class PeopleController < ApplicationController before_action :set_person, only: [:show, :edit, :update, :destroy] before_action :require_login! before_action :require_admin!, except: [:show] # GET /people # GET /people.json def index @people = Person.all end # GET /people/1 # GET /people/1.json def show if @person != current_person require_admin! end end # GET /people/new def new @person = Person.new end # GET /people/1/edit def edit end # POST /people # POST /people.json def create @person = Person.new(person_params) respond_to do |format| if @person.save format.html do flash[:success] = "Person was successfully created." redirect_to @person end format.json { render :show, status: :created, location: @person } else format.html { render :new } format.json { render json: @person.errors, status: :unprocessable_entity } end end end # PATCH/PUT /people/1 # PATCH/PUT /people/1.json def update respond_to do |format| if @person.update(person_params) format.html do flash[:success] = "Person was successfully updated." redirect_to @person end format.json { render :show, status: :ok, location: @person } else format.html { render :edit } format.json { render json: @person.errors, status: :unprocessable_entity } end end end # DELETE /people/1 # DELETE /people/1.json def destroy @person.destroy respond_to do |format| format.html do flash[:success] = 'Person was successfully destroyed.' redirect_to people_url end format.json { head :no_content } end end private # Use callbacks to share common setup or constraints between actions. def set_person @person = Person.find(params[:id]) end # Never trust parameters from the scary internet, only allow the white list through. def person_params params.require(:person).permit(:first_name, :infix, :last_name, :email, :birth_date, :is_admin) end end