jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pundit: convert pools to pundit.

Browse Source
This commit is contained in:
evazion
2020-03-19 19:31:57 -05:00
parent 83eae1bf11
commit ab5432d149
8 changed files with 58 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
app/controllers/pools_controller.rb
View File

@@ -1,23 +1,18 @@
class PoolsController < ApplicationController
respond_to :html, :xml, :json, :js
before_action :member_only, :except => [:index, :show, :gallery]
before_action :builder_only, :only => [:destroy]
def new
@pool = Pool.new
@pool = authorize Pool.new(permitted_attributes(Pool))
respond_with(@pool)
end
def edit
@pool = Pool.find(params[:id])
if @pool.is_deleted && !@pool.deletable_by?(CurrentUser.user)
raise User::PrivilegeError
end
@pool = authorize Pool.find(params[:id])
respond_with(@pool)
end
def index
@pools = Pool.paginated_search(params, count_pages: true)
@pools = authorize Pool.paginated_search(params, count_pages: true)
respond_with(@pools)
end
@@ -26,28 +21,29 @@ class PoolsController < ApplicationController
limit = params[:limit].presence || CurrentUser.user.per_page
search = search_params.presence || ActionController::Parameters.new(category: "series")
@pools = Pool.search(search).paginate(params[:page], limit: limit, search_count: params[:search])
@pools = authorize Pool.search(search).paginate(params[:page], limit: limit, search_count: params[:search])
respond_with(@pools)
end
def show
limit = params[:limit].presence || CurrentUser.user.per_page
@pool = Pool.find(params[:id])
@pool = authorize Pool.find(params[:id])
@posts = @pool.posts.paginate(params[:page], limit: limit, count: @pool.post_count)
respond_with(@pool)
end
def create
@pool = Pool.create(pool_params)
@pool = authorize Pool.new(permitted_attributes(Pool))
@pool.save
flash[:notice] = @pool.valid? ? "Pool created" : @pool.errors.full_messages.join("; ")
respond_with(@pool)
end
def update
# need to do this in order for synchronize! to work correctly
@pool = Pool.find(params[:id])
@pool.attributes = pool_params
@pool = authorize Pool.find(params[:id])
@pool.attributes = permitted_attributes(@pool)
@pool.synchronize
@pool.save
unless @pool.errors.any?
@@ -57,10 +53,7 @@ class PoolsController < ApplicationController
end
def destroy
@pool = Pool.find(params[:id])
if !@pool.deletable_by?(CurrentUser.user)
raise User::PrivilegeError
end
@pool = authorize Pool.find(params[:id])
@pool.update_attribute(:is_deleted, true)
@pool.create_mod_action_for_delete
flash[:notice] = "Pool deleted"
@@ -68,10 +61,7 @@ class PoolsController < ApplicationController
end
def undelete
@pool = Pool.find(params[:id])
if !@pool.deletable_by?(CurrentUser.user)
raise User::PrivilegeError
end
@pool = authorize Pool.find(params[:id])
@pool.update_attribute(:is_deleted, false)
@pool.create_mod_action_for_undelete
flash[:notice] = "Pool undeleted"
@@ -79,7 +69,7 @@ class PoolsController < ApplicationController
end
def revert
@pool = Pool.find(params[:id])
@pool = authorize Pool.find(params[:id])
@version = @pool.versions.find(params[:version_id])
@pool.revert_to!(@version)
flash[:notice] = "Pool reverted"
@@ -97,9 +87,4 @@ class PoolsController < ApplicationController
true
end
end
def pool_params
permitted_params = %i[name description category post_ids post_ids_string]
params.require(:pool).permit(*permitted_params, post_ids: [])
end
end