67 lines
1.6 KiB
Ruby
67 lines
1.6 KiB
Ruby
class MessagesController < ApplicationController
|
|
|
|
before_action :require_user, except: [:show]
|
|
after_action :verify_authorized
|
|
|
|
# GET /messages/1.json
|
|
def show
|
|
@message = Message.find(params[:id])
|
|
authorize @message
|
|
|
|
respond_to do |format|
|
|
format.json { render json: @message }
|
|
end
|
|
end
|
|
|
|
# POST /messages
|
|
# POST /messages.json
|
|
def create
|
|
@message = Message.new(message_params)
|
|
@message.user = current_user
|
|
authorize @message
|
|
|
|
respond_to do |format|
|
|
if @message.save
|
|
format.json { render json: @message, status: :created, location: messages_url }
|
|
else
|
|
format.json { render json: @message.errors, status: :unprocessable_entity }
|
|
end
|
|
end
|
|
end
|
|
|
|
# PUT /messages/1
|
|
# PUT /messages/1.json
|
|
def update
|
|
@message = Message.find(params[:id])
|
|
authorize @message
|
|
|
|
respond_to do |format|
|
|
if @message.update_attributes(message_params)
|
|
format.json { head :no_content }
|
|
else
|
|
format.json { render json: @message.errors, status: :unprocessable_entity }
|
|
end
|
|
end
|
|
end
|
|
|
|
# DELETE /messages/1
|
|
# DELETE /messages/1.json
|
|
def destroy
|
|
@message = Message.find(params[:id])
|
|
authorize @message
|
|
|
|
@message.destroy
|
|
|
|
respond_to do |format|
|
|
format.json { head :no_content }
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
# Never trust parameters from the scary internet, only allow the white list through.
|
|
def message_params
|
|
#params.require(:message).permit(:id, :resource_id, :message)
|
|
params.permit(:id, :resource_id, :resource_type, :message)
|
|
end
|
|
end
|