cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move diary comment action to comments controller

Browse source
This commit is contained in:
Anton Khorev 2024-07-12 17:30:48 +03:00
parent b69159795b
commit 00c2589374
8 changed files with 154 additions and 151 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/abilities/ability.rb
View file

@ -42,7 +42,8 @@ class Ability
can [:new, :show, :create, :destroy], :oauth2_authorization can [:new, :show, :create, :destroy], :oauth2_authorization
can [:edit, :update, :destroy], :account can [:edit, :update, :destroy], :account
can [:show], :dashboard can [:show], :dashboard
can [:new, :create, :edit, :update, :comment, :subscribe, :unsubscribe], DiaryEntry can [:new, :create, :edit, :update, :subscribe, :unsubscribe], DiaryEntry
can [:create], DiaryComment
can [:make_friend, :remove_friend], Friendship can [:make_friend, :remove_friend], Friendship
can [:new, :create, :reply, :show, :inbox, :outbox, :muted, :mark, :unmute, :destroy], Message can [:new, :create, :reply, :show, :inbox, :outbox, :muted, :mark, :unmute, :destroy], Message
can [:close, :reopen], Note can [:close, :reopen], Note

33
app/controllers/diary_comments_controller.rb
View file

@ -11,7 +11,7 @@ class DiaryCommentsController < ApplicationController
authorize_resource authorize_resource
before_action :lookup_user, :only => :index before_action :lookup_user, :only => :index
before_action :check_database_writable, :only => [:hide, :unhide] before_action :check_database_writable, :only => [:create, :hide, :unhide]
allow_thirdparty_images :only => :index allow_thirdparty_images :only => :index
@ -26,6 +26,29 @@ class DiaryCommentsController < ApplicationController
@comments, @newer_comments_id, @older_comments_id = get_page_items(comments, :includes => [:user]) @comments, @newer_comments_id, @older_comments_id = get_page_items(comments, :includes => [:user])
end end
def create
@entry = DiaryEntry.find(params[:id])
@comments = @entry.visible_comments
@diary_comment = @entry.comments.build(comment_params)
@diary_comment.user = current_user
if @diary_comment.save
# Notify current subscribers of the new comment
@entry.subscribers.visible.each do |user|
UserMailer.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user
end
# Add the commenter to the subscribers if necessary
@entry.subscriptions.create(:user => current_user) unless @entry.subscribers.exists?(current_user.id)
redirect_to diary_entry_path(@entry.user, @entry)
else
render :action => "new"
end
rescue ActiveRecord::RecordNotFound
render "diary_entries/no_such_entry", :status => :not_found
end
def hide def hide
comment = DiaryComment.find(params[:comment]) comment = DiaryComment.find(params[:comment])
comment.update(:visible => false) comment.update(:visible => false)
@ -37,4 +60,12 @@ class DiaryCommentsController < ApplicationController
comment.update(:visible => true) comment.update(:visible => true)
redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry) redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
end end
private
##
# return permitted diary comment parameters
def comment_params
params.require(:diary_comment).permit(:body)
end
end end

31
app/controllers/diary_entries_controller.rb
View file

@ -11,7 +11,7 @@ class DiaryEntriesController < ApplicationController
authorize_resource authorize_resource
before_action :lookup_user, :only => :show before_action :lookup_user, :only => :show
before_action :check_database_writable, :only => [:new, :create, :edit, :update, :comment, :hide, :unhide, :subscribe, :unsubscribe] before_action :check_database_writable, :only => [:new, :create, :edit, :update, :hide, :unhide, :subscribe, :unsubscribe]
allow_thirdparty_images :only => [:new, :create, :edit, :update, :index, :show] allow_thirdparty_images :only => [:new, :create, :edit, :update, :index, :show]
@ -136,29 +136,6 @@ class DiaryEntriesController < ApplicationController
render :action => "no_such_entry", :status => :not_found render :action => "no_such_entry", :status => :not_found
end end
def comment
@entry = DiaryEntry.find(params[:id])
@comments = @entry.visible_comments
@diary_comment = @entry.comments.build(comment_params)
@diary_comment.user = current_user
if @diary_comment.save
# Notify current subscribers of the new comment
@entry.subscribers.visible.each do |user|
UserMailer.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user
end
# Add the commenter to the subscribers if necessary
@entry.subscriptions.create(:user => current_user) unless @entry.subscribers.exists?(current_user.id)
redirect_to diary_entry_path(@entry.user, @entry)
else
render :action => "show"
end
rescue ActiveRecord::RecordNotFound
render :action => "no_such_entry", :status => :not_found
end
def subscribe def subscribe
@diary_entry = DiaryEntry.find(params[:id]) @diary_entry = DiaryEntry.find(params[:id])
@ -239,12 +216,6 @@ class DiaryEntriesController < ApplicationController
ActionController::Parameters.new.permit(:title, :body, :language_code, :latitude, :longitude) ActionController::Parameters.new.permit(:title, :body, :language_code, :latitude, :longitude)
end end
##
# return permitted diary comment parameters
def comment_params
params.require(:diary_comment).permit(:body)
end
## ##
# decide on a location for the diary entry map # decide on a location for the diary entry map
def set_map_location def set_map_location

2
app/views/diary_entries/show.html.erb
View file

@ -34,7 +34,7 @@
<% if current_user %> <% if current_user %>
<h3 id="newcomment"><%= t ".leave_a_comment" %></h3> <h3 id="newcomment"><%= t ".leave_a_comment" %></h3>
<%= bootstrap_form_for @entry.comments.new, :url => { :action => "comment" } do |f| %> <%= bootstrap_form_for @entry.comments.new, :url => comment_diary_entry_path(@entry.user, @entry) do |f| %>
<%= f.richtext_field :body, :cols => 80, :rows => 20, :hide_label => true %> <%= f.richtext_field :body, :cols => 80, :rows => 20, :hide_label => true %>
<%= f.primary %> <%= f.primary %>
<% end %> <% end %>

2
config/routes.rb
View file

@ -237,7 +237,7 @@ OpenStreetMap::Application.routes.draw do
scope "/user/:display_name" do scope "/user/:display_name" do
resources :diary_entries, :path => "diary", :only => [:edit, :update, :show], :id => /\d+/ resources :diary_entries, :path => "diary", :only => [:edit, :update, :show], :id => /\d+/
end end
post "/user/:display_name/diary/:id/newcomment" => "diary_entries#comment", :id => /\d+/, :as => :comment_diary_entry post "/user/:display_name/diary/:id/newcomment" => "diary_comments#create", :id => /\d+/, :as => :comment_diary_entry
post "/user/:display_name/diary/:id/hide" => "diary_entries#hide", :id => /\d+/, :as => :hide_diary_entry post "/user/:display_name/diary/:id/hide" => "diary_entries#hide", :id => /\d+/, :as => :hide_diary_entry
post "/user/:display_name/diary/:id/unhide" => "diary_entries#unhide", :id => /\d+/, :as => :unhide_diary_entry post "/user/:display_name/diary/:id/unhide" => "diary_entries#unhide", :id => /\d+/, :as => :unhide_diary_entry
post "/user/:display_name/diary/:id/hidecomment/:comment" => "diary_comments#hide", :id => /\d+/, :comment => /\d+/, :as => :hide_diary_comment post "/user/:display_name/diary/:id/hidecomment/:comment" => "diary_comments#hide", :id => /\d+/, :comment => /\d+/, :as => :hide_diary_comment

12
test/abilities/abilities_test.rb
View file

@ -25,11 +25,11 @@ class GuestAbilityTest < AbilityTest
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments" assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments"
end end
[:create, :edit, :comment, :subscribe, :unsubscribe, :hide, :unhide].each do |action| [:create, :edit, :subscribe, :unsubscribe, :hide, :unhide].each do |action|
assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries" assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries"
end end
[:hide, :unhide].each do |action| [:create, :hide, :unhide].each do |action|
assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryComments" assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryComments"
end end
end end
@ -55,11 +55,11 @@ class UserAbilityTest < AbilityTest
test "Diary permissions" do test "Diary permissions" do
ability = Ability.new create(:user) ability = Ability.new create(:user)
[:index, :rss, :show, :create, :edit, :comment, :subscribe, :unsubscribe].each do |action| [:index, :rss, :show, :create, :edit, :subscribe, :unsubscribe].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries" assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end end
[:index].each do |action| [:index, :create].each do |action|
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments" assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments"
end end
@ -100,11 +100,11 @@ end
class AdministratorAbilityTest < AbilityTest class AdministratorAbilityTest < AbilityTest
test "Diary for an administrator" do test "Diary for an administrator" do
ability = Ability.new create(:administrator_user) ability = Ability.new create(:administrator_user)
[:index, :rss, :show, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :unhide].each do |action| [:index, :rss, :show, :create, :edit, :subscribe, :unsubscribe, :hide, :unhide].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries" assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end end
[:index, :hide, :unhide].each do |action| [:index, :create, :hide, :unhide].each do |action|
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments" assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments"
end end
end end

111
test/controllers/diary_comments_controller_test.rb
View file

@ -12,6 +12,10 @@ class DiaryCommentsControllerTest < ActionDispatch::IntegrationTest
{ :path => "/user/username/diary/comments", :method => :get }, { :path => "/user/username/diary/comments", :method => :get },
{ :controller => "diary_comments", :action => "index", :display_name => "username" } { :controller => "diary_comments", :action => "index", :display_name => "username" }
) )
assert_routing(
{ :path => "/user/username/diary/1/newcomment", :method => :post },
{ :controller => "diary_comments", :action => "create", :display_name => "username", :id => "1" }
)
assert_routing( assert_routing(
{ :path => "/user/username/diary/1/hidecomment/2", :method => :post }, { :path => "/user/username/diary/1/hidecomment/2", :method => :post },
{ :controller => "diary_comments", :action => "hide", :display_name => "username", :id => "1", :comment => "2" } { :controller => "diary_comments", :action => "hide", :display_name => "username", :id => "1", :comment => "2" }
@ -69,6 +73,113 @@ class DiaryCommentsControllerTest < ActionDispatch::IntegrationTest
end end
end end
def test_create
user = create(:user)
other_user = create(:user)
entry = create(:diary_entry, :user => user)
create(:diary_entry_subscription, :diary_entry => entry, :user => user)
# Make sure that you are denied when you are not logged in
post comment_diary_entry_path(entry.user, entry)
assert_response :forbidden
session_for(other_user)
# Verify that you get a not found error, when you pass a bogus id
post comment_diary_entry_path(entry.user, :id => 9999)
assert_response :not_found
assert_select "div.content-heading", :count => 1 do
assert_select "h1", :text => "No entry with the id: 9999", :count => 1
end
# Now try an invalid comment with an empty body
assert_no_difference "ActionMailer::Base.deliveries.size" do
assert_no_difference "DiaryComment.count" do
assert_no_difference "entry.subscribers.count" do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "" })
end
end
end
end
assert_response :success
assert_template :new
# Now try again with the right id
assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do
assert_difference "DiaryComment.count", 1 do
assert_difference "entry.subscribers.count", 1 do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "New comment" })
end
end
end
end
assert_redirected_to diary_entry_path(entry.user, entry)
email = ActionMailer::Base.deliveries.first
assert_equal [user.email], email.to
assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject
assert_match(/New comment/, email.text_part.decoded)
assert_match(/New comment/, email.html_part.decoded)
ActionMailer::Base.deliveries.clear
comment = DiaryComment.order(:id).last
assert_equal entry.id, comment.diary_entry_id
assert_equal other_user.id, comment.user_id
assert_equal "New comment", comment.body
# Now show the diary entry, and check the new comment is present
get diary_entry_path(entry.user, entry)
assert_response :success
assert_select ".diary-comment", :count => 1 do
assert_select "#comment#{comment.id}", :count => 1 do
assert_select "a[href='/user/#{ERB::Util.u(other_user.display_name)}']", :text => other_user.display_name, :count => 1
end
assert_select ".richtext", :text => /New comment/, :count => 1
end
end
def test_create_spammy
user = create(:user)
other_user = create(:user)
entry = create(:diary_entry, :user => user)
create(:diary_entry_subscription, :diary_entry => entry, :user => user)
session_for(other_user)
# Generate some spammy content
spammy_text = 1.upto(50).map { |n| "http://example.com/spam#{n}" }.join(" ")
# Try creating a spammy comment
assert_difference "ActionMailer::Base.deliveries.size", 1 do
assert_difference "DiaryComment.count", 1 do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => spammy_text })
end
end
end
assert_redirected_to diary_entry_path(entry.user, entry)
email = ActionMailer::Base.deliveries.first
assert_equal [user.email], email.to
assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject
assert_match %r{http://example.com/spam}, email.text_part.decoded
assert_match %r{http://example.com/spam}, email.html_part.decoded
ActionMailer::Base.deliveries.clear
comment = DiaryComment.order(:id).last
assert_equal entry.id, comment.diary_entry_id
assert_equal other_user.id, comment.user_id
assert_equal spammy_text, comment.body
assert_equal "suspended", User.find(other_user.id).status
# Follow the redirect
get diary_entries_path(:display_name => user.display_name)
assert_redirected_to :controller => :users, :action => :suspended
# Now show the diary entry, and check the new comment is not present
get diary_entry_path(entry.user, entry)
assert_response :success
assert_select ".diary-comment", :count => 0
end
def test_hide def test_hide
user = create(:user) user = create(:user)
diary_entry = create(:diary_entry, :user => user) diary_entry = create(:diary_entry, :user => user)

111
test/controllers/diary_entries_controller_test.rb
View file

@ -69,10 +69,6 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
{ :path => "/user/username/diary/1", :method => :put }, { :path => "/user/username/diary/1", :method => :put },
{ :controller => "diary_entries", :action => "update", :display_name => "username", :id => "1" } { :controller => "diary_entries", :action => "update", :display_name => "username", :id => "1" }
) )
assert_routing(
{ :path => "/user/username/diary/1/newcomment", :method => :post },
{ :controller => "diary_entries", :action => "comment", :display_name => "username", :id => "1" }
)
assert_routing( assert_routing(
{ :path => "/user/username/diary/1/hide", :method => :post }, { :path => "/user/username/diary/1/hide", :method => :post },
{ :controller => "diary_entries", :action => "hide", :display_name => "username", :id => "1" } { :controller => "diary_entries", :action => "hide", :display_name => "username", :id => "1" }
@ -340,113 +336,6 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry" assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry"
end end
def test_comment
user = create(:user)
other_user = create(:user)
entry = create(:diary_entry, :user => user)
create(:diary_entry_subscription, :diary_entry => entry, :user => user)
# Make sure that you are denied when you are not logged in
post comment_diary_entry_path(entry.user, entry)
assert_response :forbidden
session_for(other_user)
# Verify that you get a not found error, when you pass a bogus id
post comment_diary_entry_path(entry.user, :id => 9999)
assert_response :not_found
assert_select "div.content-heading", :count => 1 do
assert_select "h1", :text => "No entry with the id: 9999", :count => 1
end
# Now try an invalid comment with an empty body
assert_no_difference "ActionMailer::Base.deliveries.size" do
assert_no_difference "DiaryComment.count" do
assert_no_difference "entry.subscribers.count" do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "" })
end
end
end
end
assert_response :success
assert_template :show
# Now try again with the right id
assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do
assert_difference "DiaryComment.count", 1 do
assert_difference "entry.subscribers.count", 1 do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "New comment" })
end
end
end
end
assert_redirected_to :action => :show, :display_name => entry.user.display_name, :id => entry.id
email = ActionMailer::Base.deliveries.first
assert_equal [user.email], email.to
assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject
assert_match(/New comment/, email.text_part.decoded)
assert_match(/New comment/, email.html_part.decoded)
ActionMailer::Base.deliveries.clear
comment = DiaryComment.order(:id).last
assert_equal entry.id, comment.diary_entry_id
assert_equal other_user.id, comment.user_id
assert_equal "New comment", comment.body
# Now show the diary entry, and check the new comment is present
get diary_entry_path(entry.user, entry)
assert_response :success
assert_select ".diary-comment", :count => 1 do
assert_select "#comment#{comment.id}", :count => 1 do
assert_select "a[href='/user/#{ERB::Util.u(other_user.display_name)}']", :text => other_user.display_name, :count => 1
end
assert_select ".richtext", :text => /New comment/, :count => 1
end
end
def test_comment_spammy
user = create(:user)
other_user = create(:user)
entry = create(:diary_entry, :user => user)
create(:diary_entry_subscription, :diary_entry => entry, :user => user)
session_for(other_user)
# Generate some spammy content
spammy_text = 1.upto(50).map { |n| "http://example.com/spam#{n}" }.join(" ")
# Try creating a spammy comment
assert_difference "ActionMailer::Base.deliveries.size", 1 do
assert_difference "DiaryComment.count", 1 do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => spammy_text })
end
end
end
assert_redirected_to :action => :show, :display_name => entry.user.display_name, :id => entry.id
email = ActionMailer::Base.deliveries.first
assert_equal [user.email], email.to
assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject
assert_match %r{http://example.com/spam}, email.text_part.decoded
assert_match %r{http://example.com/spam}, email.html_part.decoded
ActionMailer::Base.deliveries.clear
comment = DiaryComment.order(:id).last
assert_equal entry.id, comment.diary_entry_id
assert_equal other_user.id, comment.user_id
assert_equal spammy_text, comment.body
assert_equal "suspended", User.find(other_user.id).status
# Follow the redirect
get diary_entries_path(:display_name => user.display_name)
assert_redirected_to :controller => :users, :action => :suspended
# Now show the diary entry, and check the new comment is not present
get diary_entry_path(entry.user, entry)
assert_response :success
assert_select ".diary-comment", :count => 0
end
def test_index_all def test_index_all
diary_entry = create(:diary_entry) diary_entry = create(:diary_entry)
geo_entry = create(:diary_entry, :latitude => 51.50763, :longitude => -0.10781) geo_entry = create(:diary_entry, :latitude => 51.50763, :longitude => -0.10781)