pundit: convert dmails to pundit.
This commit is contained in:
evazion
@@ -1,29 +1,26 @@
|
||||
class DmailsController < ApplicationController
|
||||
respond_to :html, :xml, :js, :json
|
||||
before_action :member_only, except: [:index, :show, :update, :mark_all_as_read]
|
||||
|
||||
def new
|
||||
if params[:respond_to_id]
|
||||
parent = Dmail.find(params[:respond_to_id])
|
||||
check_show_privilege(parent)
|
||||
parent = authorize Dmail.find(params[:respond_to_id]), :show?
|
||||
@dmail = parent.build_response(:forward => params[:forward])
|
||||
else
|
||||
@dmail = Dmail.new(dmail_params(:create))
|
||||
@dmail = authorize Dmail.new(permitted_attributes(Dmail))
|
||||
end
|
||||
|
||||
respond_with(@dmail)
|
||||
end
|
||||
|
||||
def index
|
||||
@dmails = Dmail.visible(CurrentUser.user).paginated_search(params, count_pages: true)
|
||||
@dmails = authorize Dmail.visible(CurrentUser.user).paginated_search(params, count_pages: true)
|
||||
@dmails = @dmails.includes(:owner, :to, :from) if request.format.html?
|
||||
|
||||
respond_with(@dmails)
|
||||
end
|
||||
|
||||
def show
|
||||
@dmail = Dmail.find(params[:id])
|
||||
check_show_privilege(@dmail)
|
||||
@dmail = authorize Dmail.find(params[:id])
|
||||
|
||||
if request.format.html? && @dmail.owner == CurrentUser.user
|
||||
@dmail.update!(is_read: true)
|
||||
@@ -33,38 +30,20 @@ class DmailsController < ApplicationController
|
||||
end
|
||||
|
||||
def create
|
||||
@dmail = Dmail.create_split(from: CurrentUser.user, creator_ip_addr: CurrentUser.ip_addr, **dmail_params(:create))
|
||||
@dmail = authorize(Dmail).create_split(from: CurrentUser.user, creator_ip_addr: CurrentUser.ip_addr, **permitted_attributes(Dmail))
|
||||
respond_with(@dmail)
|
||||
end
|
||||
|
||||
def update
|
||||
@dmail = Dmail.find(params[:id])
|
||||
check_update_privilege(@dmail)
|
||||
@dmail.update(dmail_params(:update))
|
||||
@dmail = authorize Dmail.find(params[:id])
|
||||
@dmail.update(permitted_attributes(@dmail))
|
||||
flash[:notice] = "Dmail updated"
|
||||
|
||||
respond_with(@dmail)
|
||||
end
|
||||
|
||||
def mark_all_as_read
|
||||
@dmails = CurrentUser.user.dmails.mark_all_as_read
|
||||
@dmails = authorize(CurrentUser.user.dmails).mark_all_as_read
|
||||
respond_with(@dmails)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def check_show_privilege(dmail)
|
||||
raise User::PrivilegeError unless dmail.visible_to?(CurrentUser.user, params[:key])
|
||||
end
|
||||
|
||||
def check_update_privilege(dmail)
|
||||
raise User::PrivilegeError unless dmail.owner == CurrentUser.user
|
||||
end
|
||||
|
||||
def dmail_params(context)
|
||||
permitted_params = %i[title body to_name to_id] if context == :create
|
||||
permitted_params = %i[is_read is_deleted] if context == :update
|
||||
|
||||
params.fetch(:dmail, {}).permit(permitted_params)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user