asegurar request con cancan, close #15

LabPLC · May 30, 2014 · e92f44c · e92f44c
1 parent 2da9887
commit e92f44c
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 24 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :null_session
+  protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format == 'application/json' }
 
   rescue_from CanCan::AccessDenied do |ex|
     redirect_to root_url, :alert => ex.message
@@ -13,5 +13,7 @@ def verified_request?
     else
       super()
     end
+  end
+
 end
-end
+
diff --git a/app/controllers/eventos_controller.rb b/app/controllers/eventos_controller.rb
@@ -1,8 +1,9 @@
 require "net/http"
 class EventosController < ApplicationController
   before_action :set_evento, only: [:show, :edit, :update, :destroy]
-  load_and_authorize_resource
+
   before_action :authenticate_user!, only: [:edit, :new]
+  before_action :verified_request?
 
   # GET /eventos
   # GET /eventos.json
@@ -46,11 +47,14 @@ def create
 
     respond_to do |format|
       if @evento.save
-        format.html { redirect_to @evento, notice: 'Evento Creado Correctamente.' }
-        format.json { render action: 'Ver', status: :created, location: @evento }
+        format.html { redirect_to @evento, notice: 'Evento was successfully created.' }
+        format.json { render action: 'show', status: :created, location: @evento }
       else
-        format.html { render action: 'Nuevo' }
-        format.json { render json: @evento.errors, status: :unprocessable_entity }
+        format.html { render action: 'new' }
+        format.json do
+          puts @evento.errors
+          render json: @evento.errors, status: :unprocessable_entity
+        end
       end
     end
   end
@@ -60,10 +64,10 @@ def create
   def update
     respond_to do |format|
       if @evento.update(evento_params)
-        format.html { redirect_to @evento, notice: 'Evento Actualizado Correctamente.' }
+        format.html { redirect_to @evento, notice: 'Evento was successfully updated.' }
         format.json { head :no_content }
       else
-        format.html { render action: 'Editar' }
+        format.html { render action: 'edit' }
         format.json { render json: @evento.errors, status: :unprocessable_entity }
       end
     end

diff --git a/db/schema.rb b/db/schema.rb
@@ -13,21 +13,6 @@
 
 ActiveRecord::Schema.define(version: 20140528223333) do
 
-  create_table "active_admin_comments", force: true do |t|
-    t.string   "namespace"
-    t.text     "body"
-    t.string   "resource_id",   null: false
-    t.string   "resource_type", null: false
-    t.integer  "author_id"
-    t.string   "author_type"
-    t.datetime "created_at"
-    t.datetime "updated_at"
-  end
-
-  add_index "active_admin_comments", ["author_type", "author_id"], name: "index_active_admin_comments_on_author_type_and_author_id"
-  add_index "active_admin_comments", ["namespace"], name: "index_active_admin_comments_on_namespace"
-  add_index "active_admin_comments", ["resource_type", "resource_id"], name: "index_active_admin_comments_on_resource_type_and_resource_id"
-
   create_table "admin_users", force: true do |t|
     t.string   "email",                  default: "", null: false
     t.string   "encrypted_password",     default: "", null: false