class DiaryEntriesController < ApplicationController
+ include UserMethods
+
layout "site", :except => :rss
before_action :authorize_web
before_action :set_locale
+ before_action :check_database_readable
authorize_resource
before_action :lookup_user, :only => [:show, :comments]
- before_action :check_database_readable
- before_action :check_database_writable, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
- before_action :allow_thirdparty_images, :only => [:new, :edit, :index, :show, :comments]
+ before_action :check_database_writable, :only => [:new, :create, :edit, :update, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
+ before_action :allow_thirdparty_images, :only => [:new, :create, :edit, :update, :index, :show, :comments]
+
+ def index
+ if params[:display_name]
+ @user = User.active.find_by(:display_name => params[:display_name])
+
+ if @user
+ @title = t ".user_title", :user => @user.display_name
+ entries = @user.diary_entries
+ else
+ render_unknown_user params[:display_name]
+ return
+ end
+ elsif params[:friends]
+ if current_user
+ @title = t ".title_friends"
+ entries = DiaryEntry.where(:user => current_user.friends)
+ else
+ require_user
+ return
+ end
+ elsif params[:nearby]
+ if current_user
+ @title = t ".title_nearby"
+ entries = DiaryEntry.where(:user => current_user.nearby)
+ else
+ require_user
+ return
+ end
+ else
+ entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] })
+
+ if params[:language]
+ @title = t ".in_language_title", :language => Language.find(params[:language]).english_name
+ entries = entries.where(:language_code => params[:language])
+ else
+ @title = t ".title"
+ end
+ end
+
+ entries = entries.visible unless can? :unhide, DiaryEntry
+
+ @params = params.permit(:display_name, :friends, :nearby, :language)
+
+ @entries, @newer_entries_id, @older_entries_id = get_page_items(entries, [:user, :language])
+ end
+
+ def show
+ entries = @user.diary_entries
+ entries = entries.visible unless can? :unhide, DiaryEntry
+ @entry = entries.find_by(:id => params[:id])
+ if @entry
+ @title = t ".title", :user => params[:display_name], :title => @entry.title
+ @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments
+ else
+ @title = t "diary_entries.no_such_entry.title", :id => params[:id]
+ render :action => "no_such_entry", :status => :not_found
+ end
+ end
def new
- @title = t "diary_entries.new.title"
+ @title = t ".title"
- if request.post?
- @diary_entry = DiaryEntry.new(entry_params)
- @diary_entry.user = current_user
+ default_lang = current_user.preferences.find_by(:k => "diary.default_language")
+ lang_code = default_lang ? default_lang.v : current_user.preferred_language
+ @diary_entry = DiaryEntry.new(entry_params.merge(:language_code => lang_code))
+ set_map_location
+ render :action => "new"
+ end
- if @diary_entry.save
- default_lang = current_user.preferences.where(:k => "diary.default_language").first
- if default_lang
- default_lang.v = @diary_entry.language_code
- default_lang.save!
- else
- current_user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code)
- end
+ def edit
+ @title = t ".title"
+ @diary_entry = DiaryEntry.find(params[:id])
- # Subscribe user to diary comments
- @diary_entry.subscriptions.create(:user => current_user)
+ redirect_to diary_entry_path(@diary_entry.user, @diary_entry) if current_user != @diary_entry.user
- redirect_to :action => "index", :display_name => current_user.display_name
+ set_map_location
+ rescue ActiveRecord::RecordNotFound
+ render :action => "no_such_entry", :status => :not_found
+ end
+
+ def create
+ @title = t "diary_entries.new.title"
+
+ @diary_entry = DiaryEntry.new(entry_params)
+ @diary_entry.user = current_user
+
+ if @diary_entry.save
+ default_lang = current_user.preferences.find_by(:k => "diary.default_language")
+ if default_lang
+ default_lang.v = @diary_entry.language_code
+ default_lang.save!
else
- render :action => "edit"
+ current_user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code)
end
+
+ # Subscribe user to diary comments
+ @diary_entry.subscriptions.create(:user => current_user)
+
+ redirect_to :action => "index", :display_name => current_user.display_name
else
- default_lang = current_user.preferences.where(:k => "diary.default_language").first
- lang_code = default_lang ? default_lang.v : current_user.preferred_language
- @diary_entry = DiaryEntry.new(entry_params.merge(:language_code => lang_code))
- set_map_location
- render :action => "edit"
+ render :action => "new"
end
end
- def edit
+ def update
@title = t "diary_entries.edit.title"
@diary_entry = DiaryEntry.find(params[:id])
- if current_user != @diary_entry.user
- redirect_to diary_entry_path(@diary_entry.user, @diary_entry)
- elsif params[:diary_entry] && @diary_entry.update(entry_params)
+ if current_user != @diary_entry.user ||
+ (params[:diary_entry] && @diary_entry.update(entry_params))
redirect_to diary_entry_path(@diary_entry.user, @diary_entry)
+ else
+ set_map_location
+ render :action => "edit"
end
-
- set_map_location
rescue ActiveRecord::RecordNotFound
render :action => "no_such_entry", :status => :not_found
end
def comment
@entry = DiaryEntry.find(params[:id])
+ @comments = @entry.visible_comments
@diary_comment = @entry.comments.build(comment_params)
@diary_comment.user = current_user
if @diary_comment.save
# Notify current subscribers of the new comment
@entry.subscribers.visible.each do |user|
- Notifier.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user
+ UserMailer.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user
end
# Add the commenter to the subscribers if necessary
render :action => "no_such_entry", :status => :not_found
end
- def index
- if params[:display_name]
- @user = User.active.find_by(:display_name => params[:display_name])
-
- if @user
- @title = t "diary_entries.index.user_title", :user => @user.display_name
- @entries = @user.diary_entries
- else
- render_unknown_user params[:display_name]
- return
- end
- elsif params[:friends]
- if current_user
- @title = t "diary_entries.index.title_friends"
- @entries = DiaryEntry.where(:user_id => current_user.friend_users)
- else
- require_user
- return
- end
- elsif params[:nearby]
- if current_user
- @title = t "diary_entries.index.title_nearby"
- @entries = DiaryEntry.where(:user_id => current_user.nearby)
- else
- require_user
- return
- end
- else
- @entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] })
-
- if params[:language]
- @title = t "diary_entries.index.in_language_title", :language => Language.find(params[:language]).english_name
- @entries = @entries.where(:language_code => params[:language])
- else
- @title = t "diary_entries.index.title"
- end
- end
-
- @params = params.permit(:display_name, :friends, :nearby, :language)
-
- @page = (params[:page] || 1).to_i
- @page_size = 20
-
- @entries = @entries.visible
- @entries = @entries.order("created_at DESC")
- @entries = @entries.offset((@page - 1) * @page_size)
- @entries = @entries.limit(@page_size)
- @entries = @entries.includes(:user, :language)
- end
-
def rss
if params[:display_name]
user = User.active.find_by(:display_name => params[:display_name])
@entries = user.diary_entries
@title = t("diary_entries.feed.user.title", :user => user.display_name)
@description = t("diary_entries.feed.user.description", :user => user.display_name)
- @link = url_for :action => "index", :display_name => user.display_name, :host => SERVER_URL, :protocol => SERVER_PROTOCOL
+ @link = url_for :action => "index", :display_name => user.display_name, :host => Settings.server_url, :protocol => Settings.server_protocol
else
head :not_found
return
else
@entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] })
+ # Items can't be flagged as deleted in the RSS format.
+ # For the general feeds, allow a delay before publishing, to help spam fighting
+ @entries = @entries.where("created_at < :time", :time => Settings.diary_feed_delay.hours.ago)
+
if params[:language]
@entries = @entries.where(:language_code => params[:language])
@title = t("diary_entries.feed.language.title", :language_name => Language.find(params[:language]).english_name)
@description = t("diary_entries.feed.language.description", :language_name => Language.find(params[:language]).english_name)
- @link = url_for :action => "index", :language => params[:language], :host => SERVER_URL, :protocol => SERVER_PROTOCOL
+ @link = url_for :action => "index", :language => params[:language], :host => Settings.server_url, :protocol => Settings.server_protocol
else
@title = t("diary_entries.feed.all.title")
@description = t("diary_entries.feed.all.description")
- @link = url_for :action => "index", :host => SERVER_URL, :protocol => SERVER_PROTOCOL
+ @link = url_for :action => "index", :host => Settings.server_url, :protocol => Settings.server_protocol
end
end
-
@entries = @entries.visible.includes(:user).order("created_at DESC").limit(20)
end
- def show
- @entry = @user.diary_entries.visible.where(:id => params[:id]).first
- if @entry
- @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title
- else
- @title = t "diary_entries.no_such_entry.title", :id => params[:id]
- render :action => "no_such_entry", :status => :not_found
- end
- end
-
def hide
entry = DiaryEntry.find(params[:id])
entry.update(:visible => false)
redirect_to :action => "index", :display_name => entry.user.display_name
end
+ def unhide
+ entry = DiaryEntry.find(params[:id])
+ entry.update(:visible => true)
+ redirect_to :action => "index", :display_name => entry.user.display_name
+ end
+
def hidecomment
comment = DiaryComment.find(params[:comment])
comment.update(:visible => false)
redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
end
- def comments
- @comment_pages, @comments = paginate(:diary_comments,
- :conditions => {
- :user_id => @user,
- :visible => true
- },
- :order => "created_at DESC",
- :per_page => 20)
- @page = (params[:page] || 1).to_i
+ def unhidecomment
+ comment = DiaryComment.find(params[:comment])
+ comment.update(:visible => true)
+ redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
end
- private
+ def comments
+ @title = t ".title", :user => @user.display_name
- # This is required because, being a default-deny system, cancancan
- # _cannot_ tell you the reason you were denied access; and so
- # the "nice" feedback presenting next steps can't be gleaned from
- # the exception
- ##
- # for the hide actions, require that the user is a administrator, or fill out
- # a helpful error message and return them to the user page.
- def deny_access(exception)
- if current_user && exception.action.in?([:hide, :hidecomment])
- flash[:error] = t("users.filter.not_an_administrator")
- redirect_to :action => "show"
- else
- super
- end
+ comments = DiaryComment.where(:user => @user)
+ comments = comments.visible unless can? :unhidecomment, DiaryEntry
+
+ @params = params.permit(:display_name, :before, :after)
+
+ @comments, @newer_comments_id, @older_comments_id = get_page_items(comments, [:user])
end
+ private
+
##
# return permitted diary entry parameters
def entry_params
@lon = @diary_entry.longitude
@lat = @diary_entry.latitude
@zoom = 12
- elsif current_user.home_lat.nil? || current_user.home_lon.nil?
+ elsif !current_user.home_location?
@lon = params[:lon] || -0.1
@lat = params[:lat] || 51.5
@zoom = params[:zoom] || 4
@zoom = 12
end
end
+
+ def get_page_items(items, includes)
+ id_column = "#{items.table_name}.id"
+ page_items = if params[:before]
+ items.where("#{id_column} < ?", params[:before]).order(:id => :desc)
+ elsif params[:after]
+ items.where("#{id_column} > ?", params[:after]).order(:id => :asc)
+ else
+ items.order(:id => :desc)
+ end
+
+ page_items = page_items.limit(20)
+ page_items = page_items.includes(includes)
+ page_items = page_items.sort.reverse
+
+ newer_items_id = page_items.first.id if page_items.count.positive? && items.exists?(["#{id_column} > ?", page_items.first.id])
+ older_items_id = page_items.last.id if page_items.count.positive? && items.exists?(["#{id_column} < ?", page_items.last.id])
+
+ [page_items, newer_items_id, older_items_id]
+ end
end