Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013

app/controllers/messages_controller.rb

@@ -0,0 +1,40 @@
+class MessagesController < ApplicationController
+
+  def index
+    @messages = current_user.messages
+  end
+
+  def show
+    @message = Message.where(:id => params[:id]).first
+  end
+
+  def destroy
+    message = Message.where(:id => params[:id]).first
+
+    if message.destroy
+      flash[:success] = "Your message has been deleted."
+      redirect_to user_messages_path(:user_id => current_user.user_id)
+    else
+      flash[:error] = "Could not delete message."
+    end
+  end
+
+  def new
+    @message = Message.new
+  end
+
+  def create
+    if Message.create(params[:message])
+      respond_to do |format|
+        format.html { redirect_to user_messages_path(:user_id => current_user.user_id) }
+        format.json { render :json => {:msg => "success"} }
+      end
+    else
+      respond_to do |format|
+        format.html { redirect_to user_messages_path }
+        format.json { render :json => {:msg => "failure"} }
+      end
+    end
+  end
+
+end