agenda-libre-ruby/app/controllers/events_controller.rb

class EventsController < ApplicationController
  before_action :set_event, only: [:show, :edit, :update, :cancel, :destroy]
  before_action :check_secret, only: [:edit, :update, :cancel, :destroy]
  before_filter :set_mailer_host

  def index
    @events = Event.moderated
    if (params[:region] && params[:region].present? && params[:region] != 'all')
      @events = @events.region(params[:region])
    end
    @events = @events.tag(params[:tag]) if (params[:tag])

    respond_to do |format|
      format.html {
        if (params[:year] and !params[:month])
          # Whole year calendar
          @events = @events.year params[:year]
        else
          @events = @events.month(params[:year] || Date.today.year, params[:month] || Date.today.month)
        end
      }

      format.rss {
        @events = @events.future_30.includes(:related_city)
        @events = @events.limit params[:daylimit] if params[:daylimit]
      }

      format.ics {
        @events = @events.where('start_time > ?', 360.days.ago).order :id
      }
    end
  end

  # GET /users/new
  def new
    @event = Event.new
  end

  # POST /events
  # POST /events.json
  def create
    @event = Event.new(event_params)
    # This is a special case, required to handle the region attribute with same foreign key name
    @event.region = Region.find(params[:event][:region])

    if params[:visu]
      @event.valid?
      render action: :new
      return
    end

    respond_to do |format|
      if @event.save
        # Send an event creation mail to its author
        EventMailer.create(@event).deliver
        # Send a mail to moderators
        ModerationMailer.create(@event).deliver

        format.html { redirect_to @event, notice: t('.ok') }
        format.json { render action: 'show', status: :created, location: @event }
      else
        format.html { render action: 'new' }
        format.json { render json: @event.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /events/1
  # PATCH/PUT /events/1.json
  def update
    # This is a special case, required to handle the region attribute with same foreign key name
    @event.region = Region.find(params[:event][:region])

    if params[:visu]
      @event.attributes = event_params
      @event.valid?
      render action: :edit
      return
    end

    respond_to do |format|
      if @event.update(event_params)
        format.html { redirect_to @event, notice: t('.ok') }
        format.json { head :no_content }
      else
        format.html { render action: 'edit' }
        format.json { render json: @event.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /events/1
  # DELETE /events/1.json
  def destroy
    @event.destroy
    respond_to do |format|
      format.html { redirect_to events_url }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_event
      if (params[:secret].present?)
        @event = Event.where(secret: params[:secret])
      else
        @event = Event.moderated
      end
      @event = @event.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def event_params
      params.require(:event)
        .permit :title, :start_time, :end_time, :description, :city, :locality, :url, :contact, :submitter, :tags
    end

    def check_secret
      if (params[:secret] != @event.secret)
        redirect_to @event, notice: t(:forbidden, scope: [:events, :edit])
      end
    end

    # Useful to manage absolute url in mails
    def set_mailer_host
      ActionMailer::Base.default_url_options[:host] = request.host_with_port
    end
end