cancan-attr-test/app/controllers/posts_controller.rb

class PostsController < ApplicationController
  load_and_authorize_resource 

  #####
  ## Comment this line to allow guest users to edit and supply random user_ids
  before_filter :authorize_update_for_real, :only => :update
  #####

  # GET /posts
  # GET /posts.json
  def index
    #@posts = Post.all

    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @posts }
    end
  end

  # GET /posts/1
  # GET /posts/1.json
  def show
    #@post = Post.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @post }
    end
  end

  # GET /posts/new
  # GET /posts/new.json
  def new
    #@post = Post.new

    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @post }
    end
  end

  # GET /posts/1/edit
  def edit
    #@post = Post.find(params[:id])
  end

  # POST /posts
  # POST /posts.json
  def create
    #@post = Post.new(params[:post])

    respond_to do |format|
      if @post.save
        format.html { redirect_to posts_url, notice: 'Post was successfully created.' }
        format.json { render json: @post, status: :created, location: @post }
      else
        format.html { render action: "new" }
        format.json { render json: @post.errors, status: :unprocessable_entity }
      end
    end
  end

  def authorize_update_for_real
    @post = Post.find(params[:id])
    @post.assign_attributes(params[:post])
    authorize! :edit, @post
  end

  # PUT /posts/1
  # PUT /posts/1.json
  def update
    #@post = Post.find(params[:id])

    respond_to do |format|
      if @post.update_attributes(params[:post])
        format.html { redirect_to posts_url, notice: 'Post was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @post.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /posts/1
  # DELETE /posts/1.json
  def destroy
    #@post = Post.find(params[:id])
    @post.destroy

    respond_to do |format|
      format.html { redirect_to posts_url }
      format.json { head :no_content }
    end
  end
end
Initial commit 2013-06-28 05:22:16 +00:00			`class PostsController < ApplicationController`
			`load_and_authorize_resource`

			`#####`
			`## Comment this line to allow guest users to edit and supply random user_ids`
			`before_filter :authorize_update_for_real, :only => :update`
			`#####`

			`# GET /posts`
			`# GET /posts.json`
			`def index`
			`#@posts = Post.all`

			`respond_to do \|format\|`
			`format.html # index.html.erb`
			`format.json { render json: @posts }`
			`end`
			`end`

			`# GET /posts/1`
			`# GET /posts/1.json`
			`def show`
			`#@post = Post.find(params[:id])`

			`respond_to do \|format\|`
			`format.html # show.html.erb`
			`format.json { render json: @post }`
			`end`
			`end`

			`# GET /posts/new`
			`# GET /posts/new.json`
			`def new`
			`#@post = Post.new`

			`respond_to do \|format\|`
			`format.html # new.html.erb`
			`format.json { render json: @post }`
			`end`
			`end`

			`# GET /posts/1/edit`
			`def edit`
			`#@post = Post.find(params[:id])`
			`end`

			`# POST /posts`
			`# POST /posts.json`
			`def create`
			`#@post = Post.new(params[:post])`

			`respond_to do \|format\|`
			`if @post.save`
			`format.html { redirect_to posts_url, notice: 'Post was successfully created.' }`
			`format.json { render json: @post, status: :created, location: @post }`
			`else`
			`format.html { render action: "new" }`
			`format.json { render json: @post.errors, status: :unprocessable_entity }`
			`end`
			`end`
			`end`

			`def authorize_update_for_real`
			`@post = Post.find(params[:id])`
			`@post.assign_attributes(params[:post])`
			`authorize! :edit, @post`
			`end`

			`# PUT /posts/1`
			`# PUT /posts/1.json`
			`def update`
			`#@post = Post.find(params[:id])`

			`respond_to do \|format\|`
			`if @post.update_attributes(params[:post])`
			`format.html { redirect_to posts_url, notice: 'Post was successfully updated.' }`
			`format.json { head :no_content }`
			`else`
			`format.html { render action: "edit" }`
			`format.json { render json: @post.errors, status: :unprocessable_entity }`
			`end`
			`end`
			`end`

			`# DELETE /posts/1`
			`# DELETE /posts/1.json`
			`def destroy`
			`#@post = Post.find(params[:id])`
			`@post.destroy`

			`respond_to do \|format\|`
			`format.html { redirect_to posts_url }`
			`format.json { head :no_content }`
			`end`
			`end`
			`end`