#43 完了

backend/app/controllers/posts_controller.rb

@@ -3,8 +3,6 @@ require 'nokogiri'
 
 
 class PostsController < ApplicationController
-  before_action :set_post, only: %i[ show update destroy ]
-
   # GET /posts
   def index
     if params[:tags].present?
@@ -71,27 +69,21 @@ class PostsController < ApplicationController
 
   # PATCH/PUT /posts/1
   def update
-    if @post.update(post_params)
-      render json: @post
+    return head :unauthorized unless current_user
+    return head :forbidden unless ['admin', 'member'].include?(current_user.role)
+
+    post = Post.find(params[:id])
+    tag_ids = JSON.parse(params[:tags])
+    if post.update(title: params[:title], tags: Tag.where(id: tag_ids))
+      render({ json:    (post
+                         .as_json(include: { tags: { only: [:id, :name, :category] } })),
+               status:  :created })
     else
-      render json: @post.errors, status: :unprocessable_entity
+      render json: post.errors, status: :unprocessable_entity
     end
   end
 
   # DELETE /posts/1
   def destroy
-    @post.destroy!
-  end
-
-  private
-
-  # Use callbacks to share common setup or constraints between actions.
-  def set_post
-    @post = Post.find(params.expect(:id))
-  end
-
-  # Only allow a list of trusted parameters through.
-  def post_params
-    params.expect(post: [ :title, :body ])
   end
 end