jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
da9c145c64587636178efe2739ba2a63f0cee512
danbooru/app/controllers/comments_controller.rb
evazion f38c38f26e search: split tag_match into user_tag_match / system_tag_match. 
When doing a tag search, we have to be careful about which user we're
running the search as because the results depend on the current user.
Specifically, things like private favorites, private favorite groups,
post votes, saved searches, and flagger names depend on the user's
permissions, and whether non-safe or deleted posts are filtered out
depend on whether the user has safe mode on or the hide deleted posts
setting enabled.

* Refactor internal searches to explicitly state whether they're
  running as the system user (DanbooruBot) or as the current user.
* Explicitly pass in the current user to PostQueryBuilder instead of
  implicitly relying on the CurrentUser global.
* Get rid of CurrentUser.admin_mode? (used to ignore the hide deleted
  post setting) and CurrentUser.without_safe_mode (used to ignore safe
  mode).
* Change the /counts/posts.json endpoint to ignore safe mode and the
  hide deleted posts settings when counting posts.
* Fix searches not correctly overriding the hide deleted posts setting
  when multiple status: metatags were used (e.g. `status:banned status:active`)
* Fix fast_count not respecting the hide deleted posts setting when the
  status:banned metatag was used.
2020-05-07 03:29:44 -05:00

108 lines
2.9 KiB
Ruby
Raw Blame History

class CommentsController < ApplicationController
respond_to :html, :xml, :json, :atom
respond_to :js, only: [:new, :destroy, :undelete]
skip_before_action :api_check
def index
params[:group_by] ||= "comment" if params[:search].present?
if params[:group_by] == "comment" || request.format.atom?
index_by_comment
elsif request.format.js?
index_for_post
else
index_by_post
end
end
def search
end
def new
if params[:id]
quoted_comment = Comment.find(params[:id])
@comment = authorize Comment.new(post_id: quoted_comment.post_id, body: quoted_comment.quoted_response)
else
@comment = authorize Comment.new(permitted_attributes(Comment))
end
respond_with(@comment)
end
def update
@comment = authorize Comment.find(params[:id])
@comment.update(permitted_attributes(@comment))
respond_with(@comment, :location => post_path(@comment.post_id))
end
def create
@comment = authorize Comment.new(creator: CurrentUser.user, creator_ip_addr: CurrentUser.ip_addr)
@comment.update(permitted_attributes(@comment))
flash[:notice] = @comment.valid? ? "Comment posted" : @comment.errors.full_messages.join("; ")
respond_with(@comment) do |format|
format.html do
redirect_back fallback_location: (@comment.post || comments_path)
end
end
end
def edit
@comment = authorize Comment.find(params[:id])
respond_with(@comment)
end
def show
@comment = authorize Comment.find(params[:id])
respond_with(@comment) do |format|
format.html do
redirect_to post_path(@comment.post, anchor: "comment_#{@comment.id}")
end
end
end
def destroy
@comment = authorize Comment.find(params[:id])
@comment.update(is_deleted: true)
respond_with(@comment)
end
def undelete
@comment = authorize Comment.find(params[:id])
@comment.update(is_deleted: false)
respond_with(@comment)
end
private
def index_for_post
@post = Post.find(params[:post_id])
@comments = @post.comments
render :action => "index_for_post"
end
def index_by_post
@posts = Post.where("last_comment_bumped_at IS NOT NULL").user_tag_match(params[:tags]).reorder("last_comment_bumped_at DESC NULLS LAST").paginate(params[:page], :limit => 5, :search_count => params[:search])
if request.format.html?
@posts = @posts.includes(comments: [:creator])
@posts = @posts.includes(comments: [:votes]) if CurrentUser.is_member?
end
respond_with(@posts)
end
def index_by_comment
@comments = Comment.paginated_search(params)
if request.format.atom?
@comments = @comments.includes(:creator, :post)
elsif request.format.html?
@comments = @comments.includes(:creator, :updater, post: :uploader)
@comments = @comments.includes(:votes) if CurrentUser.is_member?
end
respond_with(@comments)
end
end
Reference in New Issue View Git Blame Copy Permalink