added dishes

app/controllers/api/comments_controller.rb

@@ -1,5 +1,7 @@
 module Api
   class CommentsController < ApplicationController
+    skip_before_action :authorize_request, only: [:show, :index]
+
     # GET /restaurants/:restaurant_id/reviews/:review_id/comments
     def index
       @review = Review.find(params[:review_id])  # Find the review by its ID

app/controllers/api/dishes_controller.rb

@@ -0,0 +1,62 @@
+module Api
+  class DishesController < ApplicationController
+    before_action :authorize_business_owner, only: [:create, :update, :destroy]
+    skip_before_action :authorize_request, only: [:show, :index]
+
+    # GET /restaurants/:restaurant_id/dishes
+    def index
+      @restaurant = Restaurant.find(params[:restaurant_id])
+      @dishes = @restaurant.dishes
+      render json: @dishes
+    end
+
+    # GET /dishes/:id
+    def show
+      @dish = Dish.find(params[:id])
+      render json: @dish
+    end
+
+    # POST /restaurants/:restaurant_id/dishes
+    def create
+      @restaurant = Restaurant.find(params[:restaurant_id])
+      @dish = @restaurant.dishes.build(dish_params)
+
+      if @dish.save
+        render json: @dish, status: :created
+      else
+        render json: { errors: @dish.errors.full_messages }, status: :unprocessable_entity
+      end
+    end
+
+    # PATCH/PUT /dishes/:id
+    def update
+      @dish = Dish.find(params[:id])
+
+      if @dish.update(dish_params)
+        render json: @dish
+      else
+        render json: { errors: @dish.errors.full_messages }, status: :unprocessable_entity
+      end
+    end
+
+    # DELETE /dishes/:id
+    def destroy
+      @dish = Dish.find(params[:id])
+      @dish.destroy
+      head :no_content
+    end
+
+    private
+
+    def dish_params
+      params.require(:dish).permit(:name, :description, :price)
+    end
+
+    def authorize_business_owner
+      unless @user.role == 'business_owner'
+        render json: { error: 'You are not authorized to perform this action' }, status: :forbidden
+      end
+    end
+
+  end
+end

app/controllers/api/photos_controller.rb

@@ -2,6 +2,8 @@ module Api
   class PhotosController < ApplicationController
     before_action :set_restaurant, only: %i[index create]
     before_action :set_photo, only: %i[show update destroy]
+    before_action :authorize_business_owner, only: [:create, :update, :destroy]
+    skip_before_action :authorize_request, only: [:show, :index]
 
     # GET /restaurants/:restaurant_id/photos
     def index
@@ -66,5 +68,12 @@ def set_photo
     def photo_params
       params.require(:photo).permit(:image)  # Only permit the photo image
     end
+
+    def authorize_business_owner
+      unless @user.role == 'business_owner'
+        render json: { error: 'You are not authorized to perform this action' }, status: :forbidden
+      end
+    end
+
   end
 end

app/controllers/api/restaurants_controller.rb

@@ -1,5 +1,8 @@
 module Api
   class RestaurantsController < ApplicationController
+    before_action :authorize_business_owner, only: [:create, :update, :destroy]
+    skip_before_action :authorize_request, only: [:show, :index]
+
     # GET /restaurants
     def index
       @restaurants = Restaurant.all
@@ -53,6 +56,12 @@ def destroy
 
     private
 
+    def authorize_business_owner
+      unless @user.role == 'business_owner'
+        render json: { error: 'You are not authorized to perform this action' }, status: :forbidden
+      end
+    end
+
     def restaurant_params
       params.require(:restaurant).permit(
         :name,
@@ -66,4 +75,4 @@ def restaurant_params
       )
     end
   end
-end
+end

app/controllers/api/reviews_controller.rb

@@ -1,5 +1,7 @@
 module Api
   class ReviewsController < ApplicationController
+    skip_before_action :authorize_request, only: [:show, :index]
+
     # GET /restaurants/:restaurant_id/reviews
     def index
       @restaurant = Restaurant.find(params[:restaurant_id])

app/controllers/api/users_controller.rb

@@ -1,5 +1,7 @@
 module Api
   class UsersController < ApplicationController
+    skip_before_action :authorize_request, only: [:show, :index]
+
     # GET /users
     def index
       @users = User.all

app/models/dish.rb

@@ -0,0 +1,3 @@
+class Dish < ApplicationRecord
+  belongs_to :restaurant
+end

app/models/restaurant.rb

@@ -2,6 +2,7 @@ class Restaurant < ApplicationRecord
   belongs_to :user # The business owner
   has_many :reviews, dependent: :destroy
   has_many :photos, dependent: :destroy
+  has_many :dishes, dependent: :destroy
 
   # Validations to ensure data consistency
   validates :address, presence: true

config/routes.rb

@@ -12,9 +12,11 @@
         resources :comments, only: [:index, :create]
       end
       resources :photos, only: [:index, :create]
+      resources :dishes, only: [:index, :create]
     end
     resources :reviews, only: [:show, :update, :destroy]
     resources :comments, only: [:show, :update, :destroy]
     resources :photos, only: [:show, :update, :destroy]
+    resources :dishes, only: [:show, :update, :destroy]
   end
 end

db/migrate/20241120182106_create_dishes.rb

@@ -0,0 +1,12 @@
+class CreateDishes < ActiveRecord::Migration[7.1]
+  def change
+    create_table :dishes do |t|
+      t.string :name
+      t.text :description
+      t.decimal :price
+      t.references :restaurant, null: false, foreign_key: true
+
+      t.timestamps
+    end
+  end
+end

test/fixtures/dishes.yml

@@ -0,0 +1,13 @@
+# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+one:
+  name: MyString
+  description: MyText
+  price: 9.99
+  restaurant: one
+
+two:
+  name: MyString
+  description: MyText
+  price: 9.99
+  restaurant: two

test/models/dish_test.rb

@@ -0,0 +1,7 @@
+require "test_helper"
+
+class DishTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end