]> git.openstreetmap.org Git - rails.git/blob - app/controllers/diary_entry_controller.rb
Get rid of custom CSRF protection for user role changes
[rails.git] / app / controllers / diary_entry_controller.rb
1 class DiaryEntryController < ApplicationController
2   layout 'site', :except => :rss
3
4   before_filter :authorize_web
5   before_filter :set_locale
6   before_filter :require_user, :only => [:new, :edit, :comment, :hide, :hidecomment]
7   before_filter :check_database_readable
8   before_filter :check_database_writable, :only => [:new, :edit]
9   before_filter :require_administrator, :only => [:hide, :hidecomment]
10
11   caches_action :list, :layout => false, :unless => :user_specific_list?
12   caches_action :rss, :layout => true
13   caches_action :view, :layout => false
14   cache_sweeper :diary_sweeper, :only => [:new, :edit, :comment, :hide, :hidecomment]
15
16   def new
17     @title = t 'diary_entry.new.title'
18
19     if params[:diary_entry]
20       @diary_entry = DiaryEntry.new(params[:diary_entry])
21       @diary_entry.user = @user
22
23       if @diary_entry.save
24         default_lang = @user.preferences.where(:k => "diary.default_language").first
25         if default_lang
26           default_lang.v = @diary_entry.language_code
27           default_lang.save!
28         else
29           @user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code)
30         end
31         redirect_to :controller => 'diary_entry', :action => 'list', :display_name => @user.display_name 
32       else
33         render :action => 'edit'
34       end
35     else
36       default_lang = @user.preferences.where(:k => "diary.default_language").first
37       lang_code = default_lang ? default_lang.v : @user.preferred_language
38       @diary_entry = DiaryEntry.new(:language_code => lang_code)
39       render :action => 'edit'
40     end
41   end
42
43   def edit
44     @title= t 'diary_entry.edit.title'
45     @diary_entry = DiaryEntry.find(params[:id])
46
47     if @user != @diary_entry.user
48       redirect_to :controller => 'diary_entry', :action => 'view', :id => params[:id]
49     elsif params[:diary_entry]
50       if @diary_entry.update_attributes(params[:diary_entry])
51         redirect_to :controller => 'diary_entry', :action => 'view', :id => params[:id]
52       end
53     end
54   rescue ActiveRecord::RecordNotFound
55     render :action => "no_such_entry", :status => :not_found
56   end
57
58   def comment
59     @entry = DiaryEntry.find(params[:id])
60     @diary_comment = @entry.comments.build(params[:diary_comment])
61     @diary_comment.user = @user
62     if @diary_comment.save
63       if @diary_comment.user != @entry.user
64         Notifier.diary_comment_notification(@diary_comment).deliver
65       end
66
67       redirect_to :controller => 'diary_entry', :action => 'view', :display_name => @entry.user.display_name, :id => @entry.id
68     else
69       render :action => 'view'
70     end
71   end
72
73   def list
74     if params[:display_name]
75       @this_user = User.active.find_by_display_name(params[:display_name])
76
77       if @this_user
78         @title = t 'diary_entry.list.user_title', :user => @this_user.display_name
79         @entry_pages, @entries = paginate(:diary_entries,
80                                           :conditions => { 
81                                             :user_id => @this_user.id,
82                                             :visible => true 
83                                           },
84                                           :order => 'created_at DESC',
85                                           :per_page => 20)
86       else
87         @title = t'diary_entry.no_such_user.title'
88         @not_found_user = params[:display_name]
89
90         render :action => 'no_such_user', :status => :not_found
91       end
92     elsif params[:language]
93       @title = t 'diary_entry.list.in_language_title', :language => Language.find(params[:language]).english_name
94       @entry_pages, @entries = paginate(:diary_entries, :include => :user,
95                                         :conditions => {
96                                           :users => { :status => ["active", "confirmed"] },
97                                           :visible => true,
98                                           :language_code => params[:language]
99                                         },
100                                         :order => 'created_at DESC',
101                                         :per_page => 20)
102     elsif params[:friends]
103       if @user
104         @title = t 'diary_entry.list.title_friends'
105         @entry_pages, @entries = paginate(:diary_entries, :include => :user,
106                                           :conditions => {
107                                             :user_id => @user.friend_users,
108                                             :visible => true
109                                           },
110                                           :order => 'created_at DESC',
111                                           :per_page => 20)
112       else
113           require_user
114           return     
115       end
116     elsif params[:nearby]
117       if @user
118         @title = t 'diary_entry.list.title_nearby'
119         @entry_pages, @entries = paginate(:diary_entries, :include => :user,
120                                           :conditions => {
121                                             :user_id => @user.nearby,
122                                             :visible => true
123                                           },
124                                           :order => 'created_at DESC',
125                                           :per_page => 20)                                        
126       else
127           require_user
128           return     
129       end                                  
130     else
131       @title = t 'diary_entry.list.title'
132       @entry_pages, @entries = paginate(:diary_entries, :include => :user,
133                                         :conditions => {
134                                           :users => { :status => ["active", "confirmed"] },
135                                           :visible => true
136                                         },
137                                         :order => 'created_at DESC',
138                                         :per_page => 20)
139     end
140   end
141
142   def rss
143     @entries = DiaryEntry.includes(:user).order("created_at DESC").limit(20)
144
145     if params[:display_name]
146       user = User.active.find_by_display_name(params[:display_name])
147
148       if user
149         @entries = user.diary_entries.visible
150         @title = I18n.t('diary_entry.feed.user.title', :user => user.display_name)
151         @description = I18n.t('diary_entry.feed.user.description', :user => user.display_name)
152         @link = "http://#{SERVER_URL}/user/#{user.display_name}/diary"
153       else
154         render :nothing => true, :status => :not_found
155       end
156     elsif params[:language]
157       @entries = @entries.visible.where(:language_code => params[:language]).joins(:user).where(:users => { :status => ["active", "confirmed"] })
158       @title = I18n.t('diary_entry.feed.language.title', :language_name => Language.find(params[:language]).english_name)
159       @description = I18n.t('diary_entry.feed.language.description', :language_name => Language.find(params[:language]).english_name)
160       @link = "http://#{SERVER_URL}/diary/#{params[:language]}"
161     else
162       @entries = @entries.visible.joins(:user).where(:users => { :status => ["active", "confirmed"] })
163       @title = I18n.t('diary_entry.feed.all.title')
164       @description = I18n.t('diary_entry.feed.all.description')
165       @link = "http://#{SERVER_URL}/diary"
166     end
167   end
168
169   def view
170     user = User.active.find_by_display_name(params[:display_name])
171
172     if user
173       @entry = user.diary_entries.visible.where(:id => params[:id]).first
174       if @entry
175         @title = t 'diary_entry.view.title', :user => params[:display_name], :title => @entry.title
176       else
177         @title = t 'diary_entry.no_such_entry.title', :id => params[:id]
178         render :action => 'no_such_entry', :status => :not_found
179       end
180     else
181       @not_found_user = params[:display_name]
182
183       render :action => 'no_such_user', :status => :not_found
184     end
185   end
186
187   def hide
188     entry = DiaryEntry.find(params[:id])
189     entry.update_attributes(:visible => false)
190     redirect_to :action => "list", :display_name => entry.user.display_name
191   end
192
193   def hidecomment
194     comment = DiaryComment.find(params[:comment])
195     comment.update_attributes(:visible => false)
196     redirect_to :action => "view", :display_name => comment.diary_entry.user.display_name, :id => comment.diary_entry.id
197   end
198
199   def comments
200     @this_user = User.active.find_by_display_name(params[:display_name])
201
202     if @this_user
203       @comment_pages, @comments = paginate(:diary_comments,
204                                            :conditions => { :user_id => @this_user },
205                                            :order => 'created_at DESC',
206                                            :per_page => 20)
207       @page = (params[:page] || 1).to_i
208     else
209        @title = t'diary_entry.no_such_user.title'
210        @not_found_user = params[:display_name]
211        render :action => 'no_such_user', :status => :not_found
212     end                                         
213   end  
214 private
215   ##
216   # require that the user is a administrator, or fill out a helpful error message
217   # and return them to the user page.
218   def require_administrator
219     unless @user.administrator?
220       flash[:error] = t('user.filter.not_an_administrator')
221       redirect_to :controller => 'diary_entry', :action => 'view', :display_name => params[:id]
222     end
223   end
224
225   ##
226   # is this list user specific?
227   def user_specific_list?
228     params[:friends] or params[:nearby]
229   end
230 end