rails 4 and tons of stuff

app/controllers/forums_controller.rb

@@ -1,9 +1,8 @@
 class ForumsController < ApplicationController
-  before_filter :check_permission, only: [:show]
+  before_filter :check_permission, only: [:show, :edit, :update]
 
   def index
-     @groups = Forumgroup.all
-     @groups.select!{|g| g.can_read?(current_user) }
+     @groups = Forumgroup.select {|g| g.can_read?(current_user) }
      @groups.sort_by!{|g| g[:position]}
   end
 
@@ -11,19 +10,36 @@ class ForumsController < ApplicationController
     @threads = @forum.forumthreads.order("sticky desc, updated_at desc")
   end
 
+  def edit
+  end
+
   def new
     if admin?
-      @group = Forumgroup.find(params[:forumgroup])
       @forum = Forum.new(forumgroup: @group)
+      @forum.forumgroup = Forumgroup.find(params[:forumgroup])
     else
       flash[:alert] = "You are not allowed to create a forum."
       redirect_to forums_path
     end
   end
 
+  def update
+    if admin?
+      if @forum.update_attributes(forum_params)
+        flash[:notice] = "Forum updated"
+        redirect_to @forum
+      else
+        flash[:alert] = "Something went wrong"
+      end
+    else
+      flash[:alert] = "You are not allowed to change a forum"
+      redirect_to @forum
+    end
+  end
+
   def create
     if admin?
-      @forum = Forum.new(params[:forum])
+      @forum = Forum.new(forum_params)
       @forum.forumgroup = Forumgroup.find(params[:forum][:forumgroup_id])
       if @forum.save
         flash[:notice] = "Forum created."
@@ -49,5 +65,8 @@ class ForumsController < ApplicationController
     end
   end
 
-
+  def forum_params(add = [])
+    a = [:name, :position, :role_read, :role_write] + add
+    params.require(:forum).permit(a)
+  end
 end