X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/6ca22de4f2c68e4b14a6e2f0938a8657c33adc31..c74ec0aa49f54e7068d8dfa8d2a61f9a3f28d10e:/app/controllers/diary_entries_controller.rb?ds=sidebyside diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb index 456ce99ad..5f53e81b6 100644 --- a/app/controllers/diary_entries_controller.rb +++ b/app/controllers/diary_entries_controller.rb @@ -3,43 +3,45 @@ class DiaryEntriesController < ApplicationController before_action :authorize_web before_action :set_locale + before_action :check_database_readable authorize_resource before_action :lookup_user, :only => [:show, :comments] - before_action :check_database_readable - before_action :check_database_writable, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe] - before_action :allow_thirdparty_images, :only => [:new, :edit, :index, :show, :comments] + before_action :check_database_writable, :only => [:new, :create, :edit, :update, :comment, :hide, :hidecomment, :subscribe, :unsubscribe] + before_action :allow_thirdparty_images, :only => [:new, :create, :edit, :update, :index, :show, :comments] def new @title = t "diary_entries.new.title" - if request.post? - @diary_entry = DiaryEntry.new(entry_params) - @diary_entry.user = current_user + default_lang = current_user.preferences.where(:k => "diary.default_language").first + lang_code = default_lang ? default_lang.v : current_user.preferred_language + @diary_entry = DiaryEntry.new(entry_params.merge(:language_code => lang_code)) + set_map_location + render :action => "new" + end - if @diary_entry.save - default_lang = current_user.preferences.where(:k => "diary.default_language").first - if default_lang - default_lang.v = @diary_entry.language_code - default_lang.save! - else - current_user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code) - end + def create + @title = t "diary_entries.new.title" - # Subscribe user to diary comments - @diary_entry.subscriptions.create(:user => current_user) + @diary_entry = DiaryEntry.new(entry_params) + @diary_entry.user = current_user - redirect_to :action => "index", :display_name => current_user.display_name + if @diary_entry.save + default_lang = current_user.preferences.where(:k => "diary.default_language").first + if default_lang + default_lang.v = @diary_entry.language_code + default_lang.save! else - render :action => "edit" + current_user.preferences.create(:k => "diary.default_language", :v => @diary_entry.language_code) end + + # Subscribe user to diary comments + @diary_entry.subscriptions.create(:user => current_user) + + redirect_to :action => "index", :display_name => current_user.display_name else - default_lang = current_user.preferences.where(:k => "diary.default_language").first - lang_code = default_lang ? default_lang.v : current_user.preferred_language - @diary_entry = DiaryEntry.new(entry_params.merge(:language_code => lang_code)) - set_map_location - render :action => "edit" + render :action => "new" end end @@ -47,19 +49,32 @@ class DiaryEntriesController < ApplicationController @title = t "diary_entries.edit.title" @diary_entry = DiaryEntry.find(params[:id]) + redirect_to diary_entry_path(@diary_entry.user, @diary_entry) if current_user != @diary_entry.user + + set_map_location + rescue ActiveRecord::RecordNotFound + render :action => "no_such_entry", :status => :not_found + end + + def update + @title = t "diary_entries.edit.title" + @diary_entry = DiaryEntry.find(params[:id]) + if current_user != @diary_entry.user redirect_to diary_entry_path(@diary_entry.user, @diary_entry) elsif params[:diary_entry] && @diary_entry.update(entry_params) redirect_to diary_entry_path(@diary_entry.user, @diary_entry) + else + set_map_location + render :action => "edit" end - - set_map_location rescue ActiveRecord::RecordNotFound render :action => "no_such_entry", :status => :not_found end def comment @entry = DiaryEntry.find(params[:id]) + @comments = @entry.visible_comments @diary_comment = @entry.comments.build(comment_params) @diary_comment.user = current_user if @diary_comment.save @@ -114,7 +129,7 @@ class DiaryEntriesController < ApplicationController elsif params[:friends] if current_user @title = t "diary_entries.index.title_friends" - @entries = DiaryEntry.where(:user_id => current_user.friend_users) + @entries = DiaryEntry.where(:user_id => current_user.friends) else require_user return @@ -143,7 +158,7 @@ class DiaryEntriesController < ApplicationController @page = (params[:page] || 1).to_i @page_size = 20 - @entries = @entries.visible + @entries = @entries.visible unless can? :unhide, DiaryEntry @entries = @entries.order("created_at DESC") @entries = @entries.offset((@page - 1) * @page_size) @entries = @entries.limit(@page_size) @@ -158,7 +173,7 @@ class DiaryEntriesController < ApplicationController @entries = user.diary_entries @title = t("diary_entries.feed.user.title", :user => user.display_name) @description = t("diary_entries.feed.user.description", :user => user.display_name) - @link = url_for :action => "index", :display_name => user.display_name, :host => SERVER_URL, :protocol => SERVER_PROTOCOL + @link = url_for :action => "index", :display_name => user.display_name, :host => Settings.server_url, :protocol => Settings.server_protocol else head :not_found return @@ -166,18 +181,21 @@ class DiaryEntriesController < ApplicationController else @entries = DiaryEntry.joins(:user).where(:users => { :status => %w[active confirmed] }) + # Items can't be flagged as deleted in the RSS format. + # For the general feeds, allow a delay before publishing, to help spam fighting + @entries = @entries.where("created_at < :time", :time => Settings.diary_feed_delay.hours.ago) + if params[:language] @entries = @entries.where(:language_code => params[:language]) @title = t("diary_entries.feed.language.title", :language_name => Language.find(params[:language]).english_name) @description = t("diary_entries.feed.language.description", :language_name => Language.find(params[:language]).english_name) - @link = url_for :action => "index", :language => params[:language], :host => SERVER_URL, :protocol => SERVER_PROTOCOL + @link = url_for :action => "index", :language => params[:language], :host => Settings.server_url, :protocol => Settings.server_protocol else @title = t("diary_entries.feed.all.title") @description = t("diary_entries.feed.all.description") - @link = url_for :action => "index", :host => SERVER_URL, :protocol => SERVER_PROTOCOL + @link = url_for :action => "index", :host => Settings.server_url, :protocol => Settings.server_protocol end end - @entries = @entries.visible.includes(:user).order("created_at DESC").limit(20) end @@ -185,6 +203,7 @@ class DiaryEntriesController < ApplicationController @entry = @user.diary_entries.visible.where(:id => params[:id]).first if @entry @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title + @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments else @title = t "diary_entries.no_such_entry.title", :id => params[:id] render :action => "no_such_entry", :status => :not_found @@ -197,18 +216,31 @@ class DiaryEntriesController < ApplicationController redirect_to :action => "index", :display_name => entry.user.display_name end + def unhide + entry = DiaryEntry.find(params[:id]) + entry.update(:visible => true) + redirect_to :action => "index", :display_name => entry.user.display_name + end + def hidecomment comment = DiaryComment.find(params[:comment]) comment.update(:visible => false) redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry) end + def unhidecomment + comment = DiaryComment.find(params[:comment]) + comment.update(:visible => true) + redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry) + end + def comments + conditions = { :user_id => @user } + + conditions[:visible] = true unless can? :unhidecomment, DiaryEntry + @comment_pages, @comments = paginate(:diary_comments, - :conditions => { - :user_id => @user, - :visible => true - }, + :conditions => conditions, :order => "created_at DESC", :per_page => 20) @page = (params[:page] || 1).to_i @@ -216,22 +248,6 @@ class DiaryEntriesController < ApplicationController private - # This is required because, being a default-deny system, cancancan - # _cannot_ tell you the reason you were denied access; and so - # the "nice" feedback presenting next steps can't be gleaned from - # the exception - ## - # for the hide actions, require that the user is a administrator, or fill out - # a helpful error message and return them to the user page. - def deny_access(exception) - if current_user && exception.action.in?([:hide, :hidecomment]) - flash[:error] = t("users.filter.not_an_administrator") - redirect_to :action => "show" - else - super - end - end - ## # return permitted diary entry parameters def entry_params