Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class ContactsController < ApplicationController
- before_filter :find_contact, :only => [:show, :edit, :update, :destroy]
- permit "owner of contact or admin", :only => [:show, :edit, :update, :destroy]
- # GET /contacts/1
- # GET /contacts/1.xml
- def show
- respond_to do |format|
- format.html # show.html.erb
- format.xml { render :xml => @contact }
- end
- end
- # POST /contacts
- # POST /contacts.xml
- def create
- @contact = Contact.new(params[:contact])
- current_user.is_owner_of @contact
- respond_to do |format|
- if @contact.save
- flash[:notice] = 'Contact was successfully created.'
- format.html { redirect_to(@contact) }
- format.xml { render :xml => @contact, :status => :created, :location => @contact }
- else
- format.html { render :action => "new" }
- format.xml { render :xml => @contact.errors, :status => :unprocessable_entity }
- end
- end
- end
- protected
- def find_contact
- @contact = Contact.find(params[:id])
- end
- end
Add Comment
Please, Sign In to add comment