| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 |
- class PeopleController < ApplicationController
- before_action :set_person, only: [:show, :edit, :update, :destroy]
- before_action :require_login!
- before_action :require_admin!, except: [:show]
- # GET /people
- # GET /people.json
- def index
- @people = Person.all
- end
- # GET /people/1
- # GET /people/1.json
- def show
- if @person != current_person
- require_admin!
- end
- end
- # GET /people/new
- def new
- @person = Person.new
- end
- # GET /people/1/edit
- def edit
- end
- # POST /people
- # POST /people.json
- def create
- @person = Person.new(person_params)
- respond_to do |format|
- if @person.save
- format.html do
- flash_message(:success, I18n.t('person.created'))
- redirect_to @person
- end
- format.json { render :show, status: :created, location: @person }
- else
- format.html { render :new }
- format.json { render json: @person.errors, status: :unprocessable_entity }
- end
- end
- end
- def mass_new
- end
- def mass_create
- require 'csv'
- uploaded_io = params[:spreadsheet]
- result = Person.from_csv(uploaded_io.read)
- flash_message(:success, "#{result.count} people created")
- redirect_to :people
- end
- # PATCH/PUT /people/1
- # PATCH/PUT /people/1.json
- def update
- respond_to do |format|
- if @person.update(person_params)
- format.html do
- flash_message(:success, I18n.t('person.updated'))
- redirect_to @person
- end
- format.json { render :show, status: :ok, location: @person }
- else
- format.html { render :edit }
- format.json { render json: @person.errors, status: :unprocessable_entity }
- end
- end
- end
- # DELETE /people/1
- # DELETE /people/1.json
- def destroy
- @person.destroy
- respond_to do |format|
- format.html do
- flash_message(:success, I18n.t('person.destroyed'))
- redirect_to people_url
- end
- format.json { head :no_content }
- end
- end
- private
- # Use callbacks to share common setup or constraints between actions.
- def set_person
- @person = Person.find(params[:id])
- end
- # Never trust parameters from the scary internet, only allow the white list through.
- def person_params
- params.require(:person).permit(:first_name, :infix, :last_name, :email, :birth_date, :is_admin)
- end
- end
|
