From f0e5e194f46e1b733b4daf1e48f5719d0289e81f Mon Sep 17 00:00:00 2001
From: Yusuf Sholotan <sholotanyusuf14@gmail.com>
Date: Thu, 19 Oct 2023 07:21:58 +0100
Subject: [PATCH 1/3] Implement UI (delete button for foods)

---
 app/views/food/index.html.erb | 8 ++++++--
 config/routes.rb              | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/views/food/index.html.erb b/app/views/food/index.html.erb
index 0c99243..9e1c765 100644
--- a/app/views/food/index.html.erb
+++ b/app/views/food/index.html.erb
@@ -25,8 +25,12 @@
       <tr>
         <td><%= food.name %></td>
         <td><%= food.measurement_unit %></td>
-        <td><%= food.price %></td>
-        <td><%= food.quantity %></td>
+        <td>&#x20A6; <%= food.price %></td>
+       <td> <%= button_to "Delete", food_path(food), method: :delete,
+         data: { turbo_method: :delete, 
+         confirm: "Are you sure?", 
+         turbo_confirm: "Are you sure?" }, 
+         class: 'btn btn-link' %><td>
       </tr>
     <% end %>
   </tbody>
diff --git a/config/routes.rb b/config/routes.rb
index 501fd8e..5a0027d 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -2,7 +2,7 @@
   root 'food#index'
   devise_for :users
 
-  resources :food, only: [:index, :new, :create] do
+  resources :food, only: [:index, :show, :new, :create, :destroy] do
     resources :recipe, controller: 'recipe' do
       post 'add_ingredient_to_recipe', on: :member
     end

From a7b29f07c6d78bde92916e51644a27c8c041469a Mon Sep 17 00:00:00 2001
From: Yusuf Sholotan <sholotanyusuf14@gmail.com>
Date: Thu, 19 Oct 2023 15:08:32 +0100
Subject: [PATCH 2/3] Set up authorization

---
 app/controllers/food_controller.rb |  1 +
 app/models/ability.rb              | 32 ++++++++++++++++++++++++++++++
 app/views/food/index.html.erb      |  8 +++-----
 3 files changed, 36 insertions(+), 5 deletions(-)
 create mode 100644 app/models/ability.rb

diff --git a/app/controllers/food_controller.rb b/app/controllers/food_controller.rb
index 79151ef..c27faf1 100644
--- a/app/controllers/food_controller.rb
+++ b/app/controllers/food_controller.rb
@@ -1,4 +1,5 @@
 class FoodController < ApplicationController
+  load_and_authorize_resource
   def new
     @food = Food.new
   end
diff --git a/app/models/ability.rb b/app/models/ability.rb
new file mode 100644
index 0000000..db2b48f
--- /dev/null
+++ b/app/models/ability.rb
@@ -0,0 +1,32 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    user ||= User.new
+    can :manage, Food, user_id: user.id
+    # Define abilities for the user here. For example:
+    #
+    #   return unless user.present?
+    #   can :read, :all
+    #   return unless user.admin?
+    #   can :manage, :all
+    #
+    # The first argument to `can` is the action you are giving the user
+    # permission to do.
+    # If you pass :manage it will apply to every action. Other common actions
+    # here are :read, :create, :update and :destroy.
+    #
+    # The second argument is the resource the user can perform the action on.
+    # If you pass :all it will apply to every resource. Otherwise pass a Ruby
+    # class of the resource.
+    #
+    # The third argument is an optional hash of conditions to further filter the
+    # objects.
+    # For example, here the user can only update published articles.
+    #
+    #   can :update, Article, published: true
+    #
+    # See the wiki for details:
+    # https://github.com/CanCanCommunity/cancancan/blob/develop/docs/define_check_abilities.md
+  end
+end
diff --git a/app/views/food/index.html.erb b/app/views/food/index.html.erb
index 9e1c765..9ac5c80 100644
--- a/app/views/food/index.html.erb
+++ b/app/views/food/index.html.erb
@@ -26,11 +26,9 @@
         <td><%= food.name %></td>
         <td><%= food.measurement_unit %></td>
         <td>&#x20A6; <%= food.price %></td>
-       <td> <%= button_to "Delete", food_path(food), method: :delete,
-         data: { turbo_method: :delete, 
-         confirm: "Are you sure?", 
-         turbo_confirm: "Are you sure?" }, 
-         class: 'btn btn-link' %><td>
+        <% if can? :manage, food %>
+         <td> <%= button_to "Delete", food_path(food), method: :delete, data: { turbo_method: :delete, confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, class: 'btn btn-link' %><td>
+        <% end %>
       </tr>
     <% end %>
   </tbody>

From 84731feab3093d749266489bd06c5c11619e90ea Mon Sep 17 00:00:00 2001
From: Yusuf Sholotan <sholotanyusuf14@gmail.com>
Date: Thu, 19 Oct 2023 15:48:58 +0100
Subject: [PATCH 3/3] Fix bug (delete functionality)

---
 app/controllers/food_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/food_controller.rb b/app/controllers/food_controller.rb
index c27faf1..ae44a66 100644
--- a/app/controllers/food_controller.rb
+++ b/app/controllers/food_controller.rb
@@ -28,7 +28,7 @@ def destroy
     @food = Food.find(params[:id])
     @food.destroy
 
-    redirect_to food_path, notice: 'Food successfully deleted.'
+    redirect_to food_index_path, notice: 'Food successfully deleted.'
   end
 
   private