User profile editing

app/controllers/users_controller.rb

@@ -2,46 +2,22 @@ class UsersController < ApplicationController
   skip_before_action :authenticate_user!, only: [:signup, :create]
   before_action :set_user, only: [:show, :edit, :update, :destroy]
 
-  # GET /users
-  # GET /users.json
-  def index
-    @users = User.all
-  end
 
   # GET /users/1
   # GET /users/1.json
   def show
-  end
-
-  # GET /signup
-  def signup
-    @user = User.new
+    authorize! :read, @user
   end
 
   # GET /users/1/edit
   def edit
-  end
-
-  # POST /users
-  # POST /users.json
-  def create
-    @user = User.new(user_params)
-    @user.role ||= 'member'
-    @user.account ||= 'free'
-    respond_to do |format|
-      if @user.save
-        format.html { redirect_to root_path, notice: 'User was successfully created.' }
-        format.json { render :show, status: :created, location: @user }
-      else
-        format.html { render :signup, alert: @user.errors }
-        format.json { render json: @user.errors, status: :unprocessable_entity }
-      end
-    end
+    authorize! :update, @user
   end
 
   # PATCH/PUT /users/1
   # PATCH/PUT /users/1.json
   def update
+    authorize! :update, @user
     respond_to do |format|
       if @user.update(user_params)
         format.html { redirect_to @user, notice: 'User was successfully updated.' }
@@ -53,16 +29,6 @@ def update
     end
   end
 
-  # DELETE /users/1
-  # DELETE /users/1.json
-  def destroy
-    @user.destroy
-    respond_to do |format|
-      format.html { redirect_to users_url, notice: 'User was successfully destroyed.' }
-      format.json { head :no_content }
-    end
-  end
-
   private
     # Use callbacks to share common setup or constraints between actions.
     def set_user

app/models/ability.rb

@@ -1,79 +1,79 @@
 class Ability
-	include CanCan::Ability
+  include CanCan::Ability
 
-	def initialize(user)
-		alias_action :new_request, :send_request, to: :request
+  def initialize(user)
+    alias_action :new_request, :send_request, to: :request
 
-		@user = user || User.new
-		@user.role = 'guest' if @user.role.blank?
+    @user = user || User.new
+    @user.role = 'guest' if @user.role.blank?
 
-		send(@user.role.downcase)
-	end
+    send(@user.role.downcase)
+  end
 
-	# Admin user can do anything
-	def admin
-		can :manage, :all
-	end
+  # Admin user can do anything
+  def admin
+    can :manage, :all
+  end
 
-	# Guest, a non-signed in user, can only view public articles
-	def guest
-		can :read, Article do |article|
-			article.private == false || article.private == nil
-		end
-		can :read, User
-	end
+  # Guest, a non-signed in user, can only view public articles
+  def guest
+    can :read, Article do |article|
+      article.private == false || article.private == nil
+    end
+    can :read, User
+  end
 
-	# Member is a registered user
-	def member
-		guest
-		# Member's account type determines his/her abilities
-		send @user.account.downcase
-	end
+  # Member is a registered user
+  def member
+    guest
+    # Member's account type determines his/her abilities
+    send @user.account.downcase
+  end
 
-	# Types of user account: free, basic, academic, pro and enterprise
+  # Types of user account: free, basic, academic, pro and enterprise
 
-	def free
-		# Article
-		cannot :manage, Article, private: true
-		can :manage, Article do |article|
-			(article.private == false && article.user_id == @user.id)
-		end
-		# Appraisal
-		can :manage, Appraisal do |appraisal|
-			appraisal.member.user_id == @user.id
-		end
-		# Participation
-		can :manage, Member, user_id: @user.id
-		# User
-		can [:read, :update], User, id: @user.id
-	end
+  def free
+    # Article
+    cannot :manage, Article, private: true
+    can :manage, Article do |article|
+      (article.private == false && article.user_id == @user.id)
+    end
+    # Appraisal
+    can :manage, Appraisal do |appraisal|
+      appraisal.member.user_id == @user.id
+    end
+    # Participation
+    can :manage, Member, user_id: @user.id
+    # User
+    can [:read, :update], User, id: @user.id
+  end
 
-	def basic
-		free
-		can :participate_in, Article do |article|
-			article.members.include? @user
-		end
-		can :manage, Article do |article|
-			(article.user_id == @user.id)
-		end
-	end
+  def basic
+    free
+    can :participate_in, Article do |article|
+      article.members.include? @user
+    end
+    can :manage, Article do |article|
+      (article.user_id == @user.id)
+    end
+  end
 
-	def academic
-		basic
+  def academic
+    basic
 
-		can :create_report, Article do |article|
-			article.user_id == @user.id
-		end
-		can :import_export_excel, Article do |article|
-			article.user_id == @user.id
-		end
-	end
+    can :create_report, Article do |article|
+      article.user_id == @user.id
+    end
+    can :import_export_excel, Article do |article|
+      article.user_id == @user.id
+    end
+  end
 
-	def pro
-		academic
-		can :create_report, Article 
-		can :create_pdf_report, Article
-		can :import_export_excel, Article
-	end
+  def pro
+    academic
+    can :create_report, Article 
+    can :create_pdf_report, Article
+    can :import_export_excel, Article
+  end
 
 end

app/views/users/edit.html.slim

@@ -1,4 +1,32 @@
-h1 Editing User
+- page_title "User Profile"
 
-= render 'form', user: @user
+- content_for :left_frame do
+  = render 'users/profile_sidepanel'
+
+#container-box
+  .widget
+    .widget-header
+      i.icon-list-ul
+      h3 = @user.name
+    .well.well-widget-content
+      .widget-content-title Editing user profile
+
+      = form_with model: @user do |form|
+        .control-group
+          = form.label :name, for: 'user_name', class: "control-label"
+          .controls
+            = form.text_field :name, class: 'input-xxlarge'
+
+        .control-group
+          = form.label :bio, class: "control-label"
+          .controls
+            = form.text_area :bio, class: 'input-xxlarge tinymce', rows: 10
+
+        = tinymce
+
+        #toolbar.button-toolbar
+          = form.submit 'Save', class:"btn btn-primary"
+          = link_to user_path(@user), class:"btn" do
+            i.icon-remove
+            |  Cancel
 

config/routes.rb

@@ -7,7 +7,7 @@
   devise_for :users, controllers: { registrations: 'users/registrations' }
 
   # Users
-  resources :users do
+  resources :users, only: [:show, :edit, :update] do
     resources :follows, only: [:index, :create, :destroy]
     resources :bookmarks, only: [:index, :create, :destroy]
   end

spec/requests/user_profile_request_spec.rb

@@ -0,0 +1,52 @@
+require "rails_helper"
+
+RSpec.describe "User Profile", :type => :request do
+  let(:bingley) { create :bingley }
+  let(:darcy) { create :darcy }
+  let(:valid_attributes) {
+    { name: "Mr. Bingley", email: "bingley@netherfield.net", bio: '£5,000 a year' }
+  }
+  let(:invalid_attributes) {
+    { name: "John Doe", email: " " }
+  }
+
+  context "without logged in user" do
+    it "allows to read a user's profile" do
+      get user_path(bingley)
+      expect(response).to redirect_to( new_user_session_path )
+    end
+
+    it "won't allow the user to edit" do
+      get edit_user_path(bingley)
+      expect(response).to redirect_to( new_user_session_path )
+    end
+  end
+
+  context "with logged in user" do
+    before {
+      sign_in bingley
+    }
+    it "allows to read a user's profile" do
+      get user_path(darcy)
+      expect(response.body).to include(bingley.name)
+    end
+
+    it "allows the user to edit" do
+      get edit_user_path(bingley)
+      expect(response).to be_successful
+    end
+
+    it "allows the user to edit his bio" do
+      patch user_path(bingley), params: {user: valid_attributes}
+      expect(bingley.reload.bio).to eq '£5,000 a year'
+    end
+
+    it "won't allow the user to edit" do
+      get edit_user_path(darcy)
+      expect(response).to redirect_to(root_path)
+      follow_redirect!
+      expect(response.body).to include('You are not authorized')
+    end
+  end
+
+end