pundit: convert user feedbacks to pundit.
Allow users to delete feedbacks they've given to other users, not just mods.
This commit is contained in:
evazion
@@ -1,53 +1,37 @@
|
||||
class UserFeedbacksController < ApplicationController
|
||||
before_action :gold_only, :only => [:new, :edit, :create, :update]
|
||||
respond_to :html, :xml, :json, :js
|
||||
|
||||
def new
|
||||
@user_feedback = UserFeedback.new(user_feedback_params(:create))
|
||||
@user_feedback = authorize UserFeedback.new(permitted_attributes(UserFeedback))
|
||||
respond_with(@user_feedback)
|
||||
end
|
||||
|
||||
def edit
|
||||
@user_feedback = UserFeedback.visible(CurrentUser.user).find(params[:id])
|
||||
check_privilege(@user_feedback)
|
||||
@user_feedback = authorize UserFeedback.find(params[:id])
|
||||
respond_with(@user_feedback)
|
||||
end
|
||||
|
||||
def show
|
||||
@user_feedback = UserFeedback.visible(CurrentUser.user).find(params[:id])
|
||||
@user_feedback = authorize UserFeedback.find(params[:id])
|
||||
respond_with(@user_feedback)
|
||||
end
|
||||
|
||||
def index
|
||||
@user_feedbacks = UserFeedback.visible(CurrentUser.user).paginated_search(params, count_pages: true)
|
||||
@user_feedbacks = authorize UserFeedback.visible(CurrentUser.user).paginated_search(params, count_pages: true)
|
||||
@user_feedbacks = @user_feedbacks.includes(:user, :creator) if request.format.html?
|
||||
|
||||
respond_with(@user_feedbacks)
|
||||
end
|
||||
|
||||
def create
|
||||
@user_feedback = UserFeedback.create(user_feedback_params(:create).merge(creator: CurrentUser.user))
|
||||
@user_feedback = authorize UserFeedback.new(creator: CurrentUser.user, **permitted_attributes(UserFeedback))
|
||||
@user_feedback.save
|
||||
respond_with(@user_feedback)
|
||||
end
|
||||
|
||||
def update
|
||||
@user_feedback = UserFeedback.visible(CurrentUser.user).find(params[:id])
|
||||
check_privilege(@user_feedback)
|
||||
@user_feedback.update(user_feedback_params(:update, @user_feedback))
|
||||
@user_feedback = authorize UserFeedback.find(params[:id])
|
||||
@user_feedback.update(permitted_attributes(@user_feedback))
|
||||
respond_with(@user_feedback)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def check_privilege(user_feedback)
|
||||
raise User::PrivilegeError unless user_feedback.editable_by?(CurrentUser.user)
|
||||
end
|
||||
|
||||
def user_feedback_params(context, user_feedback = nil)
|
||||
permitted_params = %i[body category]
|
||||
permitted_params += %i[user_id user_name] if context == :create
|
||||
permitted_params += %i[is_deleted] if context == :update && user_feedback.deletable_by?(CurrentUser.user)
|
||||
|
||||
params.fetch(:user_feedback, {}).permit(permitted_params)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user