Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
86 lines (69 sloc) 1.81 KB
class PostsController < ApplicationController
before_action :set_post, only: [:show, :edit, :update, :destroy]
before_action :require_admin, only: [:new, :edit, :create, :update, :destroy]
# GET /posts
def index
@posts = Post.search_by_title(search_param).default_order
@posts = @posts.select do |post|
(post.author == selected_author || any_author?) && (post.published? || current_admin)
end
end
# GET /posts/1
def show; end
# GET /posts/new
def new
@post = Post.new
end
# GET /posts/1/edit
def edit; end
# POST /posts
def create
@post = Post.new(post_params)
@post.author = current_admin
if @post.save
current_admin.update!(author: true)
redirect_to @post, notice: 'Post was successfully created.'
else
render :new
end
end
# PATCH/PUT /posts/1
def update
if @post.update(post_params)
redirect_to @post, notice: 'Post was successfully updated.'
else
render :edit
end
end
# DELETE /posts/1
def destroy
@post.destroy!
redirect_to posts_url, notice: 'Post was successfully destroyed.'
end
private
# Use callbacks to share common setup or constraints between actions.
def set_post
@post = Post.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def post_params
params.require(:post).permit(:title, :body, :published)
end
def search_param
params[:search]
end
def author_email_param
params[:author]
end
def selected_author
@selected_author ||= Admin.all.select do |admin|
Devise.secure_compare(admin.email, author_email_param)
end.first
end
def any_author?
author_email_param.blank?
end
def require_admin
redirect_to posts_path, notice: 'Not authorized.' unless current_admin
end
end
You can’t perform that action at this time.