jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
0ad42d23c9dad05e775b50c92dcd05ce9b683497
danbooru/app/controllers/dmails_controller.rb
evazion 0ad42d23c9 models: refactor search visibility methods. 
Refactor how model visibility works in index actions:

* Call `visible` in the controller instead of in model `search`
  methods. This decouples model visibility from model searching.

* Explicitly pass CurrentUser when calling `visible`. This reduces
  hidden dependencies on the current user inside models.

* Standardize on calling the method `visible`. In some places it was
  called `permitted` instead.

* Add a `visible` base method to ApplicationModel.
2020-02-19 17:08:59 -06:00

71 lines
1.7 KiB
Ruby
Raw Blame History

class DmailsController < ApplicationController
respond_to :html, :xml, :js, :json
before_action :member_only, except: [:index, :show, :update, :mark_all_as_read]
def new
if params[:respond_to_id]
parent = Dmail.find(params[:respond_to_id])
check_show_privilege(parent)
@dmail = parent.build_response(:forward => params[:forward])
else
@dmail = Dmail.new(dmail_params(:create))
end
respond_with(@dmail)
end
def index
@dmails = Dmail.visible(CurrentUser.user).paginated_search(params, count_pages: true)
@dmails = @dmails.includes(:owner, :to, :from) if request.format.html?
respond_with(@dmails)
end
def show
@dmail = Dmail.find(params[:id])
check_show_privilege(@dmail)
if request.format.html? && @dmail.owner == CurrentUser.user
@dmail.update!(is_read: true)
end
respond_with(@dmail)
end
def create
@dmail = Dmail.create_split(dmail_params(:create))
respond_with(@dmail)
end
def update
@dmail = Dmail.find(params[:id])
check_update_privilege(@dmail)
@dmail.update(dmail_params(:update))
flash[:notice] = "Dmail updated"
respond_with(@dmail)
end
def mark_all_as_read
@dmails = CurrentUser.user.dmails.mark_all_as_read
respond_with(@dmails)
end
private
def check_show_privilege(dmail)
raise User::PrivilegeError unless dmail.visible_to?(CurrentUser.user, params[:key])
end
def check_update_privilege(dmail)
raise User::PrivilegeError unless dmail.owner == CurrentUser.user
end
def dmail_params(context)
permitted_params = %i[title body to_name to_id] if context == :create
permitted_params = %i[is_read is_deleted] if context == :update
params.fetch(:dmail, {}).permit(permitted_params)
end
end
Reference in New Issue View Git Blame Copy Permalink