yooo this is sick

app/controllers/application_controller.rb

@@ -1,2 +1,18 @@
 class ApplicationController < ActionController::Base
+  helper_method :current_user, :logged_in?
+
+  def current_user
+    @current_user ||= User.find_by(id: session[:user_id]) if session[:user_id]
+  end
+
+  def logged_in?
+    !current_user.nil?
+  end
+
+  def require_user
+    unless logged_in?
+      flash[:alert] = "You must be logged in first. Please visit <a href=\"/signup\">the signup page</a> to create an account."
+      redirect_to login_path
+    end
+  end
 end

app/controllers/articles_controller.rb

@@ -1,5 +1,5 @@
 class ArticlesController < ApplicationController
-  http_basic_authenticate_with name: "dhh", password: "secret", except: [:index, :show]
+  before_action :require_user, except: [:show, :index]
 
   def index
     @articles = Article.all
@@ -15,6 +15,7 @@ class ArticlesController < ApplicationController
 
   def create
     @article = Article.new(article_params)
+    @article.user_id = current_user.id
 
     if @article.save
       redirect_to @article

app/controllers/comments_controller.rb

@@ -1,21 +1,31 @@
 class CommentsController < ApplicationController
-  http_basic_authenticate_with name: "dhh", password: "secret", only: :destroy
+  before_action :require_user
 
   def create
     @article = Article.find(params[:article_id])
-    @comment = @article.comments.create(comment_params)
+    @comment = @article.comments.new(comment_params)
+    @comment.commenter = current_user.username
+
+    if @comment.save
+      flash[:notice] = "Comment added successfully."
+    else
+      flash[:alert] = "Failed to add comment."
+    end
+
     redirect_to article_path(@article)
   end
 
   def destroy
     @article = Article.find(params[:article_id])
     @comment = @article.comments.find(params[:id])
-    comment.destroy
+    if @article.user_id == current_user.id || @comment.commenter == current_user.username
+      @comment.destroy
+    end
     redirect_to article_path(@article), status: :see_other
   end
 
   private
     def comment_params
-      params.require(:comment).permit(:commenter, :body, :status)
+      params.require(:comment).permit(:body, :status)
     end
 end

app/controllers/sessions_controller.rb

@@ -0,0 +1,23 @@
+class SessionsController < ApplicationController
+  def new
+  end
+
+  def create
+    user = User.find_by(email: params[:email].downcase)
+    if user && user.authenticate(params[:password])
+      session[:user_id] = user.id
+      flash[:notice] = "Logged in successfully."
+      redirect_to root_path
+    else
+      flash[:alert] = "Invalid email or password"
+      render :new
+    end
+  end
+
+  def destroy
+    session[:user_id] = nil
+    reset_session
+    flash[:notice] = "Logged out successfully."
+    redirect_to root_path
+  end
+end

app/controllers/users_controller.rb

@@ -0,0 +1,22 @@
+class UsersController < ApplicationController
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(user_params)
+    if @user.save
+      session[:user_id] = @user.id
+      flash[:notice] = "Welcome! You have successfully signed up."
+      redirect_to root_path
+    else
+      render :new
+    end
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:username, :email, :password, :password_confirmation)
+  end
+end

app/helpers/sessions_helper.rb

@@ -0,0 +1,2 @@
+module SessionsHelper
+end

app/helpers/users_helper.rb

@@ -0,0 +1,2 @@
+module UsersHelper
+end

app/models/article.rb

@@ -1,7 +1,7 @@
 class Article < ApplicationRecord
   include Visible
   
-  belongs_to: :user
+  belongs_to :user
   has_many :comments, dependent: :destroy
 
   validates :title, presence: true

app/models/user.rb

@@ -1,5 +1,7 @@
 class User < ApplicationRecord
-  has_many :articles, dependent: :destroy
-  
+  has_many :articles, dependent: :destroy  
   has_secure_password
+
+  validates :email, presence: true, uniqueness: true
+  validates :password, presence: true, length: { minimum: 6 }
 end

app/views/articles/index.html.erb

@@ -1,3 +1,12 @@
+<% if logged_in? %>
+    <p>Logged in as <%= current_user.username %></p>
+    <p><%= link_to "Log out", logout_path, data: {
+        turbo_method: :delete
+    } %></p>
+<% else %>
+    <p><%= link_to "Log in", login_path %> or <%= link_to "Sign up", signup_path %></p>
+<% end %>
+
 <h1>Articles!</h1>
 
 Our blog has <%= Article.public_count %> articles and counting!

app/views/articles/show.html.erb

@@ -2,13 +2,15 @@
 
 <p><%= @article.body %></p>
 
-<ul>
-    <li><%= link_to "Edit", edit_article_path(@article) %></li>
-    <li><%= link_to "Destroy", article_path(@article), data: {
-        turbo_method: :delete,
-        turbo_confirm: "Are you sure?"
-    } %></li>
-</ul>
+<% if logged_in? && @article.user_id == current_user.id %>
+    <ul>
+        <li><%= link_to "Edit", edit_article_path(@article) %></li>
+        <li><%= link_to "Destroy", article_path(@article), data: {
+            turbo_method: :delete,
+            turbo_confirm: "Are you sure?"
+        } %></li>
+    </ul>
+<% end %>
 
 <h2>Comments</h2>
 <%= render @article.comments %>

app/views/comments/_form.html.erb

@@ -1,17 +1,18 @@
-<%= form_with model: [ @article, @article.comments.build ] do |form| %>
-    <p>
-        <%= form.label :commenter %><br>
-        <%= form.text_field :commenter %><br>
-    </p>
-    <p>
-        <%= form.label :body %><br>
-        <%= form.text_area :body %><br>
-    </p>
-    <p>
-        <%= form.label :status %><br>
-        <%= form.select :status, Visible::VALID_STATUSES, selected: 'public' %><br>
-    </p>
-    <p>
-        <%= form.submit %><br>
-    </p>
+<% if logged_in? %>
+    <%= form_with model: [ @article, @article.comments.build ] do |form| %>
+        <p>
+            <%= form.label :body %><br>
+            <%= form.text_area :body %><br>
+        </p>
+        <p>
+            <%= form.label :status %><br>
+            <%= form.select :status, Visible::VALID_STATUSES, selected: 'public' %><br>
+        </p>
+        <p>
+            <%= form.submit %><br>
+        </p>
+    <% end %>
+<% else %>
+    <%= link_to "Sign up", signup_path %> or
+    <%= link_to "Log in", login_path %>
 <% end %>

app/views/sessions/create.html.erb

@@ -0,0 +1,2 @@
+<h1>Sessions#create</h1>
+<p>Find me in app/views/sessions/create.html.erb</p>

app/views/sessions/destroy.html.erb

@@ -0,0 +1,2 @@
+<h1>Sessions#destroy</h1>
+<p>Find me in app/views/sessions/destroy.html.erb</p>

app/views/sessions/new.html.erb

@@ -0,0 +1,17 @@
+<h1>Log in</h1>
+
+<%= form_with url: login_path, local: true do |form| %>
+    <div class="field">
+        <%= form.label :email %>
+        <%= form.email_field :email, autofocus: true, autocomplete: "email" %>
+    </div>
+
+    <div class="field">
+        <%= form.label :password %>
+        <%= form.password_field :password, autocomplete: "current-password" %>
+    </div>
+
+    <div>
+        <%= form.submit "Log in" %>
+    </div>
+<% end %>

app/views/users/new.html.erb

@@ -0,0 +1,38 @@
+<h1>Sign up</h1>
+
+<%= form_with model: @user, local: true do |form| %>
+    <% if @user.errors.any? %>
+        <div id="error_explanation">
+            <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
+            <ul>
+            <% @user.errors.full_messages.each do |message| %>
+                <li><%= message %></li>
+            <% end %>
+            </ul>
+        </div>
+    <%end%>
+
+    <div class="field">
+        <%= form.label :username %>
+        <%= form.text_field :username, auto_focus: true, autocomplete: "username" %>
+    </div>
+    
+    <div class="field">
+        <%= form.label :email %>
+        <%= form.email_field :email, autocomplete: "email" %>
+    </div>
+    
+    <div class="field">
+        <%= form.label :password %>
+        <%= form.password_field :password, autocomplete: "new-password" %>
+    </div>
+    
+    <div class="field">
+        <%= form.label :password_confirmation %>
+        <%= form.password_field :password_confirmation %>
+    </div>
+
+    <div>
+        <%= form.submit "Sign up"%>
+    </div>
+<% end %>