attachments_controller.rb in blacklight-spotlight-0.1.0

- old
+ new
@@ -1,65 +1,21 @@
-require_dependency "spotlight/application_controller"
-
 module Spotlight
   class AttachmentsController < ApplicationController
     before_filter :authenticate_user!
-    before_filter do
-      current_user.roles.include? :curator
-    end
+    load_resource :exhibit, class: "Spotlight::Exhibit"
+    load_and_authorize_resource through: :exhibit
 
-    before_action :set_attachment, only: [:show, :edit, :update, :destroy]
-
-    # GET /attachments
-    def index
-      @attachments = Attachment.all
-    end
-
-    # GET /attachments/1
-    def show
-    end
-
-    # GET /attachments/new
-    def new
-      @attachment = Attachment.new
-    end
-
-    # GET /attachments/1/edit
-    def edit
-    end
-
     # POST /attachments
     def create
-      @attachment = Attachment.new(attachment_params)
-
- 
+      @attachment.attributes = attachment_params
       if @attachment.save
         render :json => @attachment
       else
         render action: 'new'
       end
     end
 
-    # PATCH/PUT /attachments/1
-    def update
-      if @attachment.update(attachment_params)
-        redirect_to @attachment, notice: 'Attachment was successfully updated.'
-      else
-        render action: 'edit'
-      end
-    end
-
-    # DELETE /attachments/1
-    def destroy
-      @attachment.destroy
-      redirect_to attachments_url, notice: 'Attachment was successfully destroyed.'
-    end
-
     private
-      # Use callbacks to share common setup or constraints between actions.
-      def set_attachment
-        @attachment = Attachment.find(params[:id])
-      end
 
       # Only allow a trusted parameter "white list" through.
       def attachment_params
         params.require(:attachment).permit(:name, :file, :uid)
       end