borrows_controller.rb

class BorrowsController < ApplicationController
  before_action :signed_in_user, only: [:index,:edit,:update, :destroy]
  before_action :admin_user,     only: :destroy
  
  def index
    @borrow = current_user.borrows.build
  end
  
  def show
    @borrow = Borrow.find(params[:id])
  end
  
  def new
    @borrow = current_user.borrows.build
  end
  
  def create
    @borrow = current_user.posts.build(borrow_params)
    if @burrow.save
      flash[:success] = "Borrowing a book was successful!"
      redirect_to @borrow
    else
      render current_user
    end
  end
  
  
  
 
  # Private section, makes the page unable to be seen for non logged in users
  private
  def borrow_params
    params.require(:borrow).permit(:user_id, :book_id)
  end
   def admin_user
      redirect_to(root_url) unless current_user.admin?
    end
  # Redirecting not logged in user etc.
  def signed_in_user
    unless signed_in?
      store_location
      redirect_to '/sessions/new', notice: "Please sign in!"
    end
    
  end
  
end

new.html.erb

<% provide(:title, "Burrow a book") %>

<b align="center">Choose the name of a book you want to burrow and enter 'Submit!'</b>

    <%= form_for(@borrow) do |f| %>
            <div class="forms">
                        <%= form_for(@book) do |f| %>
                        <%= f.name %>
                        <% end %>
                        <%= f.submit 'Submit!' %>
                </div>
        <% end %>