amfischer/products_controller.rb

## products_controller.rb
class ProductsController < ApplicationController
  before_action :set_product, only: [:show, :edit, :update, :destroy]
  load_and_authorize_resource :except => [:index, :show]
  respond_to :json, :html

  # GET /products
  # GET /products.json
  def index
    if ENV['RAILS_ENV'] == "production"
      if params[:q]
        search_term = params[:q]
        @products = Product.where("name ilike ?", "%#{search_term}%")
      else
        @products = Product.all
      end
    else
      if params[:q]
        search_term = params[:q]
        @products = Product.where("name LIKE ?", "%#{search_term}%")
      else
        @products = Product.all
      end
    end
    respond_with @products
  end

  # GET /products/1
  # GET /products/1.json
  def show
    @comments = @product.comments.order('created_at DESC').page(params[:page]).per_page(2)
  end

  # GET /products/new
  def new
    @product = Product.new
  end

  # GET /products/1/edit
  def edit
  end

  # POST /products
  # POST /products.json
  def create
    @product = Product.new(product_params)

    respond_to do |format|
      if @product.save
        format.html { redirect_to @product, notice: 'Product was successfully created.' }
        format.json { render :show, status: :created, location: @product }
      else
        format.html { render :new }
        format.json { render json: @product.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /products/1
  # PATCH/PUT /products/1.json
  def update
    respond_to do |format|
      if @product.update(product_params)
        format.html { redirect_to @product, notice: 'Product was successfully updated.' }
        format.json { render :show, status: :ok, location: @product }
      else
        format.html { render :edit }
        format.json { render json: @product.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /products/1
  # DELETE /products/1.json
  def destroy
    @product.destroy
    respond_to do |format|
      format.html { redirect_to products_url, notice: 'Product was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_product
      @product = Product.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def product_params
      params.require(:product).permit(:name, :description, :image_url, :color, :price)
    end
end

## products_controller_spec.rb
require 'rails_helper'

describe ProductsController, :type => :controller do
	before do
		@admin = FactoryGirl.create(:admin)
		@adminability = Ability.new(@admin)

		@user = FactoryGirl.create(:user)
		@userability = Ability.new(@user)

		@product = FactoryGirl.create(:product)
	end
	context 'GET #index' do
		before do
			get :index
		end
		it 'responds successfully with an HTTP 200 status code' do
			expect(response).to be_success
			expect(response).to have_http_status(200)
		end

		it 'renders the index template' do
			expect(response).to render_template('index')
		end
	end
	context 'GET #show' do
		it 'orders comments from newest to oldest' do
			comment1 = @product.comments.create(rating: 4, user: @user, body: 'test comment')
			comment2 = @product.comments.create(rating: 4, user: @user, body: 'test comment')
			expect(@product.comments.order('created_at DESC')).to eq([comment2, comment1])
		end
	end
	describe 'GET #new' do
		context 'logged in as admin' do
			it 'allows ability to read new products page' do
				expect(@adminability).to be_can(:read, Product.new)
			end
		end
		context 'not logged in as admin' do
			it 'does not allow ability to read new products page' do
				expect(@userability).to be_cannot(:read, Product.new)
			end
			it 'redirects to users index page' do
				sign_in @user
				get :new
				expect(response).to redirect_to(users_path)
			end
		end
	end
	describe 'POST #create' do
		context 'logged in as admin' do
			it 'allows ability to create products' do
				expect(@adminability).to be_can(:create, Product.new)
			end
			it 'successfully creates a new product' do
				sign_in @admin
				get :new
				post :create, product: {name: ''}
				expect(response).to be_success
			end
		end
		context 'not logged in as admin' do
			it 'does not allow ability to create products' do
				expect(@userability).to be_cannot(:create, Product.new)
			end
		end
	end
	describe 'GET #edit' do
		context 'logged in as admin' do
			it 'allows access to edit page' do
				sign_in @admin
				get :edit, id: 1
				expect(response).to be_success
			end
		end
		context 'not logged in as admin' do
			it 'does not allow acces to edit page' do
				sign_in @user
				get :edit, id: 1
				expect(response).to redirect_to(users_path)
			end
		end
	end
	describe 'POST/PATCH #edit' do
		context 'logged in as admin' do
			it 'successfully edits a product' do
				sign_in @admin
				get :edit, id: 1
				post :edit, id:1
				expect(response).to be_success
			end
		end
		context 'not logged in as admin' do
			it 'does not allow product to be edited' do
				sign_in @user
				post :edit, id: 1
				expect(response).to redirect_to(users_path)
			end
		end
	end
	describe 'DELETE #destroy' do
		context 'logged in as admin' do
			it 'successfully deletes a product' do
				sign_in @admin
				delete :destroy, id: 1
				expect(response).to be_success
			end
		end
		context 'not logged in as admin' do
		end
	end
end
	class ProductsController < ApplicationController
	before_action :set_product, only: [:show, :edit, :update, :destroy]
	load_and_authorize_resource :except => [:index, :show]
	respond_to :json, :html

	# GET /products
	# GET /products.json
	def index
	if ENV['RAILS_ENV'] == "production"
	if params[:q]
	search_term = params[:q]
	@products = Product.where("name ilike ?", "%#{search_term}%")
	else
	@products = Product.all
	end
	else
	if params[:q]
	search_term = params[:q]
	@products = Product.where("name LIKE ?", "%#{search_term}%")
	else
	@products = Product.all
	end
	end
	respond_with @products
	end

	# GET /products/1
	# GET /products/1.json
	def show
	@comments = @product.comments.order('created_at DESC').page(params[:page]).per_page(2)
	end

	# GET /products/new
	def new
	@product = Product.new
	end

	# GET /products/1/edit
	def edit
	end

	# POST /products
	# POST /products.json
	def create
	@product = Product.new(product_params)

	respond_to do \|format\|
	if @product.save
	format.html { redirect_to @product, notice: 'Product was successfully created.' }
	format.json { render :show, status: :created, location: @product }
	else
	format.html { render :new }
	format.json { render json: @product.errors, status: :unprocessable_entity }
	end
	end
	end

	# PATCH/PUT /products/1
	# PATCH/PUT /products/1.json
	def update
	respond_to do \|format\|
	if @product.update(product_params)
	format.html { redirect_to @product, notice: 'Product was successfully updated.' }
	format.json { render :show, status: :ok, location: @product }
	else
	format.html { render :edit }
	format.json { render json: @product.errors, status: :unprocessable_entity }
	end
	end
	end

	# DELETE /products/1
	# DELETE /products/1.json
	def destroy
	@product.destroy
	respond_to do \|format\|
	format.html { redirect_to products_url, notice: 'Product was successfully destroyed.' }
	format.json { head :no_content }
	end
	end

	private
	# Use callbacks to share common setup or constraints between actions.
	def set_product
	@product = Product.find(params[:id])
	end

	# Never trust parameters from the scary internet, only allow the white list through.
	def product_params
	params.require(:product).permit(:name, :description, :image_url, :color, :price)
	end
	end
	require 'rails_helper'

	describe ProductsController, :type => :controller do
	before do
	@admin = FactoryGirl.create(:admin)
	@adminability = Ability.new(@admin)

	@user = FactoryGirl.create(:user)
	@userability = Ability.new(@user)

	@product = FactoryGirl.create(:product)
	end
	context 'GET #index' do
	before do
	get :index
	end
	it 'responds successfully with an HTTP 200 status code' do
	expect(response).to be_success
	expect(response).to have_http_status(200)
	end

	it 'renders the index template' do
	expect(response).to render_template('index')
	end
	end
	context 'GET #show' do
	it 'orders comments from newest to oldest' do
	comment1 = @product.comments.create(rating: 4, user: @user, body: 'test comment')
	comment2 = @product.comments.create(rating: 4, user: @user, body: 'test comment')
	expect(@product.comments.order('created_at DESC')).to eq([comment2, comment1])
	end
	end
	describe 'GET #new' do
	context 'logged in as admin' do
	it 'allows ability to read new products page' do
	expect(@adminability).to be_can(:read, Product.new)
	end
	end
	context 'not logged in as admin' do
	it 'does not allow ability to read new products page' do
	expect(@userability).to be_cannot(:read, Product.new)
	end
	it 'redirects to users index page' do
	sign_in @user
	get :new
	expect(response).to redirect_to(users_path)
	end
	end
	end
	describe 'POST #create' do
	context 'logged in as admin' do
	it 'allows ability to create products' do
	expect(@adminability).to be_can(:create, Product.new)
	end
	it 'successfully creates a new product' do
	sign_in @admin
	get :new
	post :create, product: {name: ''}
	expect(response).to be_success
	end
	end
	context 'not logged in as admin' do
	it 'does not allow ability to create products' do
	expect(@userability).to be_cannot(:create, Product.new)
	end
	end
	end
	describe 'GET #edit' do
	context 'logged in as admin' do
	it 'allows access to edit page' do
	sign_in @admin
	get :edit, id: 1
	expect(response).to be_success
	end
	end
	context 'not logged in as admin' do
	it 'does not allow acces to edit page' do
	sign_in @user
	get :edit, id: 1
	expect(response).to redirect_to(users_path)
	end
	end
	end
	describe 'POST/PATCH #edit' do
	context 'logged in as admin' do
	it 'successfully edits a product' do
	sign_in @admin
	get :edit, id: 1
	post :edit, id:1
	expect(response).to be_success
	end
	end
	context 'not logged in as admin' do
	it 'does not allow product to be edited' do
	sign_in @user
	post :edit, id: 1
	expect(response).to redirect_to(users_path)
	end
	end
	end
	describe 'DELETE #destroy' do
	context 'logged in as admin' do
	it 'successfully deletes a product' do
	sign_in @admin
	delete :destroy, id: 1
	expect(response).to be_success
	end
	end
	context 'not logged in as admin' do
	end
	end
	end