The
users section allows for the creation and management of users of the application built on top of the framework.
We will create the CRUD to enable:
- Creation of users
- Display of existing users
- Update of existing users
- Deletion of unwanted users
In this section, we will be creating the different methods in the users Controller.
We will also be creating more methods in the users Model for the new queries that will be required to retrieve all users or to retrieve a specific user.
The process will be as follows:
- Part of this process is to create a
constructmethod, which allows us to secure all methods from unauthorized users. This means that to be able to access any method within the section, you must be logged in first. Theindexmethod lists all the users with options to edit and delete the user. - On delete, a confirmation will be presented first.
- The next step is to create an
addview. In this view, there will be the form for the users of the application to create their record of a new user for the application. On submission of the form, the data will be collected and the validation process will start. - This will check that the data that is submitted is appropriate for its purpose and likely to be what is expected.
For example, there will be a check making sure that the username is more than three characters in length and does not already exist in the database.
- After the validation is passed, the user is created and a success message is recorded and visible to the user. The application user is then redirected to the users view.
- We will then create an
updatemethod andview,which is much like the method and view for creating a user. The key difference is that the form is pre-populated with the user's details upon being loaded onto the page, and when the form is submitted, that particular user is updated rather than a new record being created. - The final method to be made is the
deletemethod, which checks that the ID of the user is numeric and is not the same as the ID for the logged-in user so that they cannot delete themselves.Note
This is a case of the developer underestimating what a user might do. It is surprising what a user may do intentionally or unintentionally, and cases where they may delete themselves is easily done if the application takes no steps to prevent this.
After the record is deleted, a success message is created, and the user is redirected back to the user's page.