Added extra security for blog app. Deletion of tags, articles and authors removed unless signed in. Creation of new authors removed unless via invite. Visual deletion buttons removed from views index pages.

Author: Rhelli

app/assets/stylesheets/styles.css.scss

@@ -19,6 +19,7 @@ a {
 
 img {
   border-radius: 4px;
+  max-width: 100%;
 }
 
 .clear {
@@ -28,7 +29,7 @@ img {
 }
 
 #container {
-  width: 75%;
+  width: auto;
   margin: 0 auto;
   background: #f0f0f0;
   padding: 20px 40px;

app/controllers/articles_controller.rb

@@ -1,7 +1,8 @@
 class ArticlesController < ApplicationController
-  
   include ArticlesHelper
 
+  before_action :require_login, except: [:index, :show]
+
   def index
     @articles = Article.all
   end

app/controllers/authors_controller.rb

@@ -1,5 +1,14 @@
 class AuthorsController < ApplicationController
   before_action :set_author, only: [:show, :edit, :update, :destroy]
+  before_action :zero_authors_or_authenticated, only: [:new, :create]
+  before_action :require_login, except: [:new, :create]
+
+  def zero_authors_or_authenticated
+    unless Author.count == 0 || current_user
+      redirect_to root_path
+      return false
+    end
+  end
 
   # GET /authors
   # GET /authors.json

app/controllers/comments_controller.rb

@@ -1,4 +1,6 @@
 class CommentsController < ApplicationController
+  before_action :require_login, except: [:create]
+
   def create
     @comment = Comment.new(comment_params)
     @comment.article_id = params[:article_id]

app/controllers/tags_controller.rb

@@ -1,9 +1,18 @@
 class TagsController < ApplicationController
+  before_action :require_login, only: [:destroy]
+
   def index
     @tags = Tag.all
   end
 
   def show
     @tag = Tag.find(params[:id])
   end
+
+  def destroy
+    @tag = Tag.find(params[:id])
+    @tag.destroy
+    flash.notice = "The '#{@tag.name}' tag has been deleted."
+    redirect_to tags_path
+  end
 end

app/models/article.rb

@@ -1,7 +1,7 @@
 class Article < ApplicationRecord
   has_many :comments
   has_many :taggings
-  has_many :tags, through: :taggings, dependent: :destroy
+  has_many :tags, through: :taggings
   has_attached_file :image, styles: {large: "1280x720>", medium: "800x450>", small: "400x225>", thumb: "100x100>"}
   validates_attachment_content_type :image, :content_type => ['image/jpeg', 'image/png', 'image/gif']
 

app/models/tag.rb

@@ -1,4 +1,4 @@
 class Tag < ApplicationRecord
-  has_many :taggings
+  has_many :taggings, dependent: :destroy
   has_many :articles, through: :taggings
 end

app/views/articles/index.html.erb

@@ -7,5 +7,6 @@
     </li><br>
   <% end %>
 </ul>
-
-<%= link_to 'Create a new post', new_article_path, class: "new_article" %>
+<% if logged_in? %>
+  <%= link_to 'Create a new post', new_article_path, class: "new_article" %>
+<% end %>

app/views/articles/show.html.erb

@@ -12,7 +12,10 @@
 </p>
 <p><%= @article.body %></p><br>
 
-<%= link_to 'Edit Article', edit_article_path(@article) %> | <%= link_to "Delete Article", article_path(@article), method: :delete, data: { confirm: 'Are you sure?' } %><br><br>
+<% if logged_in? %>
+  <%= link_to 'Edit Article', edit_article_path(@article) %> | <%= link_to "Delete Article", article_path(@article), method: :delete, data: { confirm: 'Are you sure?' } %><br><br>
+<% end %>
+
 <h3>Comments</h3>
 <%= render partial: 'articles/comment', collection: @article.comments %>
 <%= render partial: 'comments/form' %>

app/views/layouts/application.html.erb

@@ -10,9 +10,7 @@
   </head>
 
   <body>
-    <p class = 'flash'>
-      <%= flash.notice %>
-    </p>
+    <p class = 'flash'><%= flash.notice %></p>
     <div id = "container">
       <div id = "content">
         <%= yield %>