voteables_controller.rb
2.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# This example controller assumes you are using the User class from restful_authentication
# and a nested voteable resource. See routes.rb
class VoteablesController < ApplicationController
before_filter :find_user
before_filter :login_required, :only => [:new, :edit, :destroy, :create, :update]
before_filter :must_own_voteable, :only => [:edit, :destroy, :update]
# GET /users/:id/voteables
# GET /users/:id/voteables.xml
def index
@voteable = Voteable.descending
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @voteables }
end
end
# GET /users/:id/voteables/1
# GET /users/:id/voteables/1.xml
def show
@voteable = Voteable.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @voteable }
end
end
# GET /users/:id/voteables/new
# GET /users/:id/voteables/new.xml
def new
@voteable = Voteable.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @voteable }
end
end
# GET /users/:id/voteables/1/edit
def edit
@voteable ||= Voteable.find(params[:id])
end
# POST /users/:id/voteables
# POST /users/:id/voteables.xml
def create
@voteable = Voteable.new(params[:voteable])
@voteable.user = current_user
respond_to do |format|
if @voteable.save
flash[:notice] = 'Voteable was successfully saved.'
format.html { redirect_to([@user, @voteable]) }
format.xml { render :xml => @voteable, :status => :created, :location => @voteable }
else
format.html { render :action => "new" }
format.xml { render :xml => @voteable.errors, :status => :unprocessable_entity }
end
end
end
# PUT /users/:id/voteable/1
# PUT /users/:id/voteable/1.xml
def update
@voteable = Voteable.find(params[:id])
respond_to do |format|
if @quote.update_attributes(params[:voteable])
flash[:notice] = 'Voteable was successfully updated.'
format.html { redirect_to([@user, @voteable]) }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @voteable.errors, :status => :unprocessable_entity }
end
end
end
# DELETE /users/:id/voteable/1
# DELETE /users/:id/voteable/1.xml
def destroy
@voteable = Voteable.find(params[:id])
@voteable.destroy
respond_to do |format|
format.html { redirect_to(user_voteables_url) }
format.xml { head :ok }
end
end
private
def find_user
@user = User.find(params[:user_id])
end
def must_own_voteable
@voteable ||= Voteable.find(params[:id])
@voteable.user == current_user || ownership_violation
end
def ownership_violation
respond_to do |format|
flash[:notice] = 'You cannot edit or delete voteable that you do not own!'
format.html do
redirect_to user_path(current_user)
end
end
end
end