app/controllers/api/v1/items_controller.rb
class API::V1::ItemsController < API::V1::APIController
before_action :authenticate
before_action :set_item, only: [:show, :edit, :update, :destroy]
# GET /items
# GET /items.json
def index
@items = policy_scope(Item)
end
# GET /items/1
# GET /items/1.json
def show
end
# GET /items/new
def new
@item = Item.new
authorize @item
end
# GET /items/1/edit
def edit
end
# POST /items
# POST /items.json
def create
@item = Item.new(item_params)
authorize @item
respond_to do |format|
if @item.save
format.json { render :show, status: :created, location: @item }
else
format.json { render json: @item.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /items/1
# PATCH/PUT /items/1.json
def update
respond_to do |format|
if @item.update(item_params)
format.json { render :show, status: :ok, location: @item }
else
format.json { render json: @item.errors, status: :unprocessable_entity }
end
end
end
# DELETE /items/1
# DELETE /items/1.json
def destroy
@item.destroy
respond_to do |format|
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_item
@item = Item.find(params[:id])
authorize @item
end
# Never trust parameters from the scary internet, only allow the white list through.
def item_params
params.require(:item).permit(:name, :description, :count, :last_used_at, :notification_style, :notification_frequencies, :container_id)
end
end