app/controllers/diary_comments_controller.rb

   1 class DiaryCommentsController < ApplicationController
   2   layout "site"
   3
   4   before_action :authorize_web
   5   before_action :set_locale
   6   before_action :check_database_readable
   7
   8   authorize_resource
   9
  10   before_action :check_database_writable
  11
  12   allow_thirdparty_images :only => :create
  13
  14   def create
  15     @entry = DiaryEntry.find(params[:id])
  16     @comments = @entry.visible_comments
  17     @diary_comment = @entry.comments.build(comment_params)
  18     @diary_comment.user = current_user
  19     if @diary_comment.save
  20
  21       # Notify current subscribers of the new comment
  22       @entry.subscribers.visible.each do |user|
  23         UserMailer.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user
  24       end
  25
  26       # Add the commenter to the subscribers if necessary
  27       @entry.subscriptions.create(:user => current_user) unless @entry.subscribers.exists?(current_user.id)
  28
  29       redirect_to diary_entry_path(@entry.user, @entry, :anchor => "comment#{@diary_comment.id}")
  30     else
  31       render :action => "new"
  32     end
  33   rescue ActiveRecord::RecordNotFound
  34     render "diary_entries/no_such_entry", :status => :not_found
  35   end
  36
  37   def hide
  38     comment = DiaryComment.find(params[:comment])
  39     comment.update(:visible => false)
  40     redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
  41   end
  42
  43   def unhide
  44     comment = DiaryComment.find(params[:comment])
  45     comment.update(:visible => true)
  46     redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
  47   end
  48
  49   private
  50
  51   ##
  52   # return permitted diary comment parameters
  53   def comment_params
  54     params.require(:diary_comment).permit(:body)
  55   end
  56 end