diff options
Diffstat (limited to 'guides/code/getting_started/app/controllers')
4 files changed, 23 insertions, 21 deletions
diff --git a/guides/code/getting_started/app/controllers/application_controller.rb b/guides/code/getting_started/app/controllers/application_controller.rb index e8065d9505..d83690e1b9 100644 --- a/guides/code/getting_started/app/controllers/application_controller.rb +++ b/guides/code/getting_started/app/controllers/application_controller.rb @@ -1,3 +1,5 @@ class ApplicationController < ActionController::Base - protect_from_forgery + # Prevent CSRF attacks by raising an exception. + # For APIs, you may want to use :null_session instead. + protect_from_forgery with: :exception end diff --git a/guides/code/getting_started/app/controllers/comments_controller.rb b/guides/code/getting_started/app/controllers/comments_controller.rb index cf3d1be42e..0082e9c8ec 100644 --- a/guides/code/getting_started/app/controllers/comments_controller.rb +++ b/guides/code/getting_started/app/controllers/comments_controller.rb @@ -1,9 +1,10 @@ class CommentsController < ApplicationController - http_basic_authenticate_with :name => "dhh", :password => "secret", :only => :destroy + http_basic_authenticate_with name: "dhh", password: "secret", only: :destroy + def create @post = Post.find(params[:post_id]) - @comment = @post.comments.create(params[:comment]) + @comment = @post.comments.create(params[:comment].permit(:commenter, :body)) redirect_to post_path(@post) end @@ -13,5 +14,4 @@ class CommentsController < ApplicationController @comment.destroy redirect_to post_path(@post) end - end diff --git a/guides/code/getting_started/app/controllers/concerns/.keep b/guides/code/getting_started/app/controllers/concerns/.keep new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/guides/code/getting_started/app/controllers/concerns/.keep diff --git a/guides/code/getting_started/app/controllers/posts_controller.rb b/guides/code/getting_started/app/controllers/posts_controller.rb index b74c66ef13..0398395200 100644 --- a/guides/code/getting_started/app/controllers/posts_controller.rb +++ b/guides/code/getting_started/app/controllers/posts_controller.rb @@ -1,7 +1,7 @@ class PostsController < ApplicationController - http_basic_authenticate_with :name => "dhh", :password => "secret", :except => [:index, :show] - + http_basic_authenticate_with name: "dhh", password: "secret", except: [:index, :show] + def index @posts = Post.all end @@ -10,31 +10,31 @@ class PostsController < ApplicationController @post = Post.find(params[:id]) end - def new - @post = Post.new + def edit + @post = Post.find(params[:id]) end - def create - @post = Post.new(params[:post]) + def update + @post = Post.find(params[:id]) - if @post.save - redirect_to :action => :show, :id => @post.id + if @post.update(params[:post].permit(:title, :text)) + redirect_to action: :show, id: @post.id else - render 'new' + render 'edit' end end - def edit - @post = Post.find(params[:id]) + def new + @post = Post.new end - def update - @post = Post.find(params[:id]) + def create + @post = Post.new(params[:post].permit(:title, :text)) - if @post.update(params[:post]) - redirect_to :action => :show, :id => @post.id + if @post.save + redirect_to action: :show, id: @post.id else - render 'edit' + render 'new' end end @@ -42,6 +42,6 @@ class PostsController < ApplicationController @post = Post.find(params[:id]) @post.destroy - redirect_to :action => :index + redirect_to action: :index end end |