first commit, largely copied volunteers

app/controllers/application_controller.rb

@@ -0,0 +1,18 @@
+class ApplicationController < ActionController::Base
+  before_action :configure_permitted_parameters, if: :devise_controller?
+
+  include Pundit::Authorization
+  alias :current_user :current_member
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+
+  protected
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
+  end
+
+  def user_not_authorized
+    flash[:alert] = "You are not authorized to perform this action."
+    redirect_back(fallback_location: root_path)
+  end
+end

app/controllers/members_controller.rb

@@ -0,0 +1,59 @@
+class MembersController < ApplicationController
+  before_action :set_member, only: %i[ show edit update destroy ]
+
+  # GET /members
+  def index
+    @members = Member.public_scope.
+                page params[:page]
+  end
+
+  def timeline
+    @members = Member.visible_scope.order(:name).page params[:page]
+  end
+
+  # GET /members/1
+  def show
+  end
+
+  # GET /members/1/edit
+  def edit
+  end
+
+  # POST /members
+  def create
+    @member = Member.new(member_params)
+
+    if @member.save
+      redirect_to @member, notice: "Member was successfully created."
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  # PATCH/PUT /members/1
+  def update
+    if @member.update(member_params)
+      redirect_to @member, notice: "Member was successfully updated."
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  # DELETE /members/1
+  def destroy
+    @member.destroy
+    redirect_to members_url, notice: "Member was successfully destroyed."
+  end
+
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_member
+      @member = Member.find(params[:id])
+    end
+
+    # Only allow a list of trusted parameters through.
+    def member_params
+      params.require(:member).permit(:name, :public, :bio , :picture,
+                                    :picture_cache )
+    end
+end

app/controllers/pictures_controller.rb

@@ -0,0 +1,56 @@
+class PicturesController < ApplicationController
+  before_action :set_picture, only: %i[ show edit update destroy ]
+
+  def index
+    @q = Picture.ransack(params[:q])
+    @q.sorts = 'created_at desc' if @q.sorts.empty?
+    @pictures = @q.result(distinct: true).page( params[:page])
+  end
+
+  def show
+  end
+
+  def new
+    @picture = Picture.new
+  end
+
+  def edit
+    authorize @picture
+  end
+
+  def create
+    @picture = Picture.new(picture_params)
+    @picture.member = current_member
+
+    if @picture.save
+      redirect_to @picture, notice: "Picture was successfully created."
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def update
+    authorize @picture
+    if @picture.update(picture_params)
+      redirect_to @picture, notice: "Picture was successfully updated."
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    authorize @picture
+    @picture.destroy
+    redirect_to pictures_url, notice: "Picture was successfully destroyed."
+  end
+
+  private
+    def set_picture
+      @picture = Picture.find(params[:id])
+    end
+
+    def picture_params
+      params.require(:picture).permit(:picture,:picture_cache ,:text,
+                            :happened , :member_id)
+    end
+end

app/controllers/registrations_controller.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+class RegistrationsController < Devise::RegistrationsController
+  # before_action :configure_sign_up_params, only: [:create]
+  # before_action :configure_account_update_params, only: [:update]
+  prepend_before_action :authenticate_scope!, only: [:edit_email]
+
+  def new
+    build_resource
+    super
+  end
+
+  def create
+    if message = math_check
+      puts message
+      flash.now.alert = message
+      build_resource(sign_up_params)
+      render :new
+    else
+      super
+    end
+  end
+
+  def edit_email
+    build_resource
+  end
+
+  def edit
+    build_resource
+    super
+  end
+
+  def update
+    super
+  end
+
+  protected
+
+  def math_check
+    return "no cheatin" unless bot = params[:bot]
+    return "No food" unless fudder = bot[:fudder]
+    key = fudder.to_i / 2
+    answer = bot[:challenge]
+    return "Plase enter the bot challenge" if answer.blank?
+    if( (2*key + 1).to_s != answer )
+      return "Check the maths, tip, it wasn't #{answer}"
+    end
+    nil
+  end
+
+  # If you have extra params to permit, append them to the sanitizer.
+  # def configure_sign_up_params
+  #   devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
+  # end
+
+  # If you have extra params to permit, append them to the sanitizer.
+  # def configure_account_update_params
+  #   devise_parameter_sanitizer.permit(:account_update, keys: [:attribute])
+  # end
+
+  # The path used after sign up.
+  def after_sign_up_path_for(resource)
+    super(resource)
+  end
+
+  # The path used after sign up for inactive accounts.
+  # def after_inactive_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+end

app/controllers/stories_controller.rb

@@ -0,0 +1,55 @@
+class StoriesController < ApplicationController
+  before_action :set_story, only: %i[ show edit update destroy ]
+
+  def index
+    @q = Story.ransack(params[:q])
+    @q.sorts = 'created_at desc' if @q.sorts.empty?
+    @stories = @q.result(distinct: true).page( params[:page])
+  end
+
+  def show
+  end
+
+  def new
+    @story = Story.new
+  end
+
+  def edit
+    authorize @story
+  end
+
+  def create
+    @story = Story.new(story_params)
+    @story.member = current_member
+
+    if @story.save
+      redirect_to @story, notice: "Story was successfully created."
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def update
+    authorize @story
+    if @story.update(story_params)
+      redirect_to @story, notice: "Story was successfully updated."
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    authorize @story
+    @story.destroy
+    redirect_to stories_url, notice: "Story was successfully destroyed."
+  end
+
+  private
+    def set_story
+      @story = Story.find(params[:id])
+    end
+
+    def story_params
+      params.require(:story).permit(:picture,:picture_cache, :header, :text, :happened)
+    end
+end