e1e3604f46
Let users see when a post has deleted comments. Show normal users a '[deleted]' placeholder when a comment is deleted. Show the full comment to moderators. Also fix it so that the comment creator can't edit or undelete deleted comments, and users can't vote on or report deleted comments. Finally, hide the creator_id, updater_id, and body of deleted comments in the API.
47 lines
1.0 KiB
Ruby
47 lines
1.0 KiB
Ruby
class CommentPolicy < ApplicationPolicy
|
|
def create?
|
|
unbanned?
|
|
end
|
|
|
|
def update?
|
|
unbanned? && (user.is_moderator? || (record.updater_id == user.id && !record.is_deleted?))
|
|
end
|
|
|
|
def reportable?
|
|
unbanned? && record.creator_id != user.id && !record.creator.is_moderator? && !record.is_deleted?
|
|
end
|
|
|
|
def can_sticky_comment?
|
|
user.is_moderator?
|
|
end
|
|
|
|
def can_see_deleted?
|
|
user.is_moderator?
|
|
end
|
|
|
|
def reply?
|
|
create? && !record.is_deleted?
|
|
end
|
|
|
|
def vote?
|
|
# XXX should use CommentVotePolicy
|
|
unbanned? && !record.is_deleted?
|
|
end
|
|
|
|
def permitted_attributes_for_create
|
|
[:body, :post_id, :do_not_bump_post, (:is_sticky if can_sticky_comment?)].compact
|
|
end
|
|
|
|
def permitted_attributes_for_update
|
|
[:body, :is_deleted, (:is_sticky if can_sticky_comment?)].compact
|
|
end
|
|
|
|
def api_attributes
|
|
attributes = super
|
|
attributes -= [:creator_id, :updater_id, :body] if record.is_deleted? && !can_see_deleted?
|
|
attributes
|
|
end
|
|
|
|
alias_method :undelete?, :update?
|
|
end
|