1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
class AlertsController < ApplicationController
before_action :set_alert, only: [:show, :edit, :update, :destroy]
before_action :check_perms, only: [:new, :create, :edit, :update, :destroy]
# GET /alerts
# GET /alerts.json
def index
@alerts = Alert.all
end
# GET /alerts/1
# GET /alerts/1.json
def show
end
# GET /alerts/new
def new
@alert = Alert.new
end
# GET /alerts/1/edit
def edit
end
# POST /alerts
# POST /alerts.json
def create
@alert = Alert.new(alert_params)
respond_to do |format|
if @alert.save
format.html { redirect_to @alert, notice: 'Alert was successfully created.' }
format.json { render action: 'show', status: :created, location: @alert }
else
format.html { render action: 'new' }
format.json { render json: @alert.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /alerts/1
# PATCH/PUT /alerts/1.json
def update
respond_to do |format|
if @alert.update(alert_params)
format.html { redirect_to @alert, notice: 'Alert was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: @alert.errors, status: :unprocessable_entity }
end
end
end
# DELETE /alerts/1
# DELETE /alerts/1.json
def destroy
@alert.destroy
respond_to do |format|
format.html { redirect_to alerts_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_alert
@alert = Alert.find(params[:id])
end
def check_perms
unless (signed_in? and (current_user.in_group?(:admin) or current_user.in_group?(:host)))
respond_to do |format|
format.html { render action: 'permission_denied', status: :forbidden }
format.json { render json: "Permission denied", status: :forbidden }
end
end
end
# Never trust parameters from the scary internet, only allow the white list through.
def alert_params
params.require(:alert).permit(:author_id, :message)
end
end
|