From b2e2a1b4b0a00e7cef1f2088162c944335f451d4 Mon Sep 17 00:00:00 2001
From: Ken Johnson <cktricky@Kens-MacBook-Pro.local>
Date: Tue, 21 May 2013 00:42:56 -0400
Subject: [PATCH] moved delete button away from submit button (duh), and
 changed delete a user to a POST request after realizing a spider might wreak
 havoc on that and delete all users

---
 app/controllers/admin_controller.rb        | 2 ++
 app/views/layouts/admin/_get_user.html.erb | 7 +++++--
 config/routes.rb                           | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index de412bc..003d797 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -10,6 +10,8 @@ class AdminController < ApplicationController
   
   def get_user
     @user = User.find_by_id(params[:admin_id].to_s)
+    arr = ["true", "false"]
+    @admin_select = @user.admin ? arr : arr.reverse
     render :partial => "layouts/admin/get_user"
   end
   
diff --git a/app/views/layouts/admin/_get_user.html.erb b/app/views/layouts/admin/_get_user.html.erb
index fbe5492..b2137e0 100644
--- a/app/views/layouts/admin/_get_user.html.erb
+++ b/app/views/layouts/admin/_get_user.html.erb
@@ -27,6 +27,9 @@
 		
 		  <%= f.label :password_confirmation, nil, {:class => "control-label"}%>
 		  <%= f.password_field :password_confirmation, {:class => "span12", :placeholder => "Enter Password"} %>
+		  
+		  <%= f.label :admin, nil, {:class => "control-label"}%>
+		  <%= f.select(:admin, @admin_select) %>
         </div>
       </div>
       <div class="row-fluid">  
@@ -36,7 +39,7 @@
       <button class="btn" data-dismiss="modal" aria-hidden="true">
         Close
       </button>
-         <%= link_to "Delete", "#", {:id => "delete_button", :class => "btn btn-danger"} %>	
+         <%= link_to "Delete", "#", {:id => "delete_button", :class => "btn btn-danger pull-left"} %>	
          <%= f.submit "Submit", {:id => 'submit_button', :class => "btn btn-primary pull-right"} %>
     </div>
  	     <% end %>
@@ -69,7 +72,7 @@ $('#delete_button').click(function() {
 	
 	$.ajax({
       url: "/admin/" +  <%= @user.id %> + "/delete_user.json",
-	  type: "GET",
+	  type: "POST",
 	  success: function(response) {
 	  	$('#success').show(500).delay(1500).fadeOut();
 		loadTable();
diff --git a/config/routes.rb b/config/routes.rb
index 1c8fa91..9c50183 100755
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -31,7 +31,7 @@ end
 resources :admin do
   get "dashboard"
   get "get_user"
-  get "delete_user"
+  post "delete_user"
   put "update_user"
   get "get_all_users"
 end