leemcalilly/gist:04f3acdac0c9a678bca8 Secret

## gistfile1.rb
class EmployeesController < ApplicationController
  before_filter :require_login
  before_action :set_employee, only: [:show, :edit, :update, :destroy]
  before_action :correct_user, only: [:show, :edit, :update, :destroy]

  # GET /employees
  def index
    @user = current_user
    @employees = @user.employees.to_a
  end

  # GET /employees/1
  def show
    @user = current_user
    @employees = @user.employees.to_a
  end

  # GET /employees/new
  def new
    @employee = Employee.new
  end

  # GET /employees/1/edit
  def edit
  end

  # POST /employees
  def create

    @user = current_user
    @employee = @user.employees.build(employee_params)

    respond_to do |format|
      if @employee.save
        format.html { redirect_to @employee, notice: 'Employee was successfully created.' }
      else
        format.html { render action: 'new' }
      end
    end
  end

  # PATCH/PUT /employees/1
  def update
    respond_to do |format|
      if @employee.update(employee_params)
        format.html { redirect_to @employee, notice: 'Employee was successfully updated.' }
      else
        format.html { render action: 'edit' }
      end
    end
  end

  # DELETE /employees/1
  def destroy
    @employee.destroy
    respond_to do |format|
      format.html { redirect_to employees_url }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_employee
      @employee = Employee.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def employee_params
      params.require(:employee).permit(:first_name, :last_name, :number)
    end

    def correct_user
      @employee = current_user.employees.find_by(id: params[:id])
      redirect_to employees_path if @employee.nil?
    end
end
	class EmployeesController < ApplicationController
	before_filter :require_login
	before_action :set_employee, only: [:show, :edit, :update, :destroy]
	before_action :correct_user, only: [:show, :edit, :update, :destroy]

	# GET /employees
	def index
	@user = current_user
	@employees = @user.employees.to_a
	end

	# GET /employees/1
	def show
	@user = current_user
	@employees = @user.employees.to_a
	end

	# GET /employees/new
	def new
	@employee = Employee.new
	end

	# GET /employees/1/edit
	def edit
	end

	# POST /employees
	def create

	@user = current_user
	@employee = @user.employees.build(employee_params)

	respond_to do \|format\|
	if @employee.save
	format.html { redirect_to @employee, notice: 'Employee was successfully created.' }
	else
	format.html { render action: 'new' }
	end
	end
	end

	# PATCH/PUT /employees/1
	def update
	respond_to do \|format\|
	if @employee.update(employee_params)
	format.html { redirect_to @employee, notice: 'Employee was successfully updated.' }
	else
	format.html { render action: 'edit' }
	end
	end
	end

	# DELETE /employees/1
	def destroy
	@employee.destroy
	respond_to do \|format\|
	format.html { redirect_to employees_url }
	end
	end

	private
	# Use callbacks to share common setup or constraints between actions.
	def set_employee
	@employee = Employee.find(params[:id])
	end

	# Never trust parameters from the scary internet, only allow the white list through.
	def employee_params
	params.require(:employee).permit(:first_name, :last_name, :number)
	end

	def correct_user
	@employee = current_user.employees.find_by(id: params[:id])
	redirect_to employees_path if @employee.nil?
	end
	end