X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/5a06a3dffe1342686f547663610bbe72f216fcd5..efd50cd529990069dc1ca95f66ec6f61471fe29d:/app/controllers/diary_entry_controller.rb diff --git a/app/controllers/diary_entry_controller.rb b/app/controllers/diary_entry_controller.rb index f6da8d870..70cb1654d 100644 --- a/app/controllers/diary_entry_controller.rb +++ b/app/controllers/diary_entry_controller.rb @@ -3,12 +3,13 @@ class DiaryEntryController < ApplicationController before_action :authorize_web before_action :set_locale - before_action :require_user, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe] + + authorize_resource + before_action :lookup_user, :only => [:show, :comments] before_action :check_database_readable before_action :check_database_writable, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe] - before_action :require_administrator, :only => [:hide, :hidecomment] - before_action :allow_thirdparty_images, :only => [:new, :edit, :list, :show, :comments] + before_action :allow_thirdparty_images, :only => [:new, :edit, :index, :show, :comments] def new @title = t "diary_entry.new.title" @@ -29,7 +30,7 @@ class DiaryEntryController < ApplicationController # Subscribe user to diary comments @diary_entry.subscriptions.create(:user => current_user) - redirect_to :action => "list", :display_name => current_user.display_name + redirect_to :action => "index", :display_name => current_user.display_name else render :action => "edit" end @@ -65,7 +66,7 @@ class DiaryEntryController < ApplicationController # Notify current subscribers of the new comment @entry.subscribers.visible.each do |user| - Notifier.diary_comment_notification(@diary_comment, user).deliver_now if current_user != user + Notifier.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user end # Add the commenter to the subscribers if necessary @@ -99,12 +100,12 @@ class DiaryEntryController < ApplicationController render :action => "no_such_entry", :status => :not_found end - def list + def index if params[:display_name] @user = User.active.find_by(:display_name => params[:display_name]) if @user - @title = t "diary_entry.list.user_title", :user => @user.display_name + @title = t "diary_entry.index.user_title", :user => @user.display_name @entries = @user.diary_entries else render_unknown_user params[:display_name] @@ -112,7 +113,7 @@ class DiaryEntryController < ApplicationController end elsif params[:friends] if current_user - @title = t "diary_entry.list.title_friends" + @title = t "diary_entry.index.title_friends" @entries = DiaryEntry.where(:user_id => current_user.friend_users) else require_user @@ -120,7 +121,7 @@ class DiaryEntryController < ApplicationController end elsif params[:nearby] if current_user - @title = t "diary_entry.list.title_nearby" + @title = t "diary_entry.index.title_nearby" @entries = DiaryEntry.where(:user_id => current_user.nearby) else require_user @@ -130,10 +131,10 @@ class DiaryEntryController < ApplicationController @entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] }) if params[:language] - @title = t "diary_entry.list.in_language_title", :language => Language.find(params[:language]).english_name + @title = t "diary_entry.index.in_language_title", :language => Language.find(params[:language]).english_name @entries = @entries.where(:language_code => params[:language]) else - @title = t "diary_entry.list.title" + @title = t "diary_entry.index.title" end end @@ -157,7 +158,7 @@ class DiaryEntryController < ApplicationController @entries = user.diary_entries @title = t("diary_entry.feed.user.title", :user => user.display_name) @description = t("diary_entry.feed.user.description", :user => user.display_name) - @link = url_for :controller => "diary_entry", :action => "list", :display_name => user.display_name, :host => SERVER_URL, :protocol => SERVER_PROTOCOL + @link = url_for :controller => "diary_entry", :action => "index", :display_name => user.display_name, :host => SERVER_URL, :protocol => SERVER_PROTOCOL else head :not_found return @@ -169,11 +170,11 @@ class DiaryEntryController < ApplicationController @entries = @entries.where(:language_code => params[:language]) @title = t("diary_entry.feed.language.title", :language_name => Language.find(params[:language]).english_name) @description = t("diary_entry.feed.language.description", :language_name => Language.find(params[:language]).english_name) - @link = url_for :controller => "diary_entry", :action => "list", :language => params[:language], :host => SERVER_URL, :protocol => SERVER_PROTOCOL + @link = url_for :controller => "diary_entry", :action => "index", :language => params[:language], :host => SERVER_URL, :protocol => SERVER_PROTOCOL else @title = t("diary_entry.feed.all.title") @description = t("diary_entry.feed.all.description") - @link = url_for :controller => "diary_entry", :action => "list", :host => SERVER_URL, :protocol => SERVER_PROTOCOL + @link = url_for :controller => "diary_entry", :action => "index", :host => SERVER_URL, :protocol => SERVER_PROTOCOL end end @@ -193,7 +194,7 @@ class DiaryEntryController < ApplicationController def hide entry = DiaryEntry.find(params[:id]) entry.update(:visible => false) - redirect_to :action => "list", :display_name => entry.user.display_name + redirect_to :action => "index", :display_name => entry.user.display_name end def hidecomment @@ -215,6 +216,22 @@ class DiaryEntryController < ApplicationController private + # This is required because, being a default-deny system, cancancan + # _cannot_ tell you the reason you were denied access; and so + # the "nice" feedback presenting next steps can't be gleaned from + # the exception + ## + # for the hide actions, require that the user is a administrator, or fill out + # a helpful error message and return them to the user page. + def deny_access(exception) + if current_user && exception.action.in?([:hide, :hidecomment]) + flash[:error] = t("users.filter.not_an_administrator") + redirect_to :action => "show" + else + super + end + end + ## # return permitted diary entry parameters def entry_params @@ -229,16 +246,6 @@ class DiaryEntryController < ApplicationController params.require(:diary_comment).permit(:body) end - ## - # require that the user is a administrator, or fill out a helpful error message - # and return them to the user page. - def require_administrator - unless current_user.administrator? - flash[:error] = t("user.filter.not_an_administrator") - redirect_to :action => "show" - end - end - ## # decide on a location for the diary entry map def set_map_location