# Event life cycle # This is a central part to this project class EventsController < ApplicationController has_scope :region, :locality, :tag, :daylimit before_action :set_events, only: [:index] before_action :set_event, except: [:index, :new, :preview_create, :create] before_action :set_create_event, only: [:preview_create, :create] before_action :check_secret, only: [:edit, :preview, :update, :destroy] before_action :set_mailer_host rescue_from ActiveRecord::StaleObjectError, with: :locked def index respond_to do |format| format.html { render layout: 'iframe' if params[:iframe] } format.rss { @events = @events.future } format.ics { @events = @events.last_year.includes :region } format.xml { @events = @events.includes :region } end end # GET /events/new def new @event = Event.new start_time: Time.zone.now.change(min: 0) + 1.day, end_time: Time.zone.now.change(min: 0) + 1.day + 1.hour end # POST /events/preview def preview_create @event.valid? render action: :new end # POST /events # POST /events.json def create respond_to do |format| if @event.save format.html { redirect_to :root, notice: t('.ok') } # 201 means :created format.json { render action: 'show', status: 201, location: @event } else format.html { render action: 'new' } # 422 means :unprocessable_entity format.json { render json: @event.errors, status: 422 } end end end # PATCH/PUT /events/1/preview def preview @event.attributes = event_params @event.valid? render action: :edit end # PATCH/PUT /events/1 # PATCH/PUT /events/1.json def update respond_to do |format| if @event.update event_params format.html { redirect_to :root, notice: t('.ok') } format.json { head :no_content } else format.html { render action: 'edit' } # 422 means :unprocessable_entity format.json { render json: @event.errors, status: 422 } end end end # DELETE /events/1 # DELETE /events/1.json def destroy @event.destroy respond_to do |format| format.html { redirect_to :root, notice: t('.ok') } format.json { head :no_content } end end private def set_events @events = apply_scopes Event.moderated end # Use callbacks to share common setup or constraints between actions def set_event if params[:secret].present? @event = Event.where secret: params[:secret] else @event = Event.moderated end @event = @event.find params[:id] end def set_create_event @event = Event.new event_params end # Never trust parameters from the scary internet, only allow the white list # through def event_params params.require(:event) .permit :lock_version, :title, :start_time, :end_time, :description, :place_name, :address, :city, :region_id, :locality, :url, :contact, :submitter, :tags end def locked redirect_to edit_event_url(@event, secret: @event.secret), alert: t('staleObjectError') end # Check that you can only edit an existing event if you know its secret def check_secret redirect_to :root, alert: t(:forbidden, scope: [:events, :edit]) \ unless params[:secret] == @event.secret end end