diff options
Diffstat (limited to 'guides/code/getting_started/app/controllers')
4 files changed, 33 insertions, 19 deletions
diff --git a/guides/code/getting_started/app/controllers/application_controller.rb b/guides/code/getting_started/app/controllers/application_controller.rb index e8065d9505..d83690e1b9 100644 --- a/guides/code/getting_started/app/controllers/application_controller.rb +++ b/guides/code/getting_started/app/controllers/application_controller.rb @@ -1,3 +1,5 @@ class ApplicationController < ActionController::Base - protect_from_forgery + # Prevent CSRF attacks by raising an exception. + # For APIs, you may want to use :null_session instead. + protect_from_forgery with: :exception end diff --git a/guides/code/getting_started/app/controllers/comments_controller.rb b/guides/code/getting_started/app/controllers/comments_controller.rb index cf3d1be42e..b2d9bcdf7f 100644 --- a/guides/code/getting_started/app/controllers/comments_controller.rb +++ b/guides/code/getting_started/app/controllers/comments_controller.rb @@ -1,9 +1,10 @@ class CommentsController < ApplicationController - http_basic_authenticate_with :name => "dhh", :password => "secret", :only => :destroy + + http_basic_authenticate_with name: "dhh", password: "secret", only: :destroy def create @post = Post.find(params[:post_id]) - @comment = @post.comments.create(params[:comment]) + @comment = @post.comments.create(comment_params) redirect_to post_path(@post) end @@ -14,4 +15,9 @@ class CommentsController < ApplicationController redirect_to post_path(@post) end + private + + def comment_params + params.require(:comment).permit(:commenter, :body) + end end diff --git a/guides/code/getting_started/app/controllers/concerns/.keep b/guides/code/getting_started/app/controllers/concerns/.keep new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/guides/code/getting_started/app/controllers/concerns/.keep diff --git a/guides/code/getting_started/app/controllers/posts_controller.rb b/guides/code/getting_started/app/controllers/posts_controller.rb index a8ac9aba5a..02689ad67b 100644 --- a/guides/code/getting_started/app/controllers/posts_controller.rb +++ b/guides/code/getting_started/app/controllers/posts_controller.rb @@ -1,6 +1,6 @@ class PostsController < ApplicationController - http_basic_authenticate_with :name => "dhh", :password => "secret", :except => [:index, :show] + http_basic_authenticate_with name: "dhh", password: "secret", except: [:index, :show] def index @posts = Post.all @@ -10,31 +10,31 @@ class PostsController < ApplicationController @post = Post.find(params[:id]) end - def new - @post = Post.new + def edit + @post = Post.find(params[:id]) end - def create - @post = Post.new(params[:post]) + def update + @post = Post.find(params[:id]) - if @post.save - redirect_to :action => :show, :id => @post.id + if @post.update(post_params) + redirect_to action: :show, id: @post.id else - render 'new' + render 'edit' end end - def edit - @post = Post.find(params[:id]) + def new + @post = Post.new end - def update - @post = Post.find(params[:id]) + def create + @post = Post.new(post_params) - if @post.update_attributes(params[:post]) - redirect_to :action => :show, :id => @post.id + if @post.save + redirect_to action: :show, id: @post.id else - render 'edit' + render 'new' end end @@ -42,6 +42,12 @@ class PostsController < ApplicationController @post = Post.find(params[:id]) @post.destroy - redirect_to :action => :index + redirect_to action: :index end + + private + + def post_params + params.require(:post).permit(:title, :text) + end end |