pundit: convert post appeals to pundit.

2020-03-19 19:57:24 -05:00
parent ab5432d149
commit cbee23f9ad
2 changed files with 10 additions and 11 deletions
--- a/app/controllers/post_appeals_controller.rb
+++ b/app/controllers/post_appeals_controller.rb
@@ -1,14 +1,13 @@
 class PostAppealsController < ApplicationController
-  before_action :member_only, :except => [:index, :show]
  respond_to :html, :xml, :json, :js

  def new
-    @post_appeal = PostAppeal.new(post_appeal_params)
+    @post_appeal = authorize PostAppeal.new(permitted_attributes(PostAppeal))
    respond_with(@post_appeal)
  end

  def index
-    @post_appeals = PostAppeal.paginated_search(params)
+    @post_appeals = authorize PostAppeal.paginated_search(params)

    if request.format.html?
      @post_appeals = @post_appeals.includes(:creator, post: [:appeals, :uploader, :approver])
@@ -20,21 +19,16 @@ class PostAppealsController < ApplicationController
  end

  def create
-    @post_appeal = PostAppeal.create(post_appeal_params.merge(creator: CurrentUser.user))
+    @post_appeal = authorize PostAppeal.new(creator: CurrentUser.user, **permitted_attributes(PostAppeal))
+    @post_appeal.save
    flash[:notice] = @post_appeal.errors.none? ? "Post appealed" : @post_appeal.errors.full_messages.join("; ")
    respond_with(@post_appeal)
  end

  def show
-    @post_appeal = PostAppeal.find(params[:id])
+    @post_appeal = authorize PostAppeal.find(params[:id])
    respond_with(@post_appeal) do |fmt|
      fmt.html { redirect_to post_appeals_path(search: { id: @post_appeal.id }) }
    end
  end
-
-  private
-
-  def post_appeal_params
-    params.fetch(:post_appeal, {}).permit(%i[post_id reason])
-  end
 end
--- a/app/policies/post_appeal_policy.rb
+++ b/app/policies/post_appeal_policy.rb
@@ -0,0 +1,5 @@
+class PostAppealPolicy < ApplicationPolicy
+  def permitted_attributes
+    [:post_id, :reason]
+  end
+end