class AppsController < ApplicationController before_action :set_app, only: [:show, :edit, :update, :destroy] skip_before_action :verify_authenticity_token, only: [:create] # GET /apps # GET /apps.json def index @apps = App.all end # GET /apps/1 # GET /apps/1.json def show end # GET /apps/new def new @app = App.new end # GET /apps/1/edit def edit end # POST /apps # POST /apps.json def create @app = App.new(app_params) @app.name = SecureRandom.hex @app.user = User.find_by_token(params[:token]) if !@app.user (render :jsonapi_errors => [{ title: 'Invalid Authorization Token', detail: 'Invalid token. Try logging in again.' }]) and return end respond_to do |format| if @app.save format.html { redirect_to @app, notice: 'App was successfully created.' } #format.json { render :show, status: :created, location: @app } format.json { render jsonapi: @app } else format.html { render :new } format.json { render jsonapi_errors: @app.errors } end end end # PATCH/PUT /apps/1 # PATCH/PUT /apps/1.json def update respond_to do |format| if @app.update(app_params) format.html { redirect_to @app, notice: 'App was successfully updated.' } format.json { render :show, status: :ok, location: @app } else format.html { render :edit } format.json { render json: @app.errors, status: :unprocessable_entity } end end end # DELETE /apps/1 # DELETE /apps/1.json def destroy @app.destroy respond_to do |format| format.html { redirect_to apps_url, notice: 'App was successfully destroyed.' } format.json { head :no_content } end end private # Use callbacks to share common setup or constraints between actions. def set_app @app = App.find(params[:id]) end # Never trust parameters from the scary internet, only allow the white list through. def app_params params.require(:app).permit(:name) end end