cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openstreetmap-website/app/controllers/changeset_comments_controller.rb
Andy Allan 8f70fb2114 Use CanCanCan for changeset comments 
This introduces different deny_access handlers for web and api requests, since we want to avoid sending redirects as API responses. See #2064 for discussion.
2018-11-28 12:35:45 +01:00

128 lines
3.8 KiB
Ruby
Raw Blame History

class ChangesetCommentsController < ApplicationController
skip_before_action :verify_authenticity_token, :except => [:index]
before_action :authorize_web, :only => [:index]
before_action :set_locale, :only => [:index]
before_action :authorize, :only => [:create, :destroy, :restore]
before_action :api_deny_access_handler, :only => [:create, :destroy, :restore]
authorize_resource
before_action :require_public_data, :only => [:create]
before_action :check_api_writable, :only => [:create, :destroy, :restore]
before_action :check_api_readable, :except => [:create, :index]
before_action(:only => [:index]) { |c| c.check_database_readable(true) }
around_action :api_call_handle_error, :except => [:index]
around_action :api_call_timeout, :except => [:index]
around_action :web_timeout, :only => [:index]
##
# Add a comment to a changeset
def create
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
raise OSM::APIBadUserInput, "No text was given" if params[:text].blank?
# Extract the arguments
id = params[:id].to_i
body = params[:text]
# Find the changeset and check it is valid
changeset = Changeset.find(id)
raise OSM::APIChangesetNotYetClosedError, changeset if changeset.is_open?
# Add a comment to the changeset
comment = changeset.comments.create(:changeset => changeset,
:body => body,
:author => current_user)
# Notify current subscribers of the new comment
changeset.subscribers.visible.each do |user|
Notifier.changeset_comment_notification(comment, user).deliver_later if current_user != user
end
# Add the commenter to the subscribers if necessary
changeset.subscribers << current_user unless changeset.subscribers.exists?(current_user.id)
# Return a copy of the updated changeset
render :xml => changeset.to_xml.to_s
end
##
# Sets visible flag on comment to false
def destroy
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
# Find the changeset
comment = ChangesetComment.find(id)
# Hide the comment
comment.update(:visible => false)
# Return a copy of the updated changeset
render :xml => comment.changeset.to_xml.to_s
end
##
# Sets visible flag on comment to true
def restore
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
# Find the changeset
comment = ChangesetComment.find(id)
# Unhide the comment
comment.update(:visible => true)
# Return a copy of the updated changeset
render :xml => comment.changeset.to_xml.to_s
end
##
# Get a feed of recent changeset comments
def index
if params[:id]
# Extract the arguments
id = params[:id].to_i
# Find the changeset
changeset = Changeset.find(id)
# Return comments for this changeset only
@comments = changeset.comments.includes(:author, :changeset).limit(comments_limit)
else
# Return comments
@comments = ChangesetComment.includes(:author, :changeset).where(:visible => true).order("created_at DESC").limit(comments_limit).preload(:changeset)
end
# Render the result
respond_to do |format|
format.rss
end
rescue OSM::APIBadUserInput
head :bad_request
end
private
##
# Get the maximum number of comments to return
def comments_limit
if params[:limit]
if params[:limit].to_i.positive? && params[:limit].to_i <= 10000
params[:limit].to_i
else
raise OSM::APIBadUserInput, "Comments limit must be between 1 and 10000"
end
else
100
end
end
end
Reference in a new issue View git blame Copy permalink