ПРИЛОЖЕНИЕ А

  def set_product

    @product = Product.find(params[:product_id])

  end

  def characteristic_params

  params.require(:characteristic).permit(:name,:about)

  end

end

class ProductsController < ApplicationController

    before_action :authenticate_user!, except:[:index,:show]

    def index

      @products=Product.order(:created_at).reverse_order.first(3)

      @products_hit=Product.order(:sale).reverse_order.first(3)

    end

    def show

      @product=Product.find(params[:id])

    end

    def new

      @product = Product.new

    end

    def edit

        @product=Product.find(params[:id])

    end

    def update

      @product=Product.find(params[:id])

      if @product.update_attributes(product_params)

        redirect_to @product

      else

        flash[:error] = "Ошибка"

        render :edit

      end

    end

      def create

        @product = Product.new(product_params)

        if @product.save

          redirect_to @product

          flash[:success] =   "Успешно"

        else

            flash[:error] =  "Ошибка"

          render :new

        end

       end

       def destroy

        @product=Product.find(params[:id])

        @product.destroy

        redirect_to  new_search_path

        end

      private  def product_params

        params.require(:product).permit(:name,:body,:firma,:sale,:volume,:picture,:cost,:category_id,:image)

      end  

end

class UsersPageController < ApplicationController

  def index

      @users=User.all

    end

    def show

      @user = User.find(params[:id])

      @boughts = Bought.where(user_id: @user.id)

      @boughts = Bought.where(user_id: @user.id)

    end

 def destroy

     if  current_user.roll =="admin" || current_user.username == @user.username

      @user=User.find(params[:id])

      @user.destroy

      redirect_to "http://localhost:3000/users_page"

     else

      redirect_to "http://localhost:3000/users_page"

     end

 end

    def edit

      @user=User.find(params[:id])

    end

 def update

      @user=User.find(params[:id])

   if  current_user.roll =="admin" || current_user.username == @user.username

       if @user.update_attributes(user_params)

            redirect_to users_page_path

       else

             render :edit

       end

   else

       redirect_to users_page_path

   end

 end

    private  def user_params

      params.require(:user).permit(:email,:username,:roll)

    end

end

class WainsController < ApplicationController

  before_action :set_post, only: [:new,:create, :update,:edit,:show]

  def index

     @wains = Wain.where(user_id: current_user.id)

  End

    def new

      @wain = current_user.wains.build

     end

      def create

        @wain = current_user.wains.build(wain_params)

        @wain.save

          redirect_to wains_path

      end

      def destroy       

        @wain=Wain.find(params[:id])

        @wain.destroy

        redirect_to wains_path     

    end

private  def wain_params

       params.require(:wain).permit(:name,:count,:id_product,:image,:cost)

     end

 def set_post

       @product = Product.find(params[:product_id])

     end    

end

P.S. В Приложении А приведен код только основной части бэкенда программы. Полный код, с клиентской частью, можно посмотреть по следующей ссылке: https://github.com/danusyaaaa/online-shop.