lib/rails/generators/rails/scaffold_controller/templates/controller.rb in railties-3.2.22.5 vs lib/rails/generators/rails/scaffold_controller/templates/controller.rb in railties-4.0.0.beta1

@@ -2,88 +2,67 @@
 require_dependency "<%= namespaced_file_path %>/application_controller"
 
 <% end -%>
 <% module_namespacing do -%>
 class <%= controller_class_name %>Controller < ApplicationController
+  before_action :set_<%= singular_table_name %>, only: [:show, :edit, :update, :destroy]
+
   # GET <%= route_url %>
-  # GET <%= route_url %>.json
   def index
     @<%= plural_table_name %> = <%= orm_class.all(class_name) %>
-
-    respond_to do |format|
-      format.html # index.html.erb
-      format.json { render <%= key_value :json, "@#{plural_table_name}" %> }
-    end
   end
 
   # GET <%= route_url %>/1
-  # GET <%= route_url %>/1.json
   def show
-    @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
-
-    respond_to do |format|
-      format.html # show.html.erb
-      format.json { render <%= key_value :json, "@#{singular_table_name}" %> }
-    end
   end
 
   # GET <%= route_url %>/new
-  # GET <%= route_url %>/new.json
   def new
     @<%= singular_table_name %> = <%= orm_class.build(class_name) %>
-
-    respond_to do |format|
-      format.html # new.html.erb
-      format.json { render <%= key_value :json, "@#{singular_table_name}" %> }
-    end
   end
 
   # GET <%= route_url %>/1/edit
   def edit
-    @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
   end
 
   # POST <%= route_url %>
-  # POST <%= route_url %>.json
   def create
-    @<%= singular_table_name %> = <%= orm_class.build(class_name, "params[:#{singular_table_name}]") %>
+    @<%= singular_table_name %> = <%= orm_class.build(class_name, "#{singular_table_name}_params") %>
 
-    respond_to do |format|
-      if @<%= orm_instance.save %>
-        format.html { redirect_to @<%= singular_table_name %>, <%= key_value :notice, "'#{human_name} was successfully created.'" %> }
-        format.json { render <%= key_value :json, "@#{singular_table_name}" %>, <%= key_value :status, ':created' %>, <%= key_value :location, "@#{singular_table_name}" %> }
-      else
-        format.html { render <%= key_value :action, '"new"' %> }
-        format.json { render <%= key_value :json, "@#{orm_instance.errors}" %>, <%= key_value :status, ':unprocessable_entity' %> }
-      end
+    if @<%= orm_instance.save %>
+      redirect_to @<%= singular_table_name %>, notice: <%= "'#{human_name} was successfully created.'" %>
+    else
+      render action: 'new'
     end
   end
 
-  # PUT <%= route_url %>/1
-  # PUT <%= route_url %>/1.json
+  # PATCH/PUT <%= route_url %>/1
   def update
-    @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
-
-    respond_to do |format|
-      if @<%= orm_instance.update_attributes("params[:#{singular_table_name}]") %>
-        format.html { redirect_to @<%= singular_table_name %>, <%= key_value :notice, "'#{human_name} was successfully updated.'" %> }
-        format.json { head :no_content }
-      else
-        format.html { render <%= key_value :action, '"edit"' %> }
-        format.json { render <%= key_value :json, "@#{orm_instance.errors}" %>, <%= key_value :status, ':unprocessable_entity' %> }
-      end
+    if @<%= orm_instance.update("#{singular_table_name}_params") %>
+      redirect_to @<%= singular_table_name %>, notice: <%= "'#{human_name} was successfully updated.'" %>
+    else
+      render action: 'edit'
     end
   end
 
   # DELETE <%= route_url %>/1
-  # DELETE <%= route_url %>/1.json
   def destroy
-    @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
     @<%= orm_instance.destroy %>
+    redirect_to <%= index_helper %>_url, notice: <%= "'#{human_name} was successfully destroyed.'" %>
+  end
 
-    respond_to do |format|
-      format.html { redirect_to <%= index_helper %>_url }
-      format.json { head :no_content }
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
     end
-  end
+
+    # Never trust parameters from the scary internet, only allow the white list through.
+    def <%= "#{singular_table_name}_params" %>
+      <%- if attributes_names.empty? -%>
+      params[<%= ":#{singular_table_name}" %>]
+      <%- else -%>
+      params.require(<%= ":#{singular_table_name}" %>).permit(<%= attributes_names.map { |name| ":#{name}" }.join(', ') %>)
+      <%- end -%>
+    end
 end
 <% end -%>