class CategoriesController < ApplicationController before_action :set_category, only: %i[ show edit update destroy ] before_action :require_admin, only: %i[ new create update destroy ] # GET /categories or /categories.json def index @categories = Category.all end # GET /categories/1 or /categories/1.json def show end # GET /categories/new def new @category = Category.new end # GET /categories/1/edit def edit end # POST /categories or /categories.json def create @category = Category.new(category_params) respond_to do |format| if @category.save format.html { redirect_to @category, notice: "Category was successfully created." } format.json { render :show, status: :created, location: @category } else format.html { render :new, status: :unprocessable_entity } format.json { render json: @category.errors, status: :unprocessable_entity } end end end # PATCH/PUT /categories/1 or /categories/1.json def update respond_to do |format| if @category.update(category_params) format.html { redirect_to @category, notice: "Category was successfully updated." } format.json { render :show, status: :ok, location: @category } else format.html { render :edit, status: :unprocessable_entity } format.json { render json: @category.errors, status: :unprocessable_entity } end end end # DELETE /categories/1 or /categories/1.json def destroy @category.destroy! respond_to do |format| format.html { redirect_to categories_path, status: :see_other, notice: "Category was successfully destroyed." } format.json { head :no_content } end end private # Use callbacks to share common setup or constraints between actions. def set_category @category = Category.find(params.expect(:id)) end # Only allow a list of trusted parameters through. def category_params params.expect(category: [ :name, :colour, :badge_foreground_colour ]) end def require_admin unless Current.session.user&.is_admin redirect_to root_path, notice: "You must be an admin to perform this action." end end end