authorize_resource
- before_action :lookup_user, :only => [:show, :comments]
- before_action :check_database_writable, :only => [:new, :create, :edit, :update, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
+ before_action :lookup_user, :only => :show
+ before_action :check_database_writable, :only => [:new, :create, :edit, :update, :hide, :unhide, :subscribe, :unsubscribe]
- allow_thirdparty_images :only => [:new, :create, :edit, :update, :index, :show, :comments]
+ allow_thirdparty_images :only => [:new, :create, :edit, :update, :index, :show]
def index
if params[:display_name]
if @entry
@title = t ".title", :user => params[:display_name], :title => @entry.title
@og_image = @entry.body.image
- @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments
+ @comments = can?(:unhide, DiaryComment) ? @entry.comments : @entry.visible_comments
else
@title = t "diary_entries.no_such_entry.title", :id => params[:id]
render :action => "no_such_entry", :status => :not_found
@title = t "diary_entries.edit.title"
@diary_entry = DiaryEntry.find(params[:id])
- if current_user != @diary_entry.user ||
+ if cannot?(:update, @diary_entry) ||
(params[:diary_entry] && @diary_entry.update(entry_params))
redirect_to diary_entry_path(@diary_entry.user, @diary_entry)
else
render :action => "no_such_entry", :status => :not_found
end
- def comment
- @entry = DiaryEntry.find(params[:id])
- @comments = @entry.visible_comments
- @diary_comment = @entry.comments.build(comment_params)
- @diary_comment.user = current_user
- if @diary_comment.save
-
- # Notify current subscribers of the new comment
- @entry.subscribers.visible.each do |user|
- UserMailer.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user
- end
-
- # Add the commenter to the subscribers if necessary
- @entry.subscriptions.create(:user => current_user) unless @entry.subscribers.exists?(current_user.id)
-
- redirect_to diary_entry_path(@entry.user, @entry)
- else
- render :action => "show"
- end
- rescue ActiveRecord::RecordNotFound
- render :action => "no_such_entry", :status => :not_found
- end
-
def subscribe
@diary_entry = DiaryEntry.find(params[:id])
redirect_to :action => "index", :display_name => entry.user.display_name
end
- def hidecomment
- comment = DiaryComment.find(params[:comment])
- comment.update(:visible => false)
- redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
- end
-
- def unhidecomment
- comment = DiaryComment.find(params[:comment])
- comment.update(:visible => true)
- redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
- end
-
- def comments
- @title = t ".title", :user => @user.display_name
-
- comments = DiaryComment.where(:user => @user)
- comments = comments.visible unless can? :unhidecomment, DiaryEntry
-
- @params = params.permit(:display_name, :before, :after)
-
- @comments, @newer_comments_id, @older_comments_id = get_page_items(comments, :includes => [:user])
- end
-
private
##
ActionController::Parameters.new.permit(:title, :body, :language_code, :latitude, :longitude)
end
- ##
- # return permitted diary comment parameters
- def comment_params
- params.require(:diary_comment).permit(:body)
- end
-
##
# decide on a location for the diary entry map
def set_map_location