pundit: convert emails to pundit.

2020-03-19 16:40:02 -05:00
parent a440c56ed8
commit 50fa674a3e
7 changed files with 76 additions and 24 deletions
--- a/app/controllers/emails_controller.rb
+++ b/app/controllers/emails_controller.rb
@@ -1,24 +1,18 @@
 class EmailsController < ApplicationController
-  before_action :member_only
  respond_to :html, :xml, :json

  def show
-    @user = User.find(params[:user_id])
-    check_privilege(@user)
-
-    respond_with(@user.email_address)
+    @email_address = authorize EmailAddress.find_by_user_id!(params[:user_id])
+    respond_with(@email_address)
  end

  def edit
-    @user = User.find(params[:user_id])
-    check_privilege(@user)
-
+    @user = authorize User.find(params[:user_id]), policy_class: EmailAddressPolicy
    respond_with(@user)
  end

  def update
-    @user = User.find(params[:user_id])
-    check_privilege(@user)
+    @user = authorize User.find(params[:user_id]), policy_class: EmailAddressPolicy

    if User.authenticate(@user.name, params[:user][:password])
      @user.update(email_address_attributes: { address: params[:user][:email] })
@@ -37,17 +31,10 @@ class EmailsController < ApplicationController
  end

  def verify
-    email_id = Danbooru::MessageVerifier.new(:email_verification_key).verify(params[:email_verification_key])
-    @email_address = EmailAddress.find(email_id)
+    @email_address = authorize EmailAddress.find_by_user_id!(params[:user_id])
    @email_address.update!(is_verified: true)

    flash[:notice] = "Email address verified"
    redirect_to @email_address.user
  end
-
-  private
-
-  def check_privilege(user)
-    raise User::PrivilegeError unless user.id == CurrentUser.id || CurrentUser.is_admin?
-  end
 end