class Api::V1::ActivitiesController < ApplicationController before_action :set_activity, only: %i[show update destroy] before_action :check_login before_action :check_owner, only: %i[update destroy] def index render json: Activity.all end def show render json: Activity.find(params[:id]) end def create activity = current_user.created_activities.build(activity_params) if activity.save render json: activity, status: :created else render json: { errors: activity.errors }, status: :unprocessable_entity end end def update if @activity.update(activity_params) render json: @product else render json: @product.erros, status: :unprocessable_entity end end def destroy @activity.destroy head 204 end private # Only allow a trusted parameter "white list" through. def activity_params params.require(:activity).permit(:name, :author_id, :description, :client) end def set_activity @activity = Activity.find(params[:id]) end def check_owner head :forbidden unless @activity.author_id == current_user&.id end end