For this challenge, focus on using Behavior Driven Development (BDD) over Test Driven Development (TDD). As a reminder, if you'd prefer to use this repo instead of your own project, that's fine. Just switch to the authentication branch and build off of that code.
- In your users#create action, and your users#login_user (or sessions#create if you've refactored) action, add that authenticated users id into the session
session[:user_id] = user.id
As a logged in user
When I visit the landing page
I no longer see a link to Log In or Create an Account
But I see a link to Log Out.
When I click the link to Log Out
I'm taken to the landing page
And I can see that the Log Out link has changed back to a Log In link
- Add a conditional in your view to show the correct Link (Remember, you can access session data in your views)
- Create a new route for logging out
- This action should remove the user_id from the session so that the user id doesn't persist.
As a visitor
When I visit the landing page
I do not see the section of the page that lists existing users
As a registered user
When I visit the landing page
The list of existing users is no longer a link to their show pages
But just a list of email addresses
- Note: this story isn't necessarily 'authorization', this functionality is just not necessary anymore, now that we have basic auth in place.
As a visitor
When I visit the landing page
And then try to visit '/dashboard'
I remain on the landing page
And I see a message telling me that I must be logged in or registered to access my dashboard
As a visitor
If I go to a movies show page
And click the button to create a viewing party
I'm redirected to the movies show page, and a message appears to let me know I must be logged in or registered to create a movie party.
- Do this ONE AT A TIME - change a route to not have the user id passed in, run your tests, fix your code/tests to get them green again.
- Important items to note:
- It would be most conventional to change your user show route (
/users/:id) to something like/dashboard. Still, have it go to the same controller#action, but make the URI more friendly. All other routes, you can simply just take off the/user/:idsection of the uri. - Now that your user id will get stored into the session ONLY upon succesful authentication (registration and logging in), you will need to update your tests to either log in or register a user. I'd suggest putting this into a before action. You could also create a method that grabbed the value from
session[:user_id], and stub that method in your tests.
- It would be most conventional to change your user show route (
- Important items to note:
- If you want to do the below extensions, you may find it helpful to take a look at this tutorial
When I log in as an admin user
I'm taken to my admin dashboard `/admin/dashboard`
I see a list of all default user's email addresses
When I click on a default user's email address
I'm taken to the admin users dashboard. `/admin/users/:id`
Where I see the same dashboard that particular user would see
As a visitor or default user
If I try to go to any admin routes ('/admin/dashboard' or '/admin/users/:id')
I get redirected to the landing page
And I see a message pop up telling me I'm not authorized to access those pages.