| 12345678910111213141516171819202122232425262728293031 |
- class CourseParticipationsController < ApplicationController
- def create
- @course = Course.find(participation_params[:course_id])
- check_permissions
- @participation = CourseParticipation.new(participation_params)
- @participation.save
- redirect_to @course
- end
- def destroy
- @participation = CourseParticipation.find(params[:id])
- @course = @participation.course
- check_permissions
- @participation.destroy
- redirect_to @course
- end
- private
- def participation_params
- params.require(:course_participation).permit(:course_id,
- :user_id,
- :role)
- end
- def check_permissions
- unless current_user.is_administrator_at?(@course.school) || current_user.admin?
- redirect_to root_url
- end
- end
- end
|
