widgets_controller.rb in georgia-0.8.0

- old
+ new

@@ -1,22 +1,23 @@
 module Georgia
   class WidgetsController < ApplicationController
 
-    load_and_authorize_resource class: Georgia::Widget
-
     def index
+      authorize Widget
       @widgets = Widget.order(:created_at).page(params[:page]).in_groups_of(4, false)
       @widget = Widget.new
       @widget.contents.build(locale: current_locale)
     end
 
     def edit
       @widget = Widget.find(params[:id])
+      authorize @widget
     end
 
     def create
-      @widget = Widget.new(params[:widget])
+      @widget = Widget.new(widget_params)
+      authorize @widget
 
       if @widget.save
         respond_to do |format|
           format.html { redirect_to widgets_url, notice: "Widget was successfully updated." }
           format.js { render layout: false }
@@ -30,11 +31,13 @@
 
     end
 
     def update
       @widget = Widget.find(params[:id])
-      if @widget.update_attributes(params[:widget])
+      authorize @widget
+
+      if @widget.update(widget_params)
         respond_to do |format|
           format.html { redirect_to widgets_url, notice: "Widget was successfully updated." }
           format.js { head :ok }
         end
       else
@@ -45,10 +48,12 @@
       end
     end
 
     def destroy
       @widget = Widget.find(params[:id])
+      authorize @widget
+
       if @widget.destroy
         respond_to do |format|
           format.html { redirect_to widgets_url, notice: "Widget was successfully deleted." }
           format.js { head :ok }
         end
@@ -56,11 +61,15 @@
         respond_to do |format|
           format.html { redirect_to widgets_url, alert: "Oups. Something went wrong." }
           format.js { head :internal_server_error }
         end
       end
+    end
 
+    private
 
+    def widget_params
+      params.require(:widget).permit(:id, :_destroy, contents_attributes: [:locale, :title, :text])
     end
 
   end
 
 end
\ No newline at end of file