Permalink
Browse files

Enforce parameters on update, auth condition

  • Loading branch information...
michaelsimon committed May 1, 2016
1 parent 554b671 commit 7d7bdfd079b7dc2023e7fdc21bde2dbc8a5913a3
@@ -1,15 +1,15 @@
class ActsController < ApplicationController
get '/acts/?', :auth => :user_id do
get '/acts/?', :auth => true do
@acts = Act.all
erb :"acts/index"
end
get '/acts/new/?', :auth => :user_id do
get '/acts/new/?', :auth => true do
erb :"acts/new"
end
get '/acts/:slug/?', :auth => :user_id do
get '/acts/:slug/?', :auth => true do
@act = Act.find_by_slug(params[:slug])
if @act
erb :"acts/detail"
@@ -19,7 +19,7 @@ class ActsController < ApplicationController
end
end
get '/acts/:slug/edit/?', :auth => :user_id do
get '/acts/:slug/edit/?', :auth => true do
@act = Act.find_by_slug(params[:slug])
if @act
if @act.user_id == session[:user_id]
@@ -34,7 +34,7 @@ class ActsController < ApplicationController
end
end
get '/acts/:slug/delete/?', :auth => :user_id do
get '/acts/:slug/delete/?', :auth => true do
@act = Act.find_by_slug(params[:slug])
if @act
if @act.user_id == session[:user_id]
@@ -50,7 +50,7 @@ class ActsController < ApplicationController
redirect to '/acts'
end
post '/acts', :auth => :user_id do
post '/acts', :auth => true do
@act = Act.create(params)
if @act
redirect to "/acts/#{@act.slug}"
@@ -60,10 +60,10 @@ class ActsController < ApplicationController
end
end
post '/acts/:slug', :auth => :user_id do
post '/acts/:slug', :auth => true do
@act = Act.find_by_slug(params[:slug])
if @act
if @act.update(params.except("splat","captures","slug"))
if @act.update(name: params[:name], description: params[:description], size: params[:size], location: params[:location], website: params[:website])
redirect to "/acts/#{@act.slug}"
else
flash[:error] = "Unable to update act, please try again."
@@ -24,9 +24,9 @@ def current_user
end
end
def self.auth user_id
set(:auth) do |boolean|
condition do
if !logged_in?
if !logged_in? && boolean == true
flash[:error] = "Please login to perform this action."
redirect to '/sessions/login'
end
@@ -18,7 +18,7 @@ class SessionsController < ApplicationController
end
get '/sessions/logout', :auth => :user_id do
get '/sessions/logout', :auth => true do
session.clear
flash[:success] = "You are now logged out."
redirect to '/'
@@ -1,17 +1,17 @@
class ShowsController < ApplicationController
get '/shows/?', :auth => :user_id do
get '/shows/?', :auth => true do
@shows = Show.all
erb :"shows/index"
end
get '/shows/new/?', :auth => :user_id do
get '/shows/new/?', :auth => true do
@venues = Venue.all
@acts = Act.all
erb :"shows/new"
end
get '/shows/:id/?', :auth => :user_id do
get '/shows/:id/?', :auth => true do
@show = Show.find(params[:id])
if @show
erb :"shows/detail"
@@ -21,7 +21,7 @@ class ShowsController < ApplicationController
end
end
get '/shows/:id/edit/?', :auth => :user_id do
get '/shows/:id/edit/?', :auth => true do
@show = Show.find(params[:id])
if @show
if @show.user_id == session[:user_id]
@@ -38,7 +38,7 @@ class ShowsController < ApplicationController
end
end
get '/shows/:id/delete/?', :auth => :user_id do
get '/shows/:id/delete/?', :auth => true do
@show = Show.find(params[:id])
if @show
if @show.user_id == session[:user_id]
@@ -53,7 +53,7 @@ class ShowsController < ApplicationController
redirect to '/shows'
end
post '/shows', :auth => :user_id do
post '/shows', :auth => true do
@show = Show.new(params)
@show.user_id = params[:user_id]
if @show.save
@@ -64,10 +64,10 @@ class ShowsController < ApplicationController
end
end
post '/shows/:id', :auth => :user_id do
post '/shows/:id', :auth => true do
@show = Show.find(params[:id])
if @show
if @show.update(params.except("splat","captures")).valid?
if @show.update(act_id: params[:act_id], venue_id: params[:venue_id], show_date: params[:show_date], tkts_url: params[:tkts_url], description: params[:description], name: params[:name])
redirect to "/shows/#{@show.id}"
else
flash[:error] = "Unable to update show, please try again."
@@ -9,7 +9,7 @@ class UsersController < ApplicationController
end
end
get '/users/edit/?', :auth => :user_id do
get '/users/edit/?', :auth => true do
@user = User.find(session[:user_id])
if @user
erb :"users/edit"
@@ -1,15 +1,15 @@
class VenuesController < ApplicationController
get '/venues/?', :auth => :user_id do
get '/venues/?', :auth => true do
@venues = Venue.all
erb :"venues/index"
end
get '/venues/new/?', :auth => :user_id do
get '/venues/new/?', :auth => true do
erb :"venues/new"
end
get '/venues/:id/?', :auth => :user_id do
get '/venues/:id/?', :auth => true do
@venue = Venue.find(params[:id])
if @venue
erb :"venues/detail"
@@ -19,7 +19,7 @@ class VenuesController < ApplicationController
end
end
get '/venues/:id/edit/?', :auth => :id do
get '/venues/:id/edit/?', :auth => true do
@venue = Venue.find(params[:id])
if @venue
if @venue.user_id == session[:user_id]
@@ -34,7 +34,7 @@ class VenuesController < ApplicationController
end
end
get '/venues/:id/delete/?', :auth => :user_id do
get '/venues/:id/delete/?', :auth => true do
@venue = Venue.find(params[:id])
if @venue
if @venue.user_id == session[:user_id]
@@ -50,7 +50,7 @@ class VenuesController < ApplicationController
redirect to '/venues'
end
post '/venues', :auth => :user_id do
post '/venues', :auth => true do
@venue = Venue.create(params)
if @venue
redirect to "/venues/#{@venue.id}"
@@ -60,10 +60,10 @@ class VenuesController < ApplicationController
end
end
post '/venues/:id', :auth => :user_id do
post '/venues/:id', :auth => true do
@venue = Venue.find(params[:id])
if @venue
if @venue.update(params.except("splat","captures"))
if @venue.update(name: params[:name], address: params[:address], zipcode: params[:zipcode], email: params[:email], website: params[:website])
redirect to "/venues/#{@venue.id}"
else
flash[:error] = "Unable to update venue, please try again."
View
Binary file not shown.

0 comments on commit 7d7bdfd

Please sign in to comment.