| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 |
- class NewsPostsController < ApplicationController
- before_action :set_news_post, only: [:show, :edit, :update, :destroy]
- before_action :check_can_edit, only: [:edit, :update, :destroy]
- before_action :check_correct_user, only: [:edit, :update]
- # GET /news_posts/1
- # GET /news_posts/1.json
- def show
- end
- # GET /news_posts/1/edit
- def edit
- end
- # POST /news_posts
- # POST /news_posts.json
- def create
- @news_post = NewsPost.new(news_post_params)
- @news_post.user = current_user
- respond_to do |format|
- if @news_post.save
- format.html { redirect_to @news_post.news_feed, notice: 'News post was successfully created.' }
- format.json { render :show, status: :created, location: @news_post }
- else
- format.html { render :new }
- format.json { render json: @news_post.errors, status: :unprocessable_entity }
- end
- end
- end
- # PATCH/PUT /news_posts/1
- # PATCH/PUT /news_posts/1.json
- def update
- respond_to do |format|
- if @news_post.update(news_post_params)
- format.html { redirect_to @news_post, notice: 'News post was successfully updated.' }
- format.json { render :show, status: :ok, location: @news_post }
- else
- format.html { render :edit }
- format.json { render json: @news_post.errors, status: :unprocessable_entity }
- end
- end
- end
- # DELETE /news_posts/1
- # DELETE /news_posts/1.json
- def destroy
- @news_post.destroy
- respond_to do |format|
- format.html { redirect_to news_posts_url, notice: 'News post was successfully destroyed.' }
- format.json { head :no_content }
- end
- end
- private
- # Use callbacks to share common setup or constraints between actions.
- def set_news_post
- @news_post = NewsPost.find(params[:id])
- end
- # Never trust parameters from the scary internet, only allow the white list through.
- def news_post_params
- params.require(:news_post).permit(:name, :content, :news_feed_id, :news_feed_type)
- end
- def check_can_edit
- redirect_to root_url unless @news_post.news_feed.can_post_news?(current_user)
- end
- def check_correct_user
- redirect_to root_url unless @news_post.user == current_user
- end
- end
|
