| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- class CoursesController < ApplicationController
- before_action :set_course, only: [:show, :edit, :update, :destroy]
- before_action :check_can_edit, only: [:edit, :update]
- before_action :check_can_create, only: [:create]
- def show
- end
- def new
- @course = Course.new
- end
- def edit
- end
- def create
- @course = Course.new(course_params)
- if @course.save
- flash[:success] = "Created course"
- redirect_to @course
- else
- render :new
- end
- end
- def update
- if @course.update(course_params)
- flash[:success] = "Updated course"
- redirect_to @course
- else
- render :edit
- end
- end
- private
- # Use callbacks to share common setup or constraints between actions.
- def set_course
- @course = Course.find(params[:id])
- end
- def course_params
- params.require(:course).permit(:name, :school_id, :starts_on, :ends_on)
- end
- def check_can_create
- unless current_user.is_administrator_at?(School.find(course_params[:school_id])) || current_user.admin?
- redirect_to root_url
- end
- end
- def check_can_edit
- unless current_user.is_administrator_at?(@course.school) || current_user.admin?
- redirect_to root_url
- end
- end
- end
|
