From e92f44c69cfa0e157f5e0349bc6377cd8de057e8 Mon Sep 17 00:00:00 2001 From: Juan Carlos Date: Fri, 30 May 2014 13:04:12 -0500 Subject: [PATCH] asegurar request con cancan, close #15 --- app/controllers/application_controller.rb | 6 ++++-- app/controllers/eventos_controller.rb | 18 +++++++++++------- db/schema.rb | 15 --------------- 3 files changed, 15 insertions(+), 24 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1530033..18ad718 100755 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,7 +1,7 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. - protect_from_forgery with: :null_session + protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format == 'application/json' } rescue_from CanCan::AccessDenied do |ex| redirect_to root_url, :alert => ex.message @@ -13,5 +13,7 @@ def verified_request? else super() end + end + end -end + diff --git a/app/controllers/eventos_controller.rb b/app/controllers/eventos_controller.rb index 7600c24..5c1084a 100644 --- a/app/controllers/eventos_controller.rb +++ b/app/controllers/eventos_controller.rb @@ -1,8 +1,9 @@ require "net/http" class EventosController < ApplicationController before_action :set_evento, only: [:show, :edit, :update, :destroy] - load_and_authorize_resource + before_action :authenticate_user!, only: [:edit, :new] + before_action :verified_request? # GET /eventos # GET /eventos.json @@ -46,11 +47,14 @@ def create respond_to do |format| if @evento.save - format.html { redirect_to @evento, notice: 'Evento Creado Correctamente.' } - format.json { render action: 'Ver', status: :created, location: @evento } + format.html { redirect_to @evento, notice: 'Evento was successfully created.' } + format.json { render action: 'show', status: :created, location: @evento } else - format.html { render action: 'Nuevo' } - format.json { render json: @evento.errors, status: :unprocessable_entity } + format.html { render action: 'new' } + format.json do + puts @evento.errors + render json: @evento.errors, status: :unprocessable_entity + end end end end @@ -60,10 +64,10 @@ def create def update respond_to do |format| if @evento.update(evento_params) - format.html { redirect_to @evento, notice: 'Evento Actualizado Correctamente.' } + format.html { redirect_to @evento, notice: 'Evento was successfully updated.' } format.json { head :no_content } else - format.html { render action: 'Editar' } + format.html { render action: 'edit' } format.json { render json: @evento.errors, status: :unprocessable_entity } end end diff --git a/db/schema.rb b/db/schema.rb index fc77ff0..edc9c59 100755 --- a/db/schema.rb +++ b/db/schema.rb @@ -13,21 +13,6 @@ ActiveRecord::Schema.define(version: 20140528223333) do - create_table "active_admin_comments", force: true do |t| - t.string "namespace" - t.text "body" - t.string "resource_id", null: false - t.string "resource_type", null: false - t.integer "author_id" - t.string "author_type" - t.datetime "created_at" - t.datetime "updated_at" - end - - add_index "active_admin_comments", ["author_type", "author_id"], name: "index_active_admin_comments_on_author_type_and_author_id" - add_index "active_admin_comments", ["namespace"], name: "index_active_admin_comments_on_namespace" - add_index "active_admin_comments", ["resource_type", "resource_id"], name: "index_active_admin_comments_on_resource_type_and_resource_id" - create_table "admin_users", force: true do |t| t.string "email", default: "", null: false t.string "encrypted_password", default: "", null: false