Allow user to see their profile page

vedia.rb

@@ -218,6 +218,11 @@ post '/logout' do
   redirect '/login'
 end
 
+get '/users/:id' do
+  require_admin_or_self
+  erb :users_show
+end
+
 get '/admin' do
   require_admin
   @users = User.all
@@ -225,12 +230,6 @@ get '/admin' do
   erb :admin
 end
 
-get '/admin/users/:id' do
-  require_admin
-  @user = User.find(params[:id])
-  erb :admin_users
-end
-
 get '/admin/users/:id/organizers/:vote/delete' do
   require_admin
   rating = Organizer.where(user: params[:id]).where(vote: params[:vote]).each do |organizer|
@@ -652,6 +651,12 @@ helpers do
     redirect '/' unless is_admin
   end
 
+  def require_admin_or_self
+    require_login
+    find_user
+    redirect '/' unless is_admin or current_user == @user
+  end
+
   def find_vote
     @vote = Vote.find_by(secure_id: params[:id])
   end
@@ -660,6 +665,10 @@ helpers do
     @candidate = Candidate.find(params[:cid])
   end
 
+  def find_user
+    @user = User.find(params[:id])
+  end
+
   def all_users_sorted
     User.all.each.sort_by { |user| user.email }
   end

views/admin.erb

@@ -14,7 +14,7 @@
   </thead>
   <% @users.sort_by { |user| user.email }.each do |user| %>
     <tr>
-      <td><a href="/admin/users/<%= user.id %>"><%= user.email %></a></td>
+      <td><a href="/users/<%= user.id %>"><%= user.email %></a></td>
       <td><%= format_date(user.created_at) %></td>
       <td><%= user.admin %></td>
       <td><%= user.votes.length %></td>

views/layout.erb

@@ -40,7 +40,7 @@
 
       <div class="d-flex flex-wrap justify-content-end pe-3 py-3 mb-4">
         <% if current_user %>
-          <%= current_user.email %>
+          <a href="/users/<%= current_user.id %>"><%= current_user.email %></a>
         <% else %>
           &nbsp;
         <% end %>

views/users_show.erb

@@ -1,6 +1,4 @@
-<h1 class="mb-5"><%= _("Admin") %></h1>
-
-<h2 class="mb-4"><%= @user.email %></h2>
+<h1 class="mb-5"><%= @user.email %></h1>
 
 <p><%= _("Created: %{date}") % { date: format_date(@user.created_at) } %></p>