Authorization

Gemfile

@@ -44,13 +44,18 @@ gem 'tzinfo-data'
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', require: false
 
+gem 'devise'
+
+gem 'cancancan'
+
 # Use Sass to process CSS
 # gem "sassc-rails"
 
 # Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
 # gem "image_processing", "~> 1.2"
 
-gem 'ffi'
+gem 'ffi', github: 'ffi/ffi', submodules: true
+
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem 'rails-controller-testing'

Gemfile.lock

@@ -1,3 +1,12 @@
+
+
+GIT
+  remote: https://github.com/ffi/ffi.git
+  revision: 07a1c0c028942f786b80f48206795a8fa6b0e8f5
+  submodules: true
+  specs:
+    ffi (1.15.5)
+
 GEM
   remote: https://rubygems.org/
   specs:
@@ -69,13 +78,15 @@ GEM
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.2)
+    bcrypt (3.1.18)
     bindex (0.8.1)
     bootsnap (1.12.0)
       msgpack (~> 1.2)
     builder (3.2.4)
     bullet (7.0.2)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
+    cancancan (3.4.0)
     capybara (3.37.1)
       addressable
       matrix
@@ -88,11 +99,15 @@ GEM
     childprocess (4.1.0)
     concurrent-ruby (1.1.10)
     crass (1.0.6)
+    devise (4.8.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
     diff-lcs (1.5.0)
     digest (3.1.0)
     erubi (1.10.0)
-    ffi (1.15.5)
-    ffi (1.15.5-x64-mingw-ucrt)
     globalid (1.0.0)
       activesupport (>= 5.0)
     i18n (1.12.0)
@@ -134,8 +149,7 @@ GEM
       racc (~> 1.4)
     nokogiri (1.13.7-x64-mingw-ucrt)
       racc (~> 1.4)
-    nokogiri (1.13.7-x86_64-linux)
-      racc (~> 1.4)
+    orm_adapter (0.5.0)
     parallel (1.22.1)
     parser (3.1.2.0)
       ast (~> 2.4.1)
@@ -181,6 +195,9 @@ GEM
     rainbow (3.1.1)
     rake (13.0.6)
     regexp_parser (2.5.0)
+    responders (3.0.1)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
     rexml (3.2.5)
     rspec-core (3.11.0)
       rspec-support (~> 3.11.0)
@@ -240,6 +257,8 @@ GEM
       tzinfo (>= 1.0.0)
     unicode-display_width (2.2.0)
     uniform_notifier (1.16.0)
+    warden (1.2.9)
+      rack (>= 2.0.9)
     web-console (4.2.0)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
@@ -260,13 +279,14 @@ GEM
 PLATFORMS
   arm64-darwin-21
   x64-mingw-ucrt
-  x86_64-linux
 
 DEPENDENCIES
   bootsnap
   bullet
+  cancancan
   capybara
-  ffi
+  devise
+  ffi!
   importmap-rails
   jbuilder
   pg (~> 1.1)
@@ -287,4 +307,4 @@ RUBY VERSION
    ruby 3.1.2p20
 
 BUNDLED WITH
-   2.3.7
+   2.3.7

app/assets/stylesheets/user_style.css

@@ -153,8 +153,6 @@ a {
   display: flex;
   justify-content: center;
   align-items: center;
-
-  /* text-align: center; */
 }
 
 .text-button {

app/controllers/application_controller.rb

@@ -1,5 +1,11 @@
 class ApplicationController < ActionController::Base
-  def current_user
-    User.first
+  before_action :authenticate_user!
+  protect_from_forgery with: :exception
+  before_action :update_allowed_parameters, if: :devise_controller?
+
+  def update_allowed_parameters
+    devise_parameter_sanitizer.permit(:sign_up) do |field|
+      field.permit(:name, :photo, :bio, :posts_counter, :email, :password, :password_confirmation)
+    end
   end
 end

app/controllers/comments_controller.rb

@@ -21,6 +21,12 @@ def create
     end
   end
 
+  def destroy
+    comment = Comment.find(params[:id])
+    comment.destroy
+    redirect_to user_post_url(current_user, comment.post), notice: 'Comment was successfully destroyed.'
+  end
+
   private
 
   def comment_params

app/controllers/posts_controller.rb

@@ -1,4 +1,5 @@
 class PostsController < ApplicationController
+  load_and_authorize_resource
   before_action :set_post, only: %i[show edit update destroy]
 
   def index
@@ -28,6 +29,13 @@ def create
     end
   end
 
+  def destroy
+    @post = Post.find(params[:id])
+    @user = User.find(@post.author_id)
+    @post.destroy
+    redirect_to user_url(@user)
+  end
+
   private
 
   def set_post

app/models/ability.rb

@@ -0,0 +1,36 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    can :read, :all if user.role.nil?
+
+    can :manage, :all if user.role == 'admin'
+    can :read, :all if user.role == 'user'
+    can :manage, Post, author_id: user.id
+    can :manage, Comment, author_id: user.id
+    # Define abilities for the user here. For example:
+    #
+    #   return unless user.present?
+    #   can :read, :all
+    #   return unless user.admin?
+    #   can :manage, :all
+    #
+    # The first argument to `can` is the action you are giving the user
+    # permission to do.
+    # If you pass :manage it will apply to every action. Other common actions
+    # here are :read, :create, :update and :destroy.
+    #
+    # The second argument is the resource the user can perform the action on.
+    # If you pass :all it will apply to every resource. Otherwise pass a Ruby
+    # class of the resource.
+    #
+    # The third argument is an optional hash of conditions to further filter the
+    # objects.
+    # For example, here the user can only update published articles.
+    #
+    #   can :update, Article, published: true
+    #
+    # See the wiki for details:
+    # https://github.com/CanCanCommunity/cancancan/blob/develop/docs/define_check_abilities.md
+  end
+end

app/models/comment.rb

@@ -3,10 +3,15 @@ class Comment < ApplicationRecord
   belongs_to :post
 
   after_save :update_comments_counter
+  before_destroy :update_comments_counter_on_destroy
 
   private
 
   def update_comments_counter
     post.increment!(:comments_counter)
   end
+
+  def update_comments_counter_on_destroy
+    post.update_columns('comments_counter' => post.comments_counter - 1)
+  end
 end

app/models/post.rb

@@ -4,10 +4,11 @@ class Post < ApplicationRecord
   validates :likes_counter, numericality: { only_integer: true, greater_than_or_equal_to: 0 }
 
   belongs_to :author, class_name: 'User'
-  has_many :comments, foreign_key: 'post_id'
-  has_many :likes, foreign_key: 'post_id'
+  has_many :comments, foreign_key: 'post_id', dependent: :destroy
+  has_many :likes, foreign_key: 'post_id', dependent: :destroy
 
   after_save :update_posts_counter
+  before_destroy :update_posts_counter_on_destroy
 
   def recent_comments
     comments.order(created_at: :desc).limit(5)
@@ -18,4 +19,8 @@ def recent_comments
   def update_posts_counter
     author.increment!(:posts_counter)
   end
+
+  def update_posts_counter_on_destroy
+    author.update_columns('posts_counter' => author.posts_counter - 1)
+  end
 end

app/models/user.rb

@@ -1,12 +1,25 @@
 class User < ApplicationRecord
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable
+
   validates :name, presence: true, allow_blank: false
   validates :posts_counter, numericality: { only_integer: true, greater_than_or_equal_to: 0 }
 
-  has_many :posts, foreign_key: 'author_id'
-  has_many :comments, foreign_key: 'author_id'
-  has_many :likes, foreign_key: 'author_id'
+  has_many :posts, foreign_key: 'author_id', dependent: :destroy
+  has_many :comments, foreign_key: 'author_id', dependent: :destroy
+  has_many :likes, foreign_key: 'author_id', dependent: :destroy
+
+  after_initialize :set_defaults
 
   def recent_posts
     posts.order(created_at: :desc).limit(3)
   end
+
+  private
+
+  def set_defaults
+    self.posts_counter ||= 0
+  end
 end