuoTNplTuBhp5gAe4pHsZ92MOp3Z9VagBLtzudekXoFjf5g7+Hev7uruaN4T8zTmmHuz1tKp2OktOoW9m6f2I+1wWOwxqXrFkrNfkpPOhDuiQZOyxnJyJxE3dxafjY6fQFiGhaI+Vp4gqB+720Us3d6D9m0rGgeEdPkW952iUq6FB2/6hTuAN/3vu+qt/dl50id5w8raL7FVscxgEPrxNwNZXPZGIHe1z5theIjelQNPrEk6OG7iXWJkNvXl31k+cy362YDzW3BIDjLvEpi274eq/LstMLrD8K7h/PUpf1JMZzpsImmIWct0ke1fh2e2Oj+lEzv2RuEZOlEhJkJ9GLBj3k/jfZ5QCpo4Go+xmzUVHwKexVfN5yk7wcfMRYqYTsFykshiIyZwtZetFUuGOy0AXtY7xTSLsDBkEszstntXsigEO186/usSq24smUErqzeU4T8/Am5NWQBs4z3Cq7I3OcH+zBGR6Idki2KvBRrA+yCHVzl/HookbQ+PFsZCBu/dtlYWmpGrK2QQ+WRYvyNudR+Z0i0mQXi14LrNK6d00REBnD93qeSJNLcASwpqT710A/aIOM484mkIfJvBHYteaE8VSxW55kU--1buqB+yo4Fujg3pf--fYhR0a9I/CKZT56p841tew==
diff --git a/config/routes.rb b/config/routes.rb
@@ -5,6 +5,8 @@
   # Defines the root path route ("/")
   # root "articles#index"
   get '/docs', to: 'docs#index'
+  resources :posts
+  root 'posts#index'
 
   mount ApplicationAPI => '/api'
   mount Blazer::Engine => '/mio'

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-/5yz8VLM7DrJNIrILtZxu+A7/+223BmNBsZB1KfSeqbQsEMkmSEWLF+YOzG2ETtbj41pqGupTCf0akiy3n9dX1mnVFAA+/C3OjvGZVjxhTdR9Rt/Co+vahMoCP1mZRf59l0eV3yAvuNjjFpqleuNVeCbxuK8xHz1ENvCUg8qK0bqRfTx/2nkDidz2eeFj8MNh8kIZqpfiuZRo6RIfePQOc6XBjefeua5mXMecv0MxnU/wjBYZLPO70EO6mwGDFLybrFzqG1pB7GBzLWgqIHiEg4G8KKbAgVRss4HQI6gyboU46B56aZOO1lMQKR5LGCOxT5Ihs9PyLb1kSXbz81QBIUul1oBV3f5CbQo39l0d83hwFLgVN/je4PrcYOiOPsPqghQ/kygbT6/VD3s6KaIiI3fHbVMbWv/O1VL4j9CJq5T+rgA1fp8l16kW8xFyZr4sgBhSy3qvaKsZkAqyMl3lkjUmqQvcURrynvirIEPExiKYs4HEgksiNHwvAQpRJDK4vlkfgSvWZD8CJybtq/WlpA4mJpgejNJ52kczEvp6aZPC2KHLiLy1neDAuXNn+zKiy0Qz86lOtn5Bi7YgyMD8jU9QrfKkwvar0U2XBqwviIUmV5oWJ6SsJ+OsuhFJEKr5+Feb4Vhv4W+BEKiBTjB1v8D9KU2+3rvDJVBQjviSKvGR5U0Il3q8q3fU5Hv+ncJ8SH50hO81smGjhJJCUpww/bRZUpNzE3CJC8/Jo2EsAy2BPvqk3Z1uU168yc0ehm1fq6AHY7BLYojLykO345aw8u08v0gsVPU3p57PLeSvJMCUQOBRiCUUYVvDfRwZ9bpZS+JLWLdwTQ=--6K39PbTRHgLrjOAj--QfO8wiryYSc3K9VzQPLT8A==
	`1`	+jWiOipgnTmWwOTESv5LI97s89okNkWyeM0h6x2IFzWjErEaIYMj/0oJ1g6RRWu6K743BGjLLJ+G1puwDmAuMLiXaTtfBvmpBQQ8RGGQBiV8tsm76XEJ20nvZkDd4RsVK28R20FpqtMVoZOZSxIa7PMwI8yPnx3exkTkX9A7nDOrcYx6MGsiBR0a5aSAXyG+GymNjyQLlxODTLn269kggQz8j0xcUnuO8Vcz9QAmROLfgUop/pz9jSIiRecIYNQc5LgWLQXJTqzeOKFYxOvBo6pepj7gLi/RfF2H9WagsTixdB3dumeoDxnuoTNplTuBhp5gAe4pHsZ92MOp3Z9VagBLtzudekXoFjf5g7+Hev7uruaN4T8zTmmHuz1tKp2OktOoW9m6f2I+1wWOwxqXrFkrNfkpPOhDuiQZOyxnJyJxE3dxafjY6fQFiGhaI+Vp4gqB+720Us3d6D9m0rGgeEdPkW952iUq6FB2/6hTuAN/3vu+qt/dl50id5w8raL7FVscxgEPrxNwNZXPZGIHe1z5theIjelQNPrEk6OG7iXWJkNvXl31k+cy362YDzW3BIDjLvEpi274eq/LstMLrD8K7h/PUpf1JMZzpsImmIWct0ke1fh2e2Oj+lEzv2RuEZOlEhJkJ9GLBj3k/jfZ5QCpo4Go+xmzUVHwKexVfN5yk7wcfMRYqYTsFykshiIyZwtZetFUuGOy0AXtY7xTSLsDBkEszstntXsigEO186/usSq24smUErqzeU4T8/Am5NWQBs4z3Cq7I3OcH+zBGR6Idki2KvBRrA+yCHVzl/HookbQ+PFsZCBu/dtlYWmpGrK2QQ+WRYvyNudR+Z0i0mQXi14LrNK6d00REBnD93qeSJNLcASwpqT710A/aIOM484mkIfJvBHYteaE8VSxW55kU--1buqB+yo4Fujg3pf--fYhR0a9I/CKZT56p841tew==