parsley/app/controllers/recipes_controller.rb

class RecipesController < ApplicationController

  before_action :set_recipe, only: [:show, :edit, :update, :destroy, :scale]

  before_filter :ensure_valid_user, only: [:new, :edit, :create, :update, :destroy]

  # GET /recipes
  def index
    @recipes = Recipe.active
  end

  # GET /recipes/1
  # GET /recipes/1.json
  def show
  end

  # GET /recipes/1
  def scale
    @scale = params[:factor]
    @recipe.scale(@scale, true)
    render :show
  end

  # GET /recipes/new
  def new
    @recipe = Recipe.new
    @recipe.recipe_ingredients << RecipeIngredient.new
  end

  # GET /recipes/1/edit
  def edit
    ensure_owner @recipe
  end

  # POST /recipes
  def create
    @recipe = Recipe.new(recipe_params)
    @recipe.user = current_user

    if @recipe.save
      redirect_to @recipe, notice: 'Recipe was successfully created.'
    else
      render :new
    end
  end

  # PATCH/PUT /recipes/1
  def update
    ensure_owner(@recipe) do
      if @recipe.update(recipe_params)
        redirect_to @recipe, notice: 'Recipe was successfully updated.'
      else
        render :edit
      end
    end
  end

  # DELETE /recipes/1
  def destroy
    ensure_owner(@recipe) do
      @recipe.deleted = true

      if @recipe.save
        redirect_to recipes_url, notice: 'Recipe was successfully destroyed.'
      else
        redirect_to recipes_url, error: 'Recipe could not be destroyed.'
      end
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_recipe
      @recipe = Recipe.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def recipe_params
      params.require(:recipe).permit(:name, :description, :source, :yields, :total_time, :active_time, recipe_ingredients_attributes: [:name, :ingredient_id, :quantity, :units, :preparation, :sort_order, :id, :_destroy], recipe_steps_attributes: [:step, :sort_order, :id, :_destroy])
    end
end