class UpdatesController < ApplicationController

  before_action :authenticate_user!, only: [:new, :create, :edit, :update, :destroy]
  allow_unauthenticated_access(only: [:index, :show])

  def index
    @updates = Update.order(created_at: :desc)
  end

  def show

  end

  def new
  @user = Current.user
  @update = Update.new
  end

  def create
  @update = Update.new(update_params)
    if Updates.save
      redirect_to updates_path, notice: "Update created."
    else
      render :new, status: :unprocessable_entity, notice: "U fucked up somewhere."
    end
  end

  def edit
  end

  def update
    if @update.update(post_params)
      redirect_to updates_path, notice: "Update edited."
    else
      render :edit, status: :unprocessable_entity,  notice: "U fucked up somewhere."
    end
  end

  def destroy
    @update.destroy
    redirect_to updates_path, notice: "Post deleted."
  end

  private


  def update_params
    params.require(:update).permit(:text, :icon_image)
  end
  def set_user
    @user = Current.user
  end

end