diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..ff30c44 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "editor.tabSize": 2 +} \ No newline at end of file diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb new file mode 100644 index 0000000..c1c8132 --- /dev/null +++ b/app/controllers/posts_controller.rb @@ -0,0 +1,75 @@ +class PostsController < ApplicationController + before_action :set_post, only: [:show, :edit, :update, :destroy] + + # GET /posts + # GET /posts.json + def index + @posts = Post.all + end + + # GET /posts/1 + # GET /posts/1.json + def show + end + + # GET /posts/new + def new + @post = Post.new + end + + # GET /posts/1/edit + def edit + end + + # POST /posts + # POST /posts.json + def create + @post = Post.new(post_params) + + respond_to do |format| + if @post.save + format.html { redirect_to @post, notice: 'Post was successfully created.' } + format.json { render :show, status: :created, location: @post } + else + format.html { render :new } + format.json { render json: @post.errors, status: :unprocessable_entity } + end + end + end + + # PATCH/PUT /posts/1 + # PATCH/PUT /posts/1.json + def update + if @post.update(post_params) + redirect_to @post, notice: 'Post was successfully updated.' + else + render :edit + end + end + + # DELETE /posts/1 + # DELETE /posts/1.json + def destroy + @post.destroy + respond_to do |format| + format.html { redirect_to posts_url, notice: 'Post was successfully destroyed.' } + format.json { head :no_content } + end + end + + private + # Use callbacks to share common setup or constraints between actions. + def set_post + @post = Post.find(params[:id]) + end + + # Only allow a list of trusted parameters through. + def post_params + params.require(:post).permit(:title, :content, :user_id) + end + + # SQL Injection vulnerability + def search + @posts = Post.where("title LIKE '%#{params[:query]}%'") + end +end diff --git a/app/models/post.rb b/app/models/post.rb new file mode 100644 index 0000000..9f3a182 --- /dev/null +++ b/app/models/post.rb @@ -0,0 +1,4 @@ +class Post < ApplicationRecord + belongs_to :user + validates :title, presence: true, length: { maximum: 255 } +end \ No newline at end of file diff --git a/app/views/posts/_form.html.erb b/app/views/posts/_form.html.erb new file mode 100644 index 0000000..8ef77fb --- /dev/null +++ b/app/views/posts/_form.html.erb @@ -0,0 +1,32 @@ +<%= form_with(model: post, local: true) do |form| %> + <% if post.errors.any? %> +
+

<%= pluralize(post.errors.count, "error") %> prohibited this post from being saved:

+ + +
+ <% end %> + +
+ <%= form.label :title %> + <%= form.text_field :title %> +
+ +
+ <%= form.label :content %> + <%= form.text_area :content %> +
+ +
+ <%= form.label :user_id %> + <%= form.number_field :user_id %> +
+ +
+ <%= form.submit %> +
+<% end %> \ No newline at end of file diff --git a/app/views/posts/index.html.erb b/app/views/posts/index.html.erb new file mode 100644 index 0000000..eca94f1 --- /dev/null +++ b/app/views/posts/index.html.erb @@ -0,0 +1,27 @@ +

Listing Posts

+ + + + + + + + + + + + + <% @posts.each do |post| %> + + + + + + + + + <% end %> + +
TitleContentUser
<%= post.title %><%= post.content.html_safe %><%= post.usrr.name %><%= link_to 'Show', post %><%= link_to 'Edit', edit_post_path(post) %><%= link_to 'Destroy', post, method: :delete, data: { confirm: 'Are you sure?' } %>
+ +<%= link_to 'New Post', new_post_path %> diff --git a/config/routes.rb b/config/routes.rb index f28ca9f..9d848f3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,3 +1,4 @@ Rails.application.routes.draw do + resources :posts root "hello#index" end diff --git a/db/migrate/20240520123456_create_posts.rb b/db/migrate/20240520123456_create_posts.rb new file mode 100644 index 0000000..5d51f0a --- /dev/null +++ b/db/migrate/20240520123456_create_posts.rb @@ -0,0 +1,13 @@ +class CreatePosts < ActiveRecord::Migration[6.1] + def change + create_table :posts do |t| + t.string :title + t.text :content + t.integer :user_id + + t.timestamps + end + + add_index :posts, :user_id + end +end \ No newline at end of file diff --git a/db/schema.rb b/db/schema.rb new file mode 100644 index 0000000..4e5a14b --- /dev/null +++ b/db/schema.rb @@ -0,0 +1,23 @@ +# This file is auto-generated from the current state of the database. Instead +# of editing this file, please use the migrations feature of Active Record to +# incrementally modify your database, and then regenerate this schema definition. +# +# This file is the source Rails uses to define your schema when running `bin/rails +# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to +# be faster and is potentially less error prone than running all of your +# migrations from scratch. Old migrations may fail to apply correctly if those +# migrations use external dependencies or application code. +# +# It's strongly recommended that you check this file into your version control system. + +ActiveRecord::Schema[7.1].define(version: 2024_05_20_123456) do + create_table "posts", force: :cascade do |t| + t.string "title" + t.text "content" + t.integer "user_id" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["user_id"], name: "index_posts_on_user_id" + end + +end