class BlogPostsController < ApplicationController before_filter :authenticate_user, only: [:edit, :update, :destroy] before_action :set_blog_post, only: [:show, :edit, :update, :destroy] # GET /blog_posts # GET /blog_posts.json def index @blog_posts = BlogPost.order('created_at DESC') end # GET /blog_posts/1 # GET /blog_posts/1.json def show end # GET /blog_posts/new def new @blog_post = BlogPost.new @blog_post.published = true end # GET /blog_posts/1/edit def edit end # POST /blog_posts # POST /blog_posts.json def create @blog_post = BlogPost.new(blog_post_params) @blog_post.update(:author => current_user) respond_to do |format| if @blog_post.save format.html { redirect_to @blog_post, notice: 'Blog post was successfully created.' } format.json { render action: 'show', status: :created, location: @blog_post } else format.html { render action: 'new' } format.json { render json: @blog_post.errors, status: :unprocessable_entity } end end end # PATCH/PUT /blog_posts/1 # PATCH/PUT /blog_posts/1.json def update respond_to do |format| if @blog_post.update(blog_post_params) format.html { redirect_to @blog_post, notice: 'Blog post was successfully updated.' } format.json { head :no_content } else format.html { } format.json { render json: @blog_post.errors, status: :unprocessable_entity } end end end # DELETE /blog_posts/1 # DELETE /blog_posts/1.json def destroy @blog_post.destroy respond_to do |format| format.html { redirect_to blog_posts_url } format.json { head :no_content } end end private # Use callbacks to share common setup or constraints between actions. def set_blog_post @blog_post = BlogPost.friendly.find(params[:id]) end # Never trust parameters from the scary internet, only allow the white list through. def blog_post_params params.require(:blog_post).permit(:title, :slug, :content, :published, :description, :image) end def authenticate_user redirect_to root_path, alert: (t 'admin_panel.permission_denied') unless current_user && current_user.admin? end end