class PostsController < ApplicationController before_action :authenticate_user

1. class PostsController < ApplicationController
2. before_action :authenticate_user!
3. before_action :set_post, only: [:show, :edit, :update, :destroy]
4.  
5. # GET /posts
6. # GET /posts.json
7. def index
8. @posts = Post.page(params[:page]).per(5)
9. end
10.  
11. # GET /posts/1
12. # GET /posts/1.json
13. def show
14. end
15.  
16. # GET /posts/new
17. def new
18. @post = Post.new
19. end
20.  
21. # GET /posts/1/edit
22. def edit
23. end
24.  
25. # POST /posts
26. # POST /posts.json
27. def create
28. @post = Post.new(post_params)
29. @post.author_id = current_user.id
30.  
31. respond_to do |format|
32. if @post.save
33. format.html { redirect_to @post, notice: 'Post was successfully created.' }
34. format.json { render action: 'show', status: :created, location: @post }
35. else
36. format.html { render action: 'new' }
37. format.json { render json: @post.errors, status: :unprocessable_entity }
38. end
39. end
40. end
41.  
42. # PATCH/PUT /posts/1
43. # PATCH/PUT /posts/1.json
44. def update
45. respond_to do |format|
46. if @post.update(post_params)
47. format.html { redirect_to @post, notice: 'Post was successfully updated.' }
48. format.json { head :no_content }
49. else
50. format.html { render action: 'edit' }
51. format.json { render json: @post.errors, status: :unprocessable_entity }
52. end
53. end
54. end
55.  
56. # DELETE /posts/1
57. # DELETE /posts/1.json
58. def destroy
59. @post.destroy
60. respond_to do |format|
61. format.html { redirect_to posts_url }
62. format.json { head :no_content }
63. end
64. end
65.  
66. private
67. # Use callbacks to share common setup or constraints between actions.
68. def set_post
69. @post = Post.find(params[:id])
70. end
71.  
72. # Never trust parameters from the scary internet, only allow the white list through.
73. def post_params
74. params.require(:post).permit(:author_id, :body, :title)
75. end
76. end
77.  
78. class Post < ActiveRecord::Base
79. validates :author_id, presence: true
80.  
81. belongs_to :author,
82. class_name: "User",
83. foreign_key: :author_id,
84. primary_key: :id
85.  
86. has_many :comments, class_name: "Comment"
87. has_many :commenters, through: :comments, source: :user
88.  
89. default_scope { order("created_at DESC") }
90. end
91.  
92. class CommentsController < ApplicationController
93. before_action :authenticate_user!
94. before_filter :load_post
95. before_action :set_comment, only: [:show, :edit, :update, :destroy]
96.  
97. # GET /comments
98. # GET /comments.json
99. def index
100. @comments = @post.comments.all
101. end
102.  
103. # GET /comments/1
104. # GET /comments/1.json
105. def show
106. @comment = @post.comments.find(params[:id])
107. end
108.  
109. # GET /comments/new
110. def new
111. @comment = @post.comments.new
112. end
113.  
114. # GET /comments/1/edit
115. def edit
116. @comment = @post.comments.find(params[:id])
117. end
118.  
119. # POST /comments
120. # POST /comments.json
121. def create
122. @comment = @post.comments.new(comment_params)
123. @comment.author_id = current_user.id
124. @comment.post_id = @post.id
125.  
126. respond_to do |format|
127. if @comment.save
128. format.html { redirect_to @post, notice: 'Comment was successfully created.' }
129. format.json { render action: 'show', status: :created, location: @post }
130. else
131. format.html { render action: 'new' }
132. format.json { render json: @comment.errors, status: :unprocessable_entity }
133. end
134. end
135. end
136.  
137. # PATCH/PUT /comments/1
138. # PATCH/PUT /comments/1.json
139. def update
140. @comment = @post.comments.find(params[:id])
141. respond_to do |format|
142. if @comment.update(comment_params)
143. format.html { redirect_to @post, notice: 'Comment was successfully updated.' }
144. format.json { head :no_content }
145. else
146. format.html { render action: 'edit' }
147. format.json { render json: @comment.errors, status: :unprocessable_entity }
148. end
149. end
150. end
151.  
152. # DELETE /comments/1
153. # DELETE /comments/1.json
154. def destroy
155. @comment = @post.comments.find(params[:id])
156. @comment.destroy
157. respond_to do |format|
158. format.html { redirect_to @post }
159. format.json { head :no_content }
160. end
161. end
162.  
163. private
164. # Use callbacks to share common setup or constraints between actions.
165. def load_post
166. @post = Post.find(params[:post_id])
167. end
168. def set_comment
169. @comment = Comment.find(params[:id])
170. end
171.  
172. # Never trust parameters from the scary internet, only allow the white list through.
173. def comment_params
174. params.require(:comment).permit(:author_id, :post_id, :body, :title)
175. end
176. end
177.  
178. class Comment < ActiveRecord::Base
179. validates :post, :body, presence: true
180.  
181. belongs_to :post,
182. class_name: "Post",
183. foreign_key: :post_id,
184. primary_key: :id
185.  
186. belongs_to :author,
187. class_name: "User",
188. foreign_key: :author_id,
189. primary_key: :id
190.  
191. default_scope { order("created_at DESC") }
192. end
193.  
194. class User < ActiveRecord::Base
195. # Include default devise modules. Others available are:
196. # :confirmable, :lockable, :timeoutable and :omniauthable
197. devise :database_authenticatable, :registerable,
198. :recoverable, :rememberable, :trackable, :validatable
199.  
200. has_many :posts, class_name: "Post", foreign_key: :author_id, primary_key: :id
201. has_many :comments
202. has_many :commented_posts, through: :comments, source: :post
203. end