votes_controller.rb
3.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# An example controller for "votes" that are nested resources under users. See examples/routes.rb
class VotesController < ApplicationController
# First, figure out our nested scope. User or Voteable?
before_filter :find_votes_for_my_scope, :only => [:index]
before_filter :login_required, :only => [:new, :edit, :destroy, :create, :update]
before_filter :must_own_vote, :only => [:edit, :destroy, :update]
before_filter :not_allowed, :only => [:edit, :update, :new]
# GET /users/:user_id/votes/
# GET /users/:user_id/votes.xml
# GET /users/:user_id/voteables/:voteable_id/votes/
# GET /users/:user_id/voteables/:voteable_id/votes.xml
def index
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @votes }
end
end
# GET /users/:user_id/votes/1
# GET /users/:user_id/votes/1.xml
# GET /users/:user_id/voteables/:voteable_id/votes/1
# GET /users/:user_id/voteables/:voteable_id/1.xml
def show
@voteable = Vote.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @vote }
end
end
# GET /users/:id/votes/new
# GET /users/:id/votes/new.xml
# GET /users/:id/votes/new
# GET /users/:id/votes/new.xml
def new
# Not generally used. Most people want to vote via AJAX calls.
end
# GET /users/:id/votes/1/edit
def edit
# Not generally used. Most people don't want to allow editing of votes.
end
# POST /users/:user_id/voteables/:voteable_id/votes
# POST /users/:user_id/voteables/:voteable_id/votes.xml
def create
@voteable = Voteable.find(params[:quote_id])
respond_to do |format|
if current_user.vote(@voteable, params[:vote])
format.rjs { render :action => "create", :vote => @vote }
format.html { redirect_to([@voteable.user, @voteable]) }
format.xml { render :xml => @voteable, :status => :created, :location => @voteable }
else
format.rjs { render :action => "error" }
format.html { render :action => "new" }
format.xml { render :xml => @vote.errors, :status => :unprocessable_entity }
end
end
end
# PUT /users/:id/votes/1
# PUT /users/:id/votes/1.xml
def update
# Not generally used
end
# DELETE /users/:id/votes/1
# DELETE /users/:id/votes/1.xml
def destroy
@vote = Vote.find(params[:id])
@vote.destroy
respond_to do |format|
format.html { redirect_to(user_votes_url) }
format.xml { head :ok }
end
end
private
def find_votes_for_my_scope
if params[:voteable_id]
@votes = Vote.for_voteable(Voteable.find(params[:voteable_id])).descending
elsif params[:user_id]
@votes = Vote.for_voter(User.find(params[:user_id])).descending
else
@votes = []
end
end
def must_own_vote
@vote ||= Vote.find(params[:id])
@vote.user == current_user || ownership_violation
end
def ownership_violation
respond_to do |format|
flash[:notice] = 'You cannot edit or delete votes that you do not own!'
format.html do
redirect_to user_path(current_user)
end
end
end
end