class BlogPostsController < ApplicationController
before_filter :authenticate_user, only: [:edit, :update, :destroy]
before_action :set_blog_post, only: [:show, :edit, :update, :destroy]
# GET /blog_posts
# GET /blog_posts.json
def index
@blog_posts = BlogPost.order('created_at DESC')
end
# GET /blog_posts/1
# GET /blog_posts/1.json
def show
end
# GET /blog_posts/new
def new
@blog_post = BlogPost.new
@blog_post.published = true
end
# GET /blog_posts/1/edit
def edit
end
# POST /blog_posts
# POST /blog_posts.json
def create
@blog_post = BlogPost.new(blog_post_params)
@blog_post.update(:author => current_user)
respond_to do |format|
if @blog_post.save
format.html { redirect_to @blog_post, notice: 'Blog post was successfully created.' }
format.json { render action: 'show', status: :created, location: @blog_post }
else
format.html { render action: 'new' }
format.json { render json: @blog_post.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /blog_posts/1
# PATCH/PUT /blog_posts/1.json
def update
respond_to do |format|
if @blog_post.update(blog_post_params)
format.html { redirect_to @blog_post, notice: 'Blog post was successfully updated.' }
format.json { head :no_content }
else
format.html { }
format.json { render json: @blog_post.errors, status: :unprocessable_entity }
end
end
end
# DELETE /blog_posts/1
# DELETE /blog_posts/1.json
def destroy
@blog_post.destroy
respond_to do |format|
format.html { redirect_to blog_posts_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_blog_post
@blog_post = BlogPost.friendly.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def blog_post_params
params.require(:blog_post).permit(:title, :slug, :content, :published, :description, :image)
end
def authenticate_user
redirect_to root_path, alert: (t 'admin_panel.permission_denied') unless current_user && current_user.admin?
end
end