apologies for the late submit

.gitignore

@@ -15,3 +15,5 @@
 
 # Ignore Byebug command history file.
 .byebug_history
+.idea
+.env

Gemfile

@@ -30,7 +30,8 @@ gem 'jbuilder', '~> 2.5'
 # gem 'redis', '~> 3.0'
 # Use ActiveModel has_secure_password
 # gem 'bcrypt', '~> 3.1.7'
-
+gem "omniauth"
+gem "omniauth-github"
 # Use Capistrano for deployment
 # gem 'capistrano-rails', group: :development
 
@@ -56,6 +57,7 @@ group :test do
 end
 
 group :development do
+  gem 'dotenv-rails'
   # Access an IRB console on exception pages or by using <%= console %> anywhere in the code.
   gem 'web-console', '>= 3.3.0'
   gem 'listen', '~> 3.0.5'

Gemfile.lock

@@ -70,11 +70,18 @@ GEM
     concurrent-ruby (1.0.5)
     crass (1.0.4)
     debug_inspector (0.0.3)
+    dotenv (2.5.0)
+    dotenv-rails (2.5.0)
+      dotenv (= 2.5.0)
+      railties (>= 3.2, < 6.0)
     erubi (1.7.1)
     execjs (2.7.0)
+    faraday (0.15.3)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.25)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
+    hashie (3.5.7)
     i18n (1.1.0)
       concurrent-ruby (~> 1.0)
     jbuilder (2.7.0)
@@ -84,6 +91,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (2.1.0)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -113,9 +121,26 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.13.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.3.1)
     nokogiri (1.8.4)
       mini_portile2 (~> 2.3.0)
+    oauth2 (1.4.1)
+      faraday (>= 0.8, < 0.16.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.8.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.3.0)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-oauth2 (1.5.0)
+      oauth2 (~> 1.1)
+      omniauth (~> 1.2)
     pg (0.21.0)
     popper_js (1.14.3)
     pry (0.11.3)
@@ -207,13 +232,16 @@ DEPENDENCIES
   bootstrap (~> 4.1.3)
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   jbuilder (~> 2.5)
   jquery-rails
   listen (~> 3.0.5)
   minitest-rails
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)

app/controllers/application_controller.rb

@@ -2,6 +2,8 @@ class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 
   before_action :find_user
+  before_action :require_login, except: :root
+
 
   def render_404
     # DPR: this will actually render a 404 page in production
@@ -11,7 +13,22 @@ def render_404
 private
   def find_user
     if session[:user_id]
-      @login_user = User.find_by(id: session[:user_id])
+      @login_user ||= User.find(session[:user_id]) if session[:user_id]
+    end
+  end
+
+
+  def require_login
+    if session[:user_id].nil?
+      flash[:status] = :failure
+      flash[:result_text] = "You must be logged in to view this section"
+      redirect_to root_path
     end
   end
 end
+
+
+# def current_user
+#   @current_user ||= User.find(session[:user_id]) if session[:user_id]
+# end
+#

app/controllers/sessions_controller.rb

@@ -1,34 +1,39 @@
 class SessionsController < ApplicationController
-  def login_form
-  end
+  skip_before_action :require_login, only: :create
 
-  def login
-    username = params[:username]
-    if username and user = User.find_by(username: username)
-      session[:user_id] = user.id
+  def create
+    auth_hash = request.env['omniauth.auth']
+    user = User.find_by(uid: auth_hash[:uid], provider: 'github')
+    if user
+      # User was found in the database
       flash[:status] = :success
       flash[:result_text] = "Successfully logged in as existing user #{user.username}"
     else
-      user = User.new(username: username)
+      # User doesn't match anything in the DB
+      user = User.new_user(auth_hash)
+      # Attempt to create a new user
       if user.save
-        session[:user_id] = user.id
         flash[:status] = :success
         flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
       else
         flash.now[:status] = :failure
         flash.now[:result_text] = "Could not log in"
         flash.now[:messages] = user.errors.messages
         render "login_form", status: :bad_request
-        return
+        # redirect_to root_path
       end
     end
+
+    session[:user_id] = user.id
+    session[:username] = user.username
     redirect_to root_path
   end
 
-  def logout
+  def destroy
     session[:user_id] = nil
     flash[:status] = :success
     flash[:result_text] = "Successfully logged out"
+
     redirect_to root_path
   end
 end

app/controllers/works_controller.rb

@@ -2,6 +2,7 @@ class WorksController < ApplicationController
   # We should always be able to tell what category
   # of work we're dealing with
   before_action :category_from_work, except: [:root, :index, :new, :create]
+  before_action :verify_owner, only: [:edit, :update, :destroy]
 
   def root
     @albums = Work.best_albums
@@ -21,6 +22,7 @@ def new
   def create
     @work = Work.new(media_params)
     @media_category = @work.category
+    @work.owner = session[:user_id]
     if @work.save
       flash[:status] = :success
       flash[:result_text] = "Successfully created #{@media_category.singularize} #{@work.id}"
@@ -38,6 +40,7 @@ def show
   end
 
   def edit
+
   end
 
   def update
@@ -50,7 +53,7 @@ def update
       flash.now[:status] = :failure
       flash.now[:result_text] = "Could not update #{@media_category.singularize}"
       flash.now[:messages] = @work.errors.messages
-      render :edit, status: :not_found
+      render :edit, status: :bad_request
     end
   end
 
@@ -62,7 +65,7 @@ def destroy
   end
 
   def upvote
-    flash[:status] = :failure
+    # flash[:status] = :failure
     if @login_user
       vote = Vote.new(user: @login_user, work: @work)
       if vote.save
@@ -71,9 +74,12 @@ def upvote
       else
         flash[:result_text] = "Could not upvote"
         flash[:messages] = vote.errors.messages
+        # redirect_to work_path(@work)
       end
     else
       flash[:result_text] = "You must log in to do that"
+      # redirect_to work_path(@work)
+
     end
 
     # Refresh the page to show either the updated vote count
@@ -91,4 +97,12 @@ def category_from_work
     render_404 unless @work
     @media_category = @work.category.downcase.pluralize
   end
+
+  def verify_owner
+    if session[:user_id] != @work.owner
+      flash[:status] = :failure
+      flash[:result_text] = "You are not authorized to edit this work"
+      redirect_to root_path
+    end
+  end
 end

app/models/user.rb

@@ -3,4 +3,15 @@ class User < ApplicationRecord
   has_many :ranked_works, through: :votes, source: :work
 
   validates :username, uniqueness: true, presence: true
+
+
+  def self.new_user(auth_hash)
+    # turn the auth hash into a user
+    new_user = User.new(name: auth_hash[:info][:name],
+                        username: auth_hash[:info][:nickname],
+                        uid: auth_hash[:uid],
+                        provider: 'github')
+
+    return new_user
+  end
 end

app/views/layouts/application.html.erb

@@ -33,23 +33,17 @@
         </li>
       </ul>
       <ul class="nav app-header__user-nav-container">
-        <% if @login_user %>
-
-        <li class="nav-item app-header__nav_item">
-          <%= link_to "Logged in as #{@login_user.username}", user_path(@login_user), class: "btn btn-primary" %>
-        </li>
-        <li class="nav-item app-header__nav_item">
-          <%= link_to "Log Out", logout_path, method: :post, class: "btn btn-primary" %>
-        </li>
-
+        <% if session[:user_id] %>
+          <li class="nav-item app-header__nav_item">
+            <%= link_to "Logged in as #{session[:username]}", user_path(session[:user_id]), class: "btn btn-primary" %>
+          </li>
+          <li class="nav-item app-header__nav_item">
+            <%= link_to "Log out", logout_path, method: "delete"   %></li>
         <% else %>
-
-        <li class="nav-item app-header__nav_item">
-          <%= link_to "Log In", login_path, class: "btn btn-primary" %>
-        </li>
+          <li class="nav-item app-header__nav_item">
+            <%= link_to "Login with Github", "/auth/github" %></li>
         <% end %>
-
-      </ul>
+          </ul>
     </nav>
   </header>
 

config/initializers/omniauth.rb

@@ -0,0 +1,4 @@
+# config/initializers/omniauth.rb
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email"
+end

config/routes.rb

@@ -1,10 +1,10 @@
 Rails.application.routes.draw do
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
   root 'works#root'
-  get '/login', to: 'sessions#login_form', as: 'login'
-  post '/login', to: 'sessions#login'
-  post '/logout', to: 'sessions#logout', as: 'logout'
 
+  get "/auth/:provider/callback", to: "sessions#create", as: "auth_callback"
+  delete "/logout", to: "sessions#destroy", as: "logout"
+
   resources :works
   post '/works/:id/upvote', to: 'works#upvote', as: 'upvote'
 

db/migrate/20181016211418_add_o_auth_fields_to_user.rb

@@ -0,0 +1,8 @@
+class AddOAuthFieldsToUser < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :name, :string
+    add_column :users, :uid, :integer, null: false # this is the identifier provided by GitHub
+    add_column :users, :provider, :string, null: false # this tells us who provided the identifier
+    end
+end
+

db/migrate/20181102001212_add_owner_col_to_works.rb

@@ -0,0 +1,5 @@
+class AddOwnerColToWorks < ActiveRecord::Migration[5.2]
+  def change
+    add_column :works, :owner, :string
+  end
+end

db/migrate/20181102003118_change_owner_col_in_works_to_int.rb

@@ -0,0 +1,6 @@
+class ChangeOwnerColInWorksToInt < ActiveRecord::Migration[5.2]
+  def change
+    change_column :works, :owner, 'integer USING CAST(owner AS integer)'
+
+  end
+end

db/schema.rb

@@ -10,35 +10,39 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170407164321) do
+ActiveRecord::Schema.define(version: 2018_11_02_003118) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
-  create_table "users", force: :cascade do |t|
-    t.string   "username"
+  create_table "users", id: :serial, force: :cascade do |t|
+    t.string "username"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.string "name"
+    t.integer "uid", null: false
+    t.string "provider", null: false
   end
 
-  create_table "votes", force: :cascade do |t|
-    t.integer  "user_id"
-    t.integer  "work_id"
+  create_table "votes", id: :serial, force: :cascade do |t|
+    t.integer "user_id"
+    t.integer "work_id"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
-    t.index ["user_id"], name: "index_votes_on_user_id", using: :btree
-    t.index ["work_id"], name: "index_votes_on_work_id", using: :btree
+    t.index ["user_id"], name: "index_votes_on_user_id"
+    t.index ["work_id"], name: "index_votes_on_work_id"
   end
 
-  create_table "works", force: :cascade do |t|
-    t.string   "title"
-    t.string   "creator"
-    t.string   "description"
-    t.string   "category"
-    t.datetime "created_at",                   null: false
-    t.datetime "updated_at",                   null: false
-    t.integer  "vote_count",       default: 0
-    t.integer  "publication_year"
+  create_table "works", id: :serial, force: :cascade do |t|
+    t.string "title"
+    t.string "creator"
+    t.string "description"
+    t.string "category"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.integer "vote_count", default: 0
+    t.integer "publication_year"
+    t.integer "owner"
   end
 
   add_foreign_key "votes", "users"