054ac51d47
This refactors Pundit policies to only rely on the current user, not on the current user and the current HTTP request. In retrospect, it was a bad idea to include the current request in the Pundit context. It bleeds out everywhere and there are many contexts (in tests and models) where we only have the current user, not the current request. The previous commit got rid of the only two places where we used it.
32 lines
1.1 KiB
Ruby
32 lines
1.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class CommentComponent < ApplicationComponent
|
|
attr_reader :comment, :context, :dtext_data, :show_deleted, :current_user
|
|
delegate :link_to_user, :time_ago_in_words_tagged, :format_text, :policy, to: :helpers
|
|
|
|
def self.with_collection(comments, current_user:, **options)
|
|
dtext_data = DText.preprocess(comments.map(&:body))
|
|
# XXX
|
|
#comments = comments.includes(:moderation_reports) if Pundit.policy!(current_user, ModerationReport).show?
|
|
|
|
super(comments, current_user: current_user, dtext_data: dtext_data, **options)
|
|
end
|
|
|
|
# XXX calls to pundit policy don't respect current_user.
|
|
def initialize(comment:, current_user:, context: nil, dtext_data: nil, show_deleted: false)
|
|
@comment = comment
|
|
@context = context
|
|
@dtext_data = dtext_data
|
|
@show_deleted = show_deleted
|
|
@current_user = current_user
|
|
end
|
|
|
|
def render?
|
|
!comment.is_deleted? || show_deleted || current_user.is_moderator?
|
|
end
|
|
|
|
def has_moderation_reports?
|
|
policy(ModerationReport).show? && comment.moderation_reports.present?
|
|
end
|
|
end
|