diff --git a/app/controllers/guidances_controller.rb b/app/controllers/guidances_controller.rb index abb2c1e..21a425c 100644 --- a/app/controllers/guidances_controller.rb +++ b/app/controllers/guidances_controller.rb @@ -1,24 +1,22 @@ class GuidancesController < ApplicationController + after_action :verify_authorized + # GET /guidances - # GET /guidances.json def admin_index authorize Guidance @guidances = policy_scope(Guidance) @guidance_groups = GuidanceGroup.where('organisation_id = ?', current_user.organisation_id ) respond_to do |format| format.html # index.html.erb - format.json { render json: @guidances } end end # GET /guidances/1 - # GET /guidances/1.json def admin_show @guidance = Guidance.find(params[:id]) authorize @guidance respond_to do |format| format.html # show.html.erb - format.json { render json: @guidance } end end @@ -139,7 +137,6 @@ end # POST /guidances - # POST /guidances.json def admin_create @guidance = Guidance.new(params[:guidance]) authorize @guidance @@ -155,16 +152,13 @@ respond_to do |format| if @guidance.save format.html { redirect_to admin_show_guidance_path(@guidance), notice: I18n.t('org_admin.guidance.created_message') } - format.json { render json: @guidance, status: :created, location: @guidance } else format.html { render action: "new" } - format.json { render json: @guidance.errors, status: :unprocessable_entity } end end end # PUT /guidances/1 - # PUT /guidances/1.json def admin_update @guidance = Guidance.find(params[:id]) authorize @guidance @@ -173,24 +167,20 @@ respond_to do |format| if @guidance.update_attributes(params[:guidance]) format.html { redirect_to admin_show_guidance_path(params[:guidance]), notice: I18n.t('org_admin.guidance.updated_message') } - format.json { head :no_content } else format.html { render action: "edit" } - format.json { render json: @guidance.errors, status: :unprocessable_entity } end end end # DELETE /guidances/1 - # DELETE /guidances/1.json def admin_destroy @guidance = Guidance.find(params[:id]) authorize @guidance @guidance.destroy respond_to do |format| format.html { redirect_to admin_index_guidance_path } - format.json { head :no_content } end end diff --git a/app/controllers/organisations_controller.rb b/app/controllers/organisations_controller.rb index 413328f..839d7c4 100644 --- a/app/controllers/organisations_controller.rb +++ b/app/controllers/organisations_controller.rb @@ -1,50 +1,5 @@ class OrganisationsController < ApplicationController -<<<<<<< 38417884f7c8dfce6cb3b255ddd4410f0fba2157 - #after_action :verify_authorized - - # GET /organisations - # GET /organisations.json - def index - #authorize Organisation - @organisations = Organisation.all - - respond_to do |format| - format.html # index.html.erb - format.json { render json: @organisations } - end - end - - # GET /organisations/new - # GET /organisations/new.json - def new - @organisation = Organisation.new - #authorize @organisation - - respond_to do |format| - format.html # new.html.erb - format.json { render json: @organisation } - end - end - - # POST /organisations - # POST /organisations.json - def create - @organisation = Organisation.new(params[:organisation]) - @organisation.logo = param[:organisation][:logo] - respond_to do |format| - if @organisation.save - format.html { redirect_to @organisation, notice: I18n.t("admin.org_created_message") } - format.json { render json: @organisation, status: :created, location: @organisation } - else - format.html { render action: "new" } - format.json { render json: @organisation.errors, status: :unprocessable_entity } - end - end - end - -======= after_action :verify_authorized ->>>>>>> forced auth on organisations_controller. TODO: re-check parent, children, and templates after AJAX removed # GET /organisations/1 def admin_show