X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/6ca22de4f2c68e4b14a6e2f0938a8657c33adc31..039a7d6af7408de12854034fdb31a96977affed0:/app/controllers/diary_entries_controller.rb?ds=inline diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb index 456ce99ad..8da0842eb 100644 --- a/app/controllers/diary_entries_controller.rb +++ b/app/controllers/diary_entries_controller.rb @@ -1,72 +1,149 @@ class DiaryEntriesController < ApplicationController + include UserMethods + include PaginationMethods + layout "site", :except => :rss before_action :authorize_web before_action :set_locale + before_action :check_database_readable authorize_resource before_action :lookup_user, :only => [:show, :comments] - before_action :check_database_readable - before_action :check_database_writable, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe] - before_action :allow_thirdparty_images, :only => [:new, :edit, :index, :show, :comments] + before_action :check_database_writable, :only => [:new, :create, :edit, :update, :comment, :hide, :hidecomment, :subscribe, :unsubscribe] + before_action :allow_thirdparty_images, :only => [:new, :create, :edit, :update, :index, :show, :comments] + + def index + if params[:display_name] + @user = User.active.find_by(:display_name => params[:display_name]) + + if @user + @title = t ".user_title", :user => @user.display_name + entries = @user.diary_entries + else + render_unknown_user params[:display_name] + return + end + elsif params[:friends] + if current_user + @title = t ".title_friends" + entries = DiaryEntry.where(:user => current_user.friends) + else + require_user + return + end + elsif params[:nearby] + if current_user + @title = t ".title_nearby" + entries = DiaryEntry.where(:user => current_user.nearby) + else + require_user + return + end + else + entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] }) + + if params[:language] + @title = t ".in_language_title", :language => Language.find(params[:language]).english_name + entries = entries.where(:language_code => params[:language]) + else + candidate_codes = preferred_languages.flat_map(&:candidates).uniq.map(&:to_s) + @languages = Language.where(:code => candidate_codes).in_order_of(:code, candidate_codes) + @title = t ".title" + end + end + + entries = entries.visible unless can? :unhide, DiaryEntry + + @params = params.permit(:display_name, :friends, :nearby, :language) + + @entries, @newer_entries_id, @older_entries_id = get_page_items(entries, :includes => [:user, :language]) + end + + def show + entries = @user.diary_entries + entries = entries.visible unless can? :unhide, DiaryEntry + @entry = entries.find_by(:id => params[:id]) + if @entry + @title = t ".title", :user => params[:display_name], :title => @entry.title + @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments + else + @title = t "diary_entries.no_such_entry.title", :id => params[:id] + render :action => "no_such_entry", :status => :not_found + end + end def new + @title = t ".title" + + default_lang = current_user.preferences.find_by(:k => "diary.default_language") + lang_code = default_lang ? default_lang.v : current_user.preferred_language + @diary_entry = DiaryEntry.new(entry_params.merge(:language_code => lang_code)) + set_map_location + render :action => "new" + end + + def edit + @title = t ".title" + @diary_entry = DiaryEntry.find(params[:id]) + + redirect_to diary_entry_path(@diary_entry.user, @diary_entry) if current_user != @diary_entry.user + + set_map_location + rescue ActiveRecord::RecordNotFound + render :action => "no_such_entry", :status => :not_found + end + + def create @title = t "diary_entries.new.title" - if request.post? - @diary_entry = DiaryEntry.new(entry_params) - @diary_entry.user = current_user - - if @diary_entry.save - default_lang = current_user.preferences.where(:k => "diary.default_language").first - if default_lang - default_lang.v = @diary_entry.language_code - default_lang.save! - else - current_user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code) - end - - # Subscribe user to diary comments - @diary_entry.subscriptions.create(:user => current_user) - - redirect_to :action => "index", :display_name => current_user.display_name + @diary_entry = DiaryEntry.new(entry_params) + @diary_entry.user = current_user + + if @diary_entry.save + default_lang = current_user.preferences.find_by(:k => "diary.default_language") + if default_lang + default_lang.v = @diary_entry.language_code + default_lang.save! else - render :action => "edit" + current_user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code) end + + # Subscribe user to diary comments + @diary_entry.subscriptions.create(:user => current_user) + + redirect_to :action => "index", :display_name => current_user.display_name else - default_lang = current_user.preferences.where(:k => "diary.default_language").first - lang_code = default_lang ? default_lang.v : current_user.preferred_language - @diary_entry = DiaryEntry.new(entry_params.merge(:language_code => lang_code)) - set_map_location - render :action => "edit" + render :action => "new" end end - def edit + def update @title = t "diary_entries.edit.title" @diary_entry = DiaryEntry.find(params[:id]) - if current_user != @diary_entry.user - redirect_to diary_entry_path(@diary_entry.user, @diary_entry) - elsif params[:diary_entry] && @diary_entry.update(entry_params) + if current_user != @diary_entry.user || + (params[:diary_entry] && @diary_entry.update(entry_params)) redirect_to diary_entry_path(@diary_entry.user, @diary_entry) + else + set_map_location + render :action => "edit" end - - set_map_location rescue ActiveRecord::RecordNotFound render :action => "no_such_entry", :status => :not_found end def comment @entry = DiaryEntry.find(params[:id]) + @comments = @entry.visible_comments @diary_comment = @entry.comments.build(comment_params) @diary_comment.user = current_user if @diary_comment.save # Notify current subscribers of the new comment @entry.subscribers.visible.each do |user| - Notifier.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user + UserMailer.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user end # Add the commenter to the subscribers if necessary @@ -81,75 +158,29 @@ class DiaryEntriesController < ApplicationController end def subscribe - diary_entry = DiaryEntry.find(params[:id]) + @diary_entry = DiaryEntry.find(params[:id]) - diary_entry.subscriptions.create(:user => current_user) unless diary_entry.subscribers.exists?(current_user.id) + if request.post? + @diary_entry.subscriptions.create(:user => current_user) unless @diary_entry.subscribers.exists?(current_user.id) - redirect_to diary_entry_path(diary_entry.user, diary_entry) + redirect_to diary_entry_path(@diary_entry.user, @diary_entry) + end rescue ActiveRecord::RecordNotFound render :action => "no_such_entry", :status => :not_found end def unsubscribe - diary_entry = DiaryEntry.find(params[:id]) + @diary_entry = DiaryEntry.find(params[:id]) - diary_entry.subscriptions.where(:user => current_user).delete_all if diary_entry.subscribers.exists?(current_user.id) + if request.post? + @diary_entry.subscriptions.where(:user => current_user).delete_all if @diary_entry.subscribers.exists?(current_user.id) - redirect_to diary_entry_path(diary_entry.user, diary_entry) + redirect_to diary_entry_path(@diary_entry.user, @diary_entry) + end rescue ActiveRecord::RecordNotFound render :action => "no_such_entry", :status => :not_found end - def index - if params[:display_name] - @user = User.active.find_by(:display_name => params[:display_name]) - - if @user - @title = t "diary_entries.index.user_title", :user => @user.display_name - @entries = @user.diary_entries - else - render_unknown_user params[:display_name] - return - end - elsif params[:friends] - if current_user - @title = t "diary_entries.index.title_friends" - @entries = DiaryEntry.where(:user_id => current_user.friend_users) - else - require_user - return - end - elsif params[:nearby] - if current_user - @title = t "diary_entries.index.title_nearby" - @entries = DiaryEntry.where(:user_id => current_user.nearby) - else - require_user - return - end - else - @entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] }) - - if params[:language] - @title = t "diary_entries.index.in_language_title", :language => Language.find(params[:language]).english_name - @entries = @entries.where(:language_code => params[:language]) - else - @title = t "diary_entries.index.title" - end - end - - @params = params.permit(:display_name, :friends, :nearby, :language) - - @page = (params[:page] || 1).to_i - @page_size = 20 - - @entries = @entries.visible - @entries = @entries.order("created_at DESC") - @entries = @entries.offset((@page - 1) * @page_size) - @entries = @entries.limit(@page_size) - @entries = @entries.includes(:user, :language) - end - def rss if params[:display_name] user = User.active.find_by(:display_name => params[:display_name]) @@ -158,7 +189,7 @@ class DiaryEntriesController < ApplicationController @entries = user.diary_entries @title = t("diary_entries.feed.user.title", :user => user.display_name) @description = t("diary_entries.feed.user.description", :user => user.display_name) - @link = url_for :action => "index", :display_name => user.display_name, :host => SERVER_URL, :protocol => SERVER_PROTOCOL + @link = url_for :action => "index", :display_name => user.display_name, :host => Settings.server_url, :protocol => Settings.server_protocol else head :not_found return @@ -166,72 +197,61 @@ class DiaryEntriesController < ApplicationController else @entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] }) + # Items can't be flagged as deleted in the RSS format. + # For the general feeds, allow a delay before publishing, to help spam fighting + @entries = @entries.where("created_at < :time", :time => Settings.diary_feed_delay.hours.ago) + if params[:language] @entries = @entries.where(:language_code => params[:language]) @title = t("diary_entries.feed.language.title", :language_name => Language.find(params[:language]).english_name) @description = t("diary_entries.feed.language.description", :language_name => Language.find(params[:language]).english_name) - @link = url_for :action => "index", :language => params[:language], :host => SERVER_URL, :protocol => SERVER_PROTOCOL + @link = url_for :action => "index", :language => params[:language], :host => Settings.server_url, :protocol => Settings.server_protocol else @title = t("diary_entries.feed.all.title") @description = t("diary_entries.feed.all.description") - @link = url_for :action => "index", :host => SERVER_URL, :protocol => SERVER_PROTOCOL + @link = url_for :action => "index", :host => Settings.server_url, :protocol => Settings.server_protocol end end - @entries = @entries.visible.includes(:user).order("created_at DESC").limit(20) end - def show - @entry = @user.diary_entries.visible.where(:id => params[:id]).first - if @entry - @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title - else - @title = t "diary_entries.no_such_entry.title", :id => params[:id] - render :action => "no_such_entry", :status => :not_found - end - end - def hide entry = DiaryEntry.find(params[:id]) entry.update(:visible => false) redirect_to :action => "index", :display_name => entry.user.display_name end + def unhide + entry = DiaryEntry.find(params[:id]) + entry.update(:visible => true) + redirect_to :action => "index", :display_name => entry.user.display_name + end + def hidecomment comment = DiaryComment.find(params[:comment]) comment.update(:visible => false) redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry) end - def comments - @comment_pages, @comments = paginate(:diary_comments, - :conditions => { - :user_id => @user, - :visible => true - }, - :order => "created_at DESC", - :per_page => 20) - @page = (params[:page] || 1).to_i + def unhidecomment + comment = DiaryComment.find(params[:comment]) + comment.update(:visible => true) + redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry) end - private + def comments + @title = t ".title", :user => @user.display_name - # This is required because, being a default-deny system, cancancan - # _cannot_ tell you the reason you were denied access; and so - # the "nice" feedback presenting next steps can't be gleaned from - # the exception - ## - # for the hide actions, require that the user is a administrator, or fill out - # a helpful error message and return them to the user page. - def deny_access(exception) - if current_user && exception.action.in?([:hide, :hidecomment]) - flash[:error] = t("users.filter.not_an_administrator") - redirect_to :action => "show" - else - super - end + comments = DiaryComment.where(:user => @user) + comments = comments.visible unless can? :unhidecomment, DiaryEntry + + @params = params.permit(:display_name, :before, :after) + + @comments, @newer_comments_id, @older_comments_id = get_page_items(comments, :includes => [:user]) end + private + ## # return permitted diary entry parameters def entry_params @@ -253,7 +273,7 @@ class DiaryEntriesController < ApplicationController @lon = @diary_entry.longitude @lat = @diary_entry.latitude @zoom = 12 - elsif current_user.home_lat.nil? || current_user.home_lon.nil? + elsif !current_user.home_location? @lon = params[:lon] || -0.1 @lat = params[:lat] || 51.5 @zoom = params[:zoom] || 4