## app/views/products/edit.html.erb<h1>Editing product</h1><%= error_mes

1. ## app/views/products/edit.html.erb
2.  
3. <h1>Editing product</h1>
4.  
5. <%= error_messages_for :product %>
6.  
7. <% form_for(@product) do |f| %>
8. <p>
9. <b>Title</b><br />
10. <%= f.text_field :title %>
11. </p>
12.  
13. <p>
14. <b>Description</b><br />
15. <%= f.text_area :description %>
16. </p>
17.  
18. <p>
19. <b>Price</b><br />
20. <%= f.text_field :price %>
21. </p>
22.  
23. <p>
24. <%= f.submit "Update" %>
25. </p>
26. <% end %>
27.  
28. <%= link_to 'Show', @product %> |
29. <%= link_to 'Back', products_path %>
30.  
31. ## app/views/home/index.html.erb
32.  
33. <%= flash[:notice] %>
34.  
35. <h1>Listando Productos</h1>
36.  
37. <% for product in @products %>
38. <p>
39. Titulo: <%=h product.title %><br/>
40. Descripcion: <%=h product.description %><br/>
41. Precio: <%=h product.price %><br/>
42. <%= link_to image_tag(product.photo.public_filename(:thumb)), product.photo.public_filename unless product.photo.nil? %><br/>
43. </p>
44. <% end %>
45.  
46. <%= will_paginate @products %>
47.  
48.  
49. ## app/views/products/new.html.erb
50.  
51. <h1>New product</h1>
52.  
53. <%= error_messages_for :product %>
54.  
55. <% form_for(:product, :url => products_path, :html => { :multipart => true }) do |f| %>
56.  
57. <p>
58. <b>Title</b><br />
59. <%= f.text_field :title %>
60. </p>
61.  
62. <p>
63. <b>Description</b><br />
64. <%= f.text_area :description %>
65. </p>
66.  
67. <p>
68. <b>Price</b><br />
69. <%= f.text_field :price %>
70. </p>
71.  
72. <p>
73. <b>Photo</b><br />
74. <%= file_field :photo, :uploaded_data %>
75. </p>
76.  
77. <p>
78. <%= f.submit "Create" %>
79. </p>
80. <% end %>
81.  
82. <%= link_to 'Back', products_path %>
83.  
84.  
85. ## app/views/products/show.html.erb
86.  
87. <p>
88. <b>Title:</b>
89. <%=h @product.title %>
90. </p>
91.  
92. <p>
93. <b>Description:</b>
94. <%=h @product.description %>
95. </p>
96.  
97. <p>
98. <b>Price:</b>
99. <%=h @product.price %>
100. </p>
101.  
102.  
103. <%= link_to 'Edit', edit_product_path(@product) %> |
104. <%= link_to 'Back', products_path %>
105.  
106. ## app/views/products/edit.html.erb
107.  
108. <h1>Editing product</h1>
109.  
110. <%= error_messages_for :product %>
111.  
112. <% form_for(@product) do |f| %>
113. <p>
114. <b>Title</b><br />
115. <%= f.text_field :title %>
116. </p>
117.  
118. <p>
119. <b>Description</b><br />
120. <%= f.text_area :description %>
121. </p>
122.  
123. <p>
124. <b>Price</b><br />
125. <%= f.text_field :price %>
126. </p>
127.  
128. <p>
129. <%= f.submit "Update" %>
130. </p>
131. <% end %>
132.  
133. <%= link_to 'Show', @product %> |
134. <%= link_to 'Back', products_path %>
135.  
136. ## app/controllers/application.rb
137.  
138. # Filters added to this controller apply to all controllers in the application.
139. # Likewise, all the methods added will be available for all controllers.
140.  
141. class ApplicationController < ActionController::Base
142. helper :all # include all helpers, all the time
143.  
144. # See ActionController::RequestForgeryProtection for details
145. # Uncomment the :secret if you're not using the cookie session store
146. protect_from_forgery # :secret => 'bc304e5a67ce85a5c309c1249002e99b'
147. end
148.  
149. ## app/controllers/home_controller.rb
150.  
151. class HomeController < ApplicationController
152.  
153. def index
154. @products = Product.paginate(:page => params[:page], :per_page => 15, :order => 'id DESC')
155. end
156. end
157.  
158. ## app/controllers/products_controller.rb
159.  
160. class ProductsController < ApplicationController
161. include AuthenticatedSystem
162. before_filter :login_required, :only => [:index, :show, :new, :edit, :create, :update, :destroy]
163.  
164. # GET /products
165. # GET /products.xml
166. def index
167. @products = Product.find(:all)
168.  
169. respond_to do |format|
170. format.html # index.html.erb
171. format.xml { render :xml => @products }
172. end
173. end
174.  
175. # GET /products/1
176. # GET /products/1.xml
177. def show
178. @product = Product.find(params[:id])
179.  
180. respond_to do |format|
181. format.html # show.html.erb
182. format.xml { render :xml => @product }
183. end
184. end
185.  
186. # GET /products/new
187. # GET /products/new.xml
188. def new
189. @product = Product.new
190.  
191. respond_to do |format|
192. format.html # new.html.erb
193. format.xml { render :xml => @product }
194. end
195. end
196.  
197. # GET /products/1/edit
198. def edit
199. @product = Product.find(params[:id])
200. end
201.  
202. # POST /products
203. # POST /products.xml
204. def create
205. @product = Product.new(params[:product])
206. @product.photo = Photo.new(params[:photo])
207.  
208. respond_to do |format|
209. if @product.save
210. flash[:notice] = 'Product was successfully created.'
211. format.html { redirect_to(@product) }
212. format.xml { render :xml => @product, :status => :created, :location => @product }
213. else
214. format.html { render :action => "new" }
215. format.xml { render :xml => @product.errors, :status => :unprocessable_entity }
216. end
217. end
218. end
219.  
220. # PUT /products/1
221. # PUT /products/1.xml
222. def update
223. @product = Product.find(params[:id])
224.  
225. respond_to do |format|
226. if @product.update_attributes(params[:product])
227. flash[:notice] = 'Product was successfully updated.'
228. format.html { redirect_to(@product) }
229. format.xml { head :ok }
230. else
231. format.html { render :action => "edit" }
232. format.xml { render :xml => @product.errors, :status => :unprocessable_entity }
233. end
234. end
235. end
236.  
237. # DELETE /products/1
238. # DELETE /products/1.xml
239. def destroy
240. @product = Product.find(params[:id])
241. @product.destroy
242.  
243. respond_to do |format|
244. format.html { redirect_to(products_url) }
245. format.xml { head :ok }
246. end
247. end
248. end
249.  
250. ## app/controllers/sessions_controller.rb
251.  
252. # This controller handles the login/logout function of the site.
253. class SessionsController < ApplicationController
254. # Be sure to include AuthenticationSystem in Application Controller instead
255. include AuthenticatedSystem
256.  
257. # render new.rhtml
258. def new
259. end
260.  
261. def create
262. self.current_user = User.authenticate(params[:login], params[:password])
263. if logged_in?
264. if params[:remember_me] == "1"
265. self.current_user.remember_me
266. cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
267. end
268. redirect_back_or_default('/products')
269. #redirect_back_or_default('/')
270. flash[:notice] = "Logged in successfully"
271. else
272. render :action => 'new'
273. end
274. end
275.  
276. def destroy
277. self.current_user.forget_me if logged_in?
278. cookies.delete :auth_token
279. reset_session
280. flash[:notice] = "You have been logged out."
281. redirect_back_or_default('/')
282. end
283. end
284.  
285. ## app/controllers/users_controller.rb
286.  
287. class UsersController < ApplicationController
288. # Be sure to include AuthenticationSystem in Application Controller instead
289. include AuthenticatedSystem
290.  
291.  
292. # render new.rhtml
293. def new
294. end
295.  
296. def create
297. cookies.delete :auth_token
298. # protects against session fixation attacks, wreaks havoc with
299. # request forgery protection.
300. # uncomment at your own risk
301. # reset_session
302. @user = User.new(params[:user])
303. @user.save
304. if @user.errors.empty?
305. self.current_user = @user
306. redirect_back_or_default('/')
307. flash[:notice] = "Thanks for signing up!"
308. else
309. render :action => 'new'
310. end
311. end
312.  
313. end
314.  
315. ## app/models/photo.rb
316.  
317. class Photo < ActiveRecord::Base
318. belongs_to :product
319.  
320. has_attachment :content_type => :image,
321. :storage => :file_system,
322. :max_size => 500.kilobytes,
323. :resize_to => '320x200>',
324. :thumbnails => { :thumb => '100x100>' }
325.  
326. validates_as_attachment
327.  
328. end
329.  
330. ## app/models/product.rb
331.  
332. class Product < ActiveRecord::Base
333. has_one :photo
334. validates_presence_of :title, :description
335. validates_numericality_of :price
336. end
337.  
338. ## app/models/user.rb
339.  
340. require 'digest/sha1'
341. class User < ActiveRecord::Base
342. # Virtual attribute for the unencrypted password
343. attr_accessor :password
344.  
345. validates_presence_of :login, :email
346. validates_presence_of :password, :if => :password_required?
347. validates_presence_of :password_confirmation, :if => :password_required?
348. validates_length_of :password, :within => 4..40, :if => :password_required?
349. validates_confirmation_of :password, :if => :password_required?
350. validates_length_of :login, :within => 3..40
351. validates_length_of :email, :within => 3..100
352. validates_uniqueness_of :login, :email, :case_sensitive => false
353. before_save :encrypt_password
354.  
355. # prevents a user from submitting a crafted form that bypasses activation
356. # anything else you want your user to change should be added here.
357. attr_accessible :login, :email, :password, :password_confirmation
358.  
359. # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
360. def self.authenticate(login, password)
361. u = find_by_login(login) # need to get the salt
362. u && u.authenticated?(password) ? u : nil
363. end
364.  
365. # Encrypts some data with the salt.
366. def self.encrypt(password, salt)
367. Digest::SHA1.hexdigest("--#{salt}--#{password}--")
368. end
369.  
370. # Encrypts the password with the user salt
371. def encrypt(password)
372. self.class.encrypt(password, salt)
373. end
374.  
375. def authenticated?(password)
376. crypted_password == encrypt(password)
377. end
378.  
379. def remember_token?
380. remember_token_expires_at && Time.now.utc < remember_token_expires_at
381. end
382.  
383. # These create and unset the fields required for remembering users between browser closes
384. def remember_me
385. remember_me_for 2.weeks
386. end
387.  
388. def remember_me_for(time)
389. remember_me_until time.from_now.utc
390. end
391.  
392. def remember_me_until(time)
393. self.remember_token_expires_at = time
394. self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
395. save(false)
396. end
397.  
398. def forget_me
399. self.remember_token_expires_at = nil
400. self.remember_token = nil
401. save(false)
402. end
403.  
404. protected
405. # before filter
406. def encrypt_password
407. return if password.blank?
408. self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
409. self.crypted_password = encrypt(password)
410. end
411.  
412. def password_required?
413. crypted_password.blank? || !password.blank?
414. end
415.  
416.  
417. end