cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/pull/4978'

Browse source
This commit is contained in:
Tom Hughes 2024-07-12 19:25:21 +01:00
commit b5c72bb6d7
10 changed files with 168 additions and 151 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/abilities/ability.rb
View file

@ -42,7 +42,8 @@ class Ability
can [:new, :show, :create, :destroy], :oauth2_authorization
can [:edit, :update, :destroy], :account
can [:show], :dashboard
can [:new, :create, :edit, :update, :comment, :subscribe, :unsubscribe], DiaryEntry
can [:new, :create, :edit, :update, :subscribe, :unsubscribe], DiaryEntry
can [:create], DiaryComment
can [:make_friend, :remove_friend], Friendship
can [:new, :create, :reply, :show, :inbox, :outbox, :muted, :mark, :unmute, :destroy], Message
can [:close, :reopen], Note

33
app/controllers/diary_comments_controller.rb
View file

@ -11,7 +11,7 @@ class DiaryCommentsController < ApplicationController
authorize_resource
before_action :lookup_user, :only => :index
before_action :check_database_writable, :only => [:hide, :unhide]
before_action :check_database_writable, :only => [:create, :hide, :unhide]
allow_thirdparty_images :only => :index
@ -26,6 +26,29 @@ class DiaryCommentsController < ApplicationController
@comments, @newer_comments_id, @older_comments_id = get_page_items(comments, :includes => [:user])
end
def create
@entry = DiaryEntry.find(params[:id])
@comments = @entry.visible_comments
@diary_comment = @entry.comments.build(comment_params)
@diary_comment.user = current_user
if @diary_comment.save
# Notify current subscribers of the new comment
@entry.subscribers.visible.each do |user|
UserMailer.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user
end
# Add the commenter to the subscribers if necessary
@entry.subscriptions.create(:user => current_user) unless @entry.subscribers.exists?(current_user.id)
redirect_to diary_entry_path(@entry.user, @entry)
else
render :action => "new"
end
rescue ActiveRecord::RecordNotFound
render "diary_entries/no_such_entry", :status => :not_found
end
def hide
comment = DiaryComment.find(params[:comment])
comment.update(:visible => false)
@ -37,4 +60,12 @@ class DiaryCommentsController < ApplicationController
comment.update(:visible => true)
redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
end
private
##
# return permitted diary comment parameters
def comment_params
params.require(:diary_comment).permit(:body)
end
end

31
app/controllers/diary_entries_controller.rb
View file

@ -11,7 +11,7 @@ class DiaryEntriesController < ApplicationController
authorize_resource
before_action :lookup_user, :only => :show
before_action :check_database_writable, :only => [:new, :create, :edit, :update, :comment, :hide, :unhide, :subscribe, :unsubscribe]
before_action :check_database_writable, :only => [:new, :create, :edit, :update, :hide, :unhide, :subscribe, :unsubscribe]
allow_thirdparty_images :only => [:new, :create, :edit, :update, :index, :show]
@ -136,29 +136,6 @@ class DiaryEntriesController < ApplicationController
render :action => "no_such_entry", :status => :not_found
end
def comment
@entry = DiaryEntry.find(params[:id])
@comments = @entry.visible_comments
@diary_comment = @entry.comments.build(comment_params)
@diary_comment.user = current_user
if @diary_comment.save
# Notify current subscribers of the new comment
@entry.subscribers.visible.each do |user|
UserMailer.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user
end
# Add the commenter to the subscribers if necessary
@entry.subscriptions.create(:user => current_user) unless @entry.subscribers.exists?(current_user.id)
redirect_to diary_entry_path(@entry.user, @entry)
else
render :action => "show"
end
rescue ActiveRecord::RecordNotFound
render :action => "no_such_entry", :status => :not_found
end
def subscribe
@diary_entry = DiaryEntry.find(params[:id])
@ -239,12 +216,6 @@ class DiaryEntriesController < ApplicationController
ActionController::Parameters.new.permit(:title, :body, :language_code, :latitude, :longitude)
end
##
# return permitted diary comment parameters
def comment_params
params.require(:diary_comment).permit(:body)
end
##
# decide on a location for the diary entry map
def set_map_location

12
app/views/diary_comments/new.html.erb Normal file
View file

@ -0,0 +1,12 @@
<% content_for :heading do %>
<h1><%= t ".heading" %></h1>
<% end %>
<%= render :partial => "diary_entries/diary_entry_heading", :object => @entry, :as => "diary_entry" %>
<h3><%= t "diary_entries.show.leave_a_comment" %></h3>
<%= bootstrap_form_for @diary_comment, :url => comment_diary_entry_path(@entry.user, @entry) do |f| %>
<%= f.richtext_field :body, :cols => 80, :rows => 20, :hide_label => true %>
<%= f.primary %>
<% end %>

2
app/views/diary_entries/show.html.erb
View file

@ -34,7 +34,7 @@
<% if current_user %>
<h3 id="newcomment"><%= t ".leave_a_comment" %></h3>
<%= bootstrap_form_for @entry.comments.new, :url => { :action => "comment" } do |f| %>
<%= bootstrap_form_for @entry.comments.new, :url => comment_diary_entry_path(@entry.user, @entry) do |f| %>
<%= f.richtext_field :body, :cols => 80, :rows => 20, :hide_label => true %>
<%= f.primary %>
<% end %>

2
config/locales/en.yml
View file

@ -609,6 +609,8 @@ en:
comment: Comment
newer_comments: "Newer Comments"
older_comments: "Older Comments"
new:
heading: Add a comment to the following diary entry discussion?
doorkeeper:
errors:
messages:

2
config/routes.rb
View file

@ -237,7 +237,7 @@ OpenStreetMap::Application.routes.draw do
scope "/user/:display_name" do
resources :diary_entries, :path => "diary", :only => [:edit, :update, :show], :id => /\d+/
end
post "/user/:display_name/diary/:id/newcomment" => "diary_entries#comment", :id => /\d+/, :as => :comment_diary_entry
post "/user/:display_name/diary/:id/newcomment" => "diary_comments#create", :id => /\d+/, :as => :comment_diary_entry
post "/user/:display_name/diary/:id/hide" => "diary_entries#hide", :id => /\d+/, :as => :hide_diary_entry
post "/user/:display_name/diary/:id/unhide" => "diary_entries#unhide", :id => /\d+/, :as => :unhide_diary_entry
post "/user/:display_name/diary/:id/hidecomment/:comment" => "diary_comments#hide", :id => /\d+/, :comment => /\d+/, :as => :hide_diary_comment

12
test/abilities/abilities_test.rb
View file

@ -25,11 +25,11 @@ class GuestAbilityTest < AbilityTest
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments"
end
[:create, :edit, :comment, :subscribe, :unsubscribe, :hide, :unhide].each do |action|
[:create, :edit, :subscribe, :unsubscribe, :hide, :unhide].each do |action|
assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries"
end
[:hide, :unhide].each do |action|
[:create, :hide, :unhide].each do |action|
assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryComments"
end
end
@ -55,11 +55,11 @@ class UserAbilityTest < AbilityTest
test "Diary permissions" do
ability = Ability.new create(:user)
[:index, :rss, :show, :create, :edit, :comment, :subscribe, :unsubscribe].each do |action|
[:index, :rss, :show, :create, :edit, :subscribe, :unsubscribe].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end
[:index].each do |action|
[:index, :create].each do |action|
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments"
end
@ -100,11 +100,11 @@ end
class AdministratorAbilityTest < AbilityTest
test "Diary for an administrator" do
ability = Ability.new create(:administrator_user)
[:index, :rss, :show, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :unhide].each do |action|
[:index, :rss, :show, :create, :edit, :subscribe, :unsubscribe, :hide, :unhide].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end
[:index, :hide, :unhide].each do |action|
[:index, :create, :hide, :unhide].each do |action|
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments"
end
end

111
test/controllers/diary_comments_controller_test.rb
View file

@ -12,6 +12,10 @@ class DiaryCommentsControllerTest < ActionDispatch::IntegrationTest
{ :path => "/user/username/diary/comments", :method => :get },
{ :controller => "diary_comments", :action => "index", :display_name => "username" }
)
assert_routing(
{ :path => "/user/username/diary/1/newcomment", :method => :post },
{ :controller => "diary_comments", :action => "create", :display_name => "username", :id => "1" }
)
assert_routing(
{ :path => "/user/username/diary/1/hidecomment/2", :method => :post },
{ :controller => "diary_comments", :action => "hide", :display_name => "username", :id => "1", :comment => "2" }
@ -69,6 +73,113 @@ class DiaryCommentsControllerTest < ActionDispatch::IntegrationTest
end
end
def test_create
user = create(:user)
other_user = create(:user)
entry = create(:diary_entry, :user => user)
create(:diary_entry_subscription, :diary_entry => entry, :user => user)
# Make sure that you are denied when you are not logged in
post comment_diary_entry_path(entry.user, entry)
assert_response :forbidden
session_for(other_user)
# Verify that you get a not found error, when you pass a bogus id
post comment_diary_entry_path(entry.user, :id => 9999)
assert_response :not_found
assert_select "div.content-heading", :count => 1 do
assert_select "h1", :text => "No entry with the id: 9999", :count => 1
end
# Now try an invalid comment with an empty body
assert_no_difference "ActionMailer::Base.deliveries.size" do
assert_no_difference "DiaryComment.count" do
assert_no_difference "entry.subscribers.count" do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "" })
end
end
end
end
assert_response :success
assert_template :new
# Now try again with the right id
assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do
assert_difference "DiaryComment.count", 1 do
assert_difference "entry.subscribers.count", 1 do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "New comment" })
end
end
end
end
assert_redirected_to diary_entry_path(entry.user, entry)
email = ActionMailer::Base.deliveries.first
assert_equal [user.email], email.to
assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject
assert_match(/New comment/, email.text_part.decoded)
assert_match(/New comment/, email.html_part.decoded)
ActionMailer::Base.deliveries.clear
comment = DiaryComment.order(:id).last
assert_equal entry.id, comment.diary_entry_id
assert_equal other_user.id, comment.user_id
assert_equal "New comment", comment.body
# Now show the diary entry, and check the new comment is present
get diary_entry_path(entry.user, entry)
assert_response :success
assert_select ".diary-comment", :count => 1 do
assert_select "#comment#{comment.id}", :count => 1 do
assert_select "a[href='/user/#{ERB::Util.u(other_user.display_name)}']", :text => other_user.display_name, :count => 1
end
assert_select ".richtext", :text => /New comment/, :count => 1
end
end
def test_create_spammy
user = create(:user)
other_user = create(:user)
entry = create(:diary_entry, :user => user)
create(:diary_entry_subscription, :diary_entry => entry, :user => user)
session_for(other_user)
# Generate some spammy content
spammy_text = 1.upto(50).map { |n| "http://example.com/spam#{n}" }.join(" ")
# Try creating a spammy comment
assert_difference "ActionMailer::Base.deliveries.size", 1 do
assert_difference "DiaryComment.count", 1 do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => spammy_text })
end
end
end
assert_redirected_to diary_entry_path(entry.user, entry)
email = ActionMailer::Base.deliveries.first
assert_equal [user.email], email.to
assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject
assert_match %r{http://example.com/spam}, email.text_part.decoded
assert_match %r{http://example.com/spam}, email.html_part.decoded
ActionMailer::Base.deliveries.clear
comment = DiaryComment.order(:id).last
assert_equal entry.id, comment.diary_entry_id
assert_equal other_user.id, comment.user_id
assert_equal spammy_text, comment.body
assert_equal "suspended", User.find(other_user.id).status
# Follow the redirect
get diary_entries_path(:display_name => user.display_name)
assert_redirected_to :controller => :users, :action => :suspended
# Now show the diary entry, and check the new comment is not present
get diary_entry_path(entry.user, entry)
assert_response :success
assert_select ".diary-comment", :count => 0
end
def test_hide
user = create(:user)
diary_entry = create(:diary_entry, :user => user)

111
test/controllers/diary_entries_controller_test.rb
View file

@ -69,10 +69,6 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
{ :path => "/user/username/diary/1", :method => :put },
{ :controller => "diary_entries", :action => "update", :display_name => "username", :id => "1" }
)
assert_routing(
{ :path => "/user/username/diary/1/newcomment", :method => :post },
{ :controller => "diary_entries", :action => "comment", :display_name => "username", :id => "1" }
)
assert_routing(
{ :path => "/user/username/diary/1/hide", :method => :post },
{ :controller => "diary_entries", :action => "hide", :display_name => "username", :id => "1" }
@ -340,113 +336,6 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry"
end
def test_comment
user = create(:user)
other_user = create(:user)
entry = create(:diary_entry, :user => user)
create(:diary_entry_subscription, :diary_entry => entry, :user => user)
# Make sure that you are denied when you are not logged in
post comment_diary_entry_path(entry.user, entry)
assert_response :forbidden
session_for(other_user)
# Verify that you get a not found error, when you pass a bogus id
post comment_diary_entry_path(entry.user, :id => 9999)
assert_response :not_found
assert_select "div.content-heading", :count => 1 do
assert_select "h1", :text => "No entry with the id: 9999", :count => 1
end
# Now try an invalid comment with an empty body
assert_no_difference "ActionMailer::Base.deliveries.size" do
assert_no_difference "DiaryComment.count" do
assert_no_difference "entry.subscribers.count" do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "" })
end
end
end
end
assert_response :success
assert_template :show
# Now try again with the right id
assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do
assert_difference "DiaryComment.count", 1 do
assert_difference "entry.subscribers.count", 1 do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "New comment" })
end
end
end
end
assert_redirected_to :action => :show, :display_name => entry.user.display_name, :id => entry.id
email = ActionMailer::Base.deliveries.first
assert_equal [user.email], email.to
assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject
assert_match(/New comment/, email.text_part.decoded)
assert_match(/New comment/, email.html_part.decoded)
ActionMailer::Base.deliveries.clear
comment = DiaryComment.order(:id).last
assert_equal entry.id, comment.diary_entry_id
assert_equal other_user.id, comment.user_id
assert_equal "New comment", comment.body
# Now show the diary entry, and check the new comment is present
get diary_entry_path(entry.user, entry)
assert_response :success
assert_select ".diary-comment", :count => 1 do
assert_select "#comment#{comment.id}", :count => 1 do
assert_select "a[href='/user/#{ERB::Util.u(other_user.display_name)}']", :text => other_user.display_name, :count => 1
end
assert_select ".richtext", :text => /New comment/, :count => 1
end
end
def test_comment_spammy
user = create(:user)
other_user = create(:user)
entry = create(:diary_entry, :user => user)
create(:diary_entry_subscription, :diary_entry => entry, :user => user)
session_for(other_user)
# Generate some spammy content
spammy_text = 1.upto(50).map { |n| "http://example.com/spam#{n}" }.join(" ")
# Try creating a spammy comment
assert_difference "ActionMailer::Base.deliveries.size", 1 do
assert_difference "DiaryComment.count", 1 do
perform_enqueued_jobs do
post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => spammy_text })
end
end
end
assert_redirected_to :action => :show, :display_name => entry.user.display_name, :id => entry.id
email = ActionMailer::Base.deliveries.first
assert_equal [user.email], email.to
assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject
assert_match %r{http://example.com/spam}, email.text_part.decoded
assert_match %r{http://example.com/spam}, email.html_part.decoded
ActionMailer::Base.deliveries.clear
comment = DiaryComment.order(:id).last
assert_equal entry.id, comment.diary_entry_id
assert_equal other_user.id, comment.user_id
assert_equal spammy_text, comment.body
assert_equal "suspended", User.find(other_user.id).status
# Follow the redirect
get diary_entries_path(:display_name => user.display_name)
assert_redirected_to :controller => :users, :action => :suspended
# Now show the diary entry, and check the new comment is not present
get diary_entry_path(entry.user, entry)
assert_response :success
assert_select ".diary-comment", :count => 0
end
def test_index_all
diary_entry = create(:diary_entry)
geo_entry = create(:diary_entry, :latitude => 51.50763, :longitude => -0.10781)