Added Users

Gemfile

@@ -33,6 +33,8 @@ gem 'jbuilder', '~> 2.5'
 # Use Capistrano for deployment
 # gem 'capistrano-rails', group: :development
 
+gem 'devise'
+
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]

Gemfile.lock

@@ -41,6 +41,7 @@ GEM
     addressable (2.5.2)
       public_suffix (>= 2.0.2, < 4.0)
     arel (8.0.0)
+    bcrypt (3.1.11)
     bindex (0.5.0)
     builder (3.2.3)
     byebug (9.1.0)
@@ -62,6 +63,12 @@ GEM
     coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
     crass (1.0.2)
+    devise (4.3.0)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0, < 5.2)
+      responders
+      warden (~> 1.2.3)
     erubi (1.7.0)
     execjs (2.7.0)
     ffi (1.9.18)
@@ -91,6 +98,7 @@ GEM
     nio4r (2.1.0)
     nokogiri (1.8.1)
       mini_portile2 (~> 2.3.0)
+    orm_adapter (0.5.0)
     pg (0.21.0)
     public_suffix (3.0.0)
     puma (3.10.0)
@@ -124,6 +132,9 @@ GEM
     rb-fsevent (0.10.2)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
+    responders (2.4.0)
+      actionpack (>= 4.2.0, < 5.3)
+      railties (>= 4.2.0, < 5.3)
     ruby_dep (1.5.0)
     rubyzip (1.2.1)
     sass (3.5.2)
@@ -162,6 +173,8 @@ GEM
       thread_safe (~> 0.1)
     uglifier (3.2.0)
       execjs (>= 0.3.0, < 3)
+    warden (1.2.7)
+      rack (>= 1.0)
     web-console (3.5.1)
       actionview (>= 5.0)
       activemodel (>= 5.0)
@@ -180,6 +193,7 @@ DEPENDENCIES
   byebug
   capybara (~> 2.13)
   coffee-rails (~> 4.2)
+  devise
   jbuilder (~> 2.5)
   listen (>= 3.0.5, < 3.2)
   pg (~> 0.18)

app/assets/stylesheets/application.css

@@ -13,3 +13,6 @@
  *= require_tree .
  *= require_self
  */
+.sign-in-out {
+  float: right;
+}

app/controllers/paintings_controller.rb

@@ -1,5 +1,7 @@
 class PaintingsController < ApplicationController
+  before_action :authenticate_owner!, except: [:index]
   before_action :set_painting, only: [:show, :edit, :update, :destroy]
+  before_action :check_correct_owner, only: [:edit, :update, :destroy]
 
   # GET /paintings
   # GET /paintings.json
@@ -25,6 +27,7 @@ def edit
   # POST /paintings.json
   def create
     @painting = Painting.new(painting_params)
+    @painting.owner = current_owner
 
     respond_to do |format|
       if @painting.save
@@ -71,4 +74,10 @@ def set_painting
     def painting_params
       params.require(:painting).permit(:title, :artist, :height_cm, :width_cm, :year)
     end
+
+    def check_correct_owner
+      unless current_owner && @painting.user == current_owner
+        redirect_to paintings_url, notice: 'You can\'t edit that painting'
+      end
+    end
 end

app/models/owner.rb

@@ -0,0 +1,8 @@
+class Owner < ApplicationRecord
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable
+
+  has_many :paintings
+end

app/models/painting.rb

@@ -1,2 +1,3 @@
 class Painting < ApplicationRecord
+  belongs_to :owner
 end

app/views/layouts/application.html.erb

@@ -9,6 +9,14 @@
   </head>
 
   <body>
+    <% if !current_owner %>
+      <div class="sign-in-out" id="sign-in">
+        <%= link_to "Sign In", new_owner_session_path %>
+    <% else %>
+      <div class="sign-in-out" id="sign-out">
+        <%= link_to "Sign Out", destroy_owner_session_path, method: :delete %>
+    <% end %>
+      </div>
     <%= yield %>
   </body>
 </html>

app/views/paintings/index.html.erb

@@ -23,8 +23,10 @@
         <td><%= painting.width_cm %></td>
         <td><%= painting.year %></td>
         <td><%= link_to 'Show', painting %></td>
-        <td><%= link_to 'Edit', edit_painting_path(painting) %></td>
-        <td><%= link_to 'Destroy', painting, method: :delete, data: { confirm: 'Are you sure?' } %></td>
+        <% if painting.owner == current_owner %>
+          <td><%= link_to 'Edit', edit_painting_path(painting) %></td>
+          <td><%= link_to 'Destroy', painting, method: :delete, data: { confirm: 'Are you sure?' } %></td>
+        <% end %>
       </tr>
     <% end %>
   </tbody>

config/environments/development.rb

@@ -51,4 +51,5 @@
   # Use an evented file watcher to asynchronously detect changes in source code,
   # routes, locales, etc. This feature depends on the listen gem.
   config.file_watcher = ActiveSupport::EventedFileUpdateChecker
+  config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
 end