From ce1133dd692192743b42aefdda865a73e10b8d2d Mon Sep 17 00:00:00 2001 From: evazion Date: Thu, 19 Mar 2020 14:12:52 -0500 Subject: [PATCH] pundit: convert artist commentaries to pundit. --- .../artist_commentaries_controller.rb | 25 ++++++------------- app/policies/artist_commentary_policy.rb | 20 +++++++++++++++ 2 files changed, 28 insertions(+), 17 deletions(-) create mode 100644 app/policies/artist_commentary_policy.rb diff --git a/app/controllers/artist_commentaries_controller.rb b/app/controllers/artist_commentaries_controller.rb index df71626df..00e0e3243 100644 --- a/app/controllers/artist_commentaries_controller.rb +++ b/app/controllers/artist_commentaries_controller.rb @@ -1,9 +1,8 @@ class ArtistCommentariesController < ApplicationController respond_to :html, :xml, :json, :js - before_action :member_only, only: [:create_or_update, :revert] def index - @commentaries = ArtistCommentary.paginated_search(params) + @commentaries = authorize ArtistCommentary.paginated_search(params) @commentaries = @commentaries.includes(post: :uploader) if request.format.html? respond_with(@commentaries) @@ -14,9 +13,9 @@ class ArtistCommentariesController < ApplicationController def show if params[:id] - @commentary = ArtistCommentary.find(params[:id]) + @commentary = authorize ArtistCommentary.find(params[:id]) else - @commentary = ArtistCommentary.find_by_post_id!(params[:post_id]) + @commentary = authorize ArtistCommentary.find_by_post_id!(params[:post_id]) end respond_with(@commentary) do |format| @@ -25,24 +24,16 @@ class ArtistCommentariesController < ApplicationController end def create_or_update - @artist_commentary = ArtistCommentary.find_or_initialize_by(post_id: params.dig(:artist_commentary, :post_id)) - @artist_commentary.update(commentary_params) + post_id = params[:artist_commentary].delete(:post_id) + @artist_commentary = authorize ArtistCommentary.find_or_initialize_by(post_id: post_id) + @artist_commentary.update(permitted_attributes(@artist_commentary)) respond_with(@artist_commentary) end def revert - @artist_commentary = ArtistCommentary.find_by_post_id!(params[:id]) + @artist_commentary = authorize ArtistCommentary.find_by_post_id!(params[:id]) @version = @artist_commentary.versions.find(params[:version_id]) @artist_commentary.revert_to!(@version) - end - - private - - def commentary_params - params.fetch(:artist_commentary, {}).except(:post_id).permit(%i[ - original_description original_title translated_description translated_title - remove_commentary_tag remove_commentary_request_tag remove_commentary_check_tag remove_partial_commentary_tag - add_commentary_tag add_commentary_request_tag add_commentary_check_tag add_partial_commentary_tag - ]) + respond_with(@artist_commentary) end end diff --git a/app/policies/artist_commentary_policy.rb b/app/policies/artist_commentary_policy.rb new file mode 100644 index 000000000..2a88a9311 --- /dev/null +++ b/app/policies/artist_commentary_policy.rb @@ -0,0 +1,20 @@ +class ArtistCommentaryPolicy < ApplicationPolicy + def create_or_update? + unbanned? + end + + def revert? + unbanned? + end + + def permitted_attributes + %i[ + original_description original_title + translated_description translated_title + remove_commentary_tag remove_commentary_request_tag + remove_commentary_check_tag remove_partial_commentary_tag + add_commentary_tag add_commentary_request_tag + add_commentary_check_tag add_partial_commentary_tag + ] + end +end