mirror of
https://github.com/Growstuff/growstuff.git
synced 2026-01-24 09:17:53 -05:00
a3b7822268
Removed JSON from classes that shouldn't have it. (PT: https://www.pivotaltracker.com/story/show/54570954) Also found a couple of controllers with broken authorization (i.e. not checking CanCan). Incidentally, this also fixes the comment form bug at https://www.pivotaltracker.com/story/show/54328716.
71 lines
1.4 KiB
Ruby
71 lines
1.4 KiB
Ruby
class ProductsController < ApplicationController
|
|
load_and_authorize_resource
|
|
# GET /products
|
|
def index
|
|
@products = Product.all
|
|
|
|
respond_to do |format|
|
|
format.html # index.html.erb
|
|
end
|
|
end
|
|
|
|
# GET /products/1
|
|
def show
|
|
@product = Product.find(params[:id])
|
|
|
|
respond_to do |format|
|
|
format.html # show.html.erb
|
|
end
|
|
end
|
|
|
|
# GET /products/new
|
|
def new
|
|
@product = Product.new
|
|
|
|
respond_to do |format|
|
|
format.html # new.html.erb
|
|
end
|
|
end
|
|
|
|
# GET /products/1/edit
|
|
def edit
|
|
@product = Product.find(params[:id])
|
|
end
|
|
|
|
# POST /products
|
|
def create
|
|
@product = Product.new(params[:product])
|
|
|
|
respond_to do |format|
|
|
if @product.save
|
|
format.html { redirect_to @product, notice: 'Product was successfully created.' }
|
|
else
|
|
format.html { render action: "new" }
|
|
end
|
|
end
|
|
end
|
|
|
|
# PUT /products/1
|
|
def update
|
|
@product = Product.find(params[:id])
|
|
|
|
respond_to do |format|
|
|
if @product.update_attributes(params[:product])
|
|
format.html { redirect_to @product, notice: 'Product was successfully updated.' }
|
|
else
|
|
format.html { render action: "edit" }
|
|
end
|
|
end
|
|
end
|
|
|
|
# DELETE /products/1
|
|
def destroy
|
|
@product = Product.find(params[:id])
|
|
@product.destroy
|
|
|
|
respond_to do |format|
|
|
format.html { redirect_to products_url }
|
|
end
|
|
end
|
|
end
|