Carnegie Mellon University Website Home Page
  
Course Information
Calendar
Lectures
Assignments
Extra Help
Spring 2008  |  Mini 3

Homework 3 - Links BBoard (Due 2/13) [VERY short extension]

Background

The user-catered or administrative functionality of web applications (especially those available publicly through the Internet) are respectively worthless and dangerous without adequate protection through the use of authentication followed by authorization. This project will require you to implement a link bulletin-board where a user can login and submit interesting URLs for other users to visit.

Part 1 - MySQL

To help keep things consistent and speed up the initial setup, we provide you with a sql file that you should load directly into MySQL. It is available here.

The file can be loaded by starting a command prompt (as we demonstrated in class) and doing:
mysql -u root < hw3.sql

Remember, for this to work, hw3.sql must be in your current working directory (which should probably be the db directory of the hw3 project).

If the file looks like it loads cleanly, be sure to go into MySQL and check it out.

Part 2 - Implementation Requirements

Creating the project

  • in the rails_apps directory, create the project by issuing the command rails -d mysql hw3 (this tells rails to use MySQL as the database instead of SQLite)

Controllers

  • We will work with three controllers this time:
    • "links" will contain the following actions
      • list: list all links submitted by any user. These should be made into hyperlinks so they can be clicked by visitors and redirected to the particular site. They should also indicate the username of the person who submitted the link.
      • admin: logs in the user and lists their submitted links with options to edit and delete next to each as well as a link on the bottom to create a new link.
      • create: add a new link (only allowed if the user is logged in)
      • delete: remove a particular link if it belongs to the logged in user (you cannot delete another person's links!)
      • edit: edit a link (only if it belongs to the user)
    • "application" will contain the authorize action
      • the application controller is automatically generated when you create the project. Do not script/generate it!
      • actions available in the application controller are available to any controller
      • no action in the application controller should have a view!
      • the authorize action will be called as a filter (we'll go over this in class). It should see if the user_id stored in a session variable links to a valid user, and if not, redirects to the controller links and the action index with a message saying "Please log in".
    • "admin" will deal with all actions user account related
      • login: if the request issued is a GET request (we'll cover this in class), we render the login form. If the request is a POST request, we take the parameters from the form and attempt to log the user in (i.e. call User.authenticate). If successful, we set the session variable user_id to the user's id and redirect them to the admin action of the links controller. If not successful, we give an error message that the username/password combination is invalid and render the login page once more.
      • list_users: list all users with links next to each for "delete" and a link at the bottom to create a new account.
      • add_user: create a new user account.
      • delete user: destroy a user with the associated account
      • logout: set the session variable user_id to nil and redirect to the login page

Views

  • All CSS rules for past projects still apply.
  • Make each view look pretty.
  • Each view should display what the correlated action requires it to display :)

Models

  • Derive what your models should be called from the SQL file we hand you.
  • The only required method in the User model is called authenticate, which takes the username and password from the form and checks that the password belongs to that user. Be sure to look at the lecture from 2/11 where we create a sample project that uses user authentication and authorization. Also look at the user.rb source on page 665 of the text for ideas if you're stuck.

Handin (by midnight, 2/12)

  • Please zip up and submit only your "app" and "public" folders.
  • Call the file <AndrewID>_hw3.zip
  • Submit it under the "Lab 3 - Link BBoard" Assignment on Blackboard