socialforge/app/controllers/dynamic_news_controller.rb

class DynamicNewsController < ApplicationController
  layout 'admin', only: [:new, :destroy, :edit]

  before_filter :require_admin, :except => [:index, :show]
  before_filter :find_dynamic_new, :only => [:destroy, :edit, :update]

  def index
  end

  def new
    @category_id = params[:category_id] || 0
    @dynamic_new = DynamicNew.new
  end

  def create
    tmp_file = params[:cover]
    @dynamic_new = DynamicNew.new(params[:dynamic_new])
    begin
      identity = SecureRandom.uuid
      unless tmp_file.nil?
        File.open(Rails.root.join('public', 'images', 'dynamic_new', identity.to_s+'.png'), 'wb') do |file|
          file.write(tmp_file.read)
        end
        @dynamic_new.cover_remote_url = "/images/dynamic_new/#{identity}.png"
      end
      # TODO: 如下警告信息导致值写不进库
      # WARNING: Can't mass-assign protected attributes: simple_intruduce,
      @dynamic_new.simple_intruduce = params[:dynamic_new][:simple_intruduce]
      if @dynamic_new.save!
        redirect_to admin_dynamic_news_path
      else
        render :action => 'new'
      end

    rescue => e
      logger.info e
      render 'new'
    end
  end

  def destroy
    @dynamic_new.destroy
    redirect_to admin_dynamic_news_path
  end

  def edit
  end

  def update
    @dynamic_new.update_attributes!(params[:dynamic_new])
    redirect_to admin_dynamic_news_path
  end

  def show
  end

  private
  def find_dynamic_new
    @dynamic_new = DynamicNew.find params[:id]
  end
end