class NewsPostsController < ApplicationController before_action :set_news_post, only: [:show, :edit, :update, :destroy] before_action :check_can_edit, only: [:edit, :update, :destroy] before_action :check_correct_user, only: [:edit, :update] # GET /news_posts/1 # GET /news_posts/1.json def show end # GET /news_posts/1/edit def edit end # POST /news_posts # POST /news_posts.json def create @news_post = NewsPost.new(news_post_params) @news_post.user = current_user respond_to do |format| if @news_post.save format.html { redirect_to @news_post.news_feed, notice: 'News post was successfully created.' } format.json { render :show, status: :created, location: @news_post } else format.html { render :new } format.json { render json: @news_post.errors, status: :unprocessable_entity } end end end # PATCH/PUT /news_posts/1 # PATCH/PUT /news_posts/1.json def update respond_to do |format| if @news_post.update(news_post_params) format.html { redirect_to @news_post, notice: 'News post was successfully updated.' } format.json { render :show, status: :ok, location: @news_post } else format.html { render :edit } format.json { render json: @news_post.errors, status: :unprocessable_entity } end end end # DELETE /news_posts/1 # DELETE /news_posts/1.json def destroy @news_post.destroy respond_to do |format| format.html { redirect_to news_posts_url, notice: 'News post was successfully destroyed.' } format.json { head :no_content } end end private # Use callbacks to share common setup or constraints between actions. def set_news_post @news_post = NewsPost.find(params[:id]) end # Never trust parameters from the scary internet, only allow the white list through. def news_post_params params.require(:news_post).permit(:name, :content, :news_feed_id, :news_feed_type) end def check_can_edit redirect_to root_url unless @news_post.news_feed.can_post_news?(current_user) end def check_correct_user redirect_to root_url unless @news_post.user == current_user end end