nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DG IZ; always query through the current_user in the controllers.

Browse source
This commit is contained in:
danielvincent 2010-09-20 13:18:11 -07:00
parent b097f93bf5
commit af9cda52af
8 changed files with 39 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
app/controllers/albums_controller.rb
View file

@ -15,7 +15,7 @@ class AlbumsController < ApplicationController
end end
def create def create
aspect = params[:album][:to] aspect = params[:album][:to]
data = clean_hash(params[:album]) data = clean_hash(params[:album])
@ -29,7 +29,7 @@ class AlbumsController < ApplicationController
end end
def destroy def destroy
@album = current_user.album_by_id params[:id] @album = current_user.find_visible_post_by_id params[:id]
@album.destroy @album.destroy
flash[:notice] = "Album #{@album.name} deleted." flash[:notice] = "Album #{@album.name} deleted."
respond_with :location => albums_url respond_with :location => albums_url
@ -37,19 +37,18 @@ class AlbumsController < ApplicationController
def show def show
@photo = Photo.new @photo = Photo.new
@album = Album.find_by_id params[:id] @album = current_user.find_visible_post_by_id( params[:id] )
@album_photos = @album.photos @album_photos = @album.photos
respond_with @album respond_with @album
end end
def edit def edit
@album = current_user.album_by_id params[:id] @album = current_user.find_visible_post_by_id params[:id]
redirect_to @album unless current_user.owns? @album redirect_to @album unless current_user.owns? @album
end end
def update def update
@album = current_user.album_by_id params[:id] @album = current_user.find_visible_post_by_id params[:id]
data = clean_hash(params[:album]) data = clean_hash(params[:album])

16
app/controllers/aspects_controller.rb
View file

@ -25,7 +25,7 @@ class AspectsController < ApplicationController
end end
def destroy def destroy
@aspect = Aspect.find_by_id params[:id] @aspect = current_user.aspect_by_id params[:id]
begin begin
current_user.drop_aspect @aspect current_user.drop_aspect @aspect
@ -38,7 +38,7 @@ class AspectsController < ApplicationController
end end
def show def show
@aspect = Aspect.find_by_id params[:id] @aspect = current_user.aspect_by_id params[:id]
@friends = @aspect.people @friends = @aspect.people
@posts = current_user.visible_posts( :by_members_of => @aspect ).paginate :per_page => 15, :order => 'created_at DESC' @posts = current_user.visible_posts( :by_members_of => @aspect ).paginate :per_page => 15, :order => 'created_at DESC'
@ -51,7 +51,7 @@ class AspectsController < ApplicationController
end end
def update def update
@aspect = Aspect.find_by_id(params[:id]) @aspect = current_user.aspect_by_id(params[:id])
data = clean_hash(params[:aspect]) data = clean_hash(params[:aspect])
@aspect.update_attributes( data ) @aspect.update_attributes( data )
@ -63,26 +63,26 @@ class AspectsController < ApplicationController
params[:moves].each{ |move| params[:moves].each{ |move|
move = move[1] move = move[1]
unless current_user.move_friend(move) unless current_user.move_friend(move)
flash[:error] = "Aspect editing failed for friend #{Person.find_by_id( move[:friend_id] ).real_name}." flash[:error] = "Aspect editing failed for friend #{current_user.visible_person_by_id( move[:friend_id] ).real_name}."
redirect_to Aspect.first, :action => "edit" redirect_to aspects_manage_path
return return
end end
} }
flash[:notice] = "Aspects edited successfully." flash[:notice] = "Aspects edited successfully."
redirect_to Aspect.first, :action => "edit" redirect_to aspects_manage_path
end end
def move_friend def move_friend
unless current_user.move_friend( :friend_id => params[:friend_id], :from => params[:from], :to => params[:to][:to]) unless current_user.move_friend( :friend_id => params[:friend_id], :from => params[:from], :to => params[:to][:to])
flash[:error] = "didn't work #{params.inspect}" flash[:error] = "didn't work #{params.inspect}"
end end
if aspect = Aspect.first(:id => params[:to][:to]) if aspect = current_user.aspect_by_id(params[:to][:to])
flash[:notice] = "You are now showing your friend a different aspect of yourself." flash[:notice] = "You are now showing your friend a different aspect of yourself."
respond_with aspect respond_with aspect
else else
flash[:notice] = "You are now showing your friend a different aspect of yourself." flash[:notice] = "You are now showing your friend a different aspect of yourself."
respond_with Person.first(:id => params[:friend_id]) respond_with current_user.visible_person_by_id(params[:friend_id])
end end
end end

5
app/controllers/comments_controller.rb
View file

@ -17,9 +17,4 @@ class CommentsController < ApplicationController
render :nothing => true render :nothing => true
end end
def show
@comment = Comment.find_by_id params[:id]
respond_with @comment
end
end end

2
app/controllers/people_controller.rb
View file

@ -22,7 +22,7 @@ class PeopleController < ApplicationController
@profile = @person.profile @profile = @person.profile
@aspects_with_person = current_user.aspects_with_person(@person) @aspects_with_person = current_user.aspects_with_person(@person)
@aspects_dropdown_array = current_user.aspects.collect{|x| [x.to_s, x.id]} @aspects_dropdown_array = current_user.aspects.collect{|x| [x.to_s, x.id]}
@posts = current_user.visible_posts_from_others(:from => @person).paginate :page => params[:page], :order => 'created_at DESC' @posts = current_user.visible_posts(:from => @person).paginate :page => params[:page], :order => 'created_at DESC'
@latest_status_message = current_user.raw_visible_posts.find_all_by__type_and_person_id("StatusMessage", params[:id]).last @latest_status_message = current_user.raw_visible_posts.find_all_by__type_and_person_id("StatusMessage", params[:id]).last
@post_count = @posts.count @post_count = @posts.count
respond_with @person respond_with @person

10
app/controllers/photos_controller.rb
View file

@ -65,28 +65,28 @@ class PhotosController < ApplicationController
end end
def destroy def destroy
@photo = Photo.find_by_id params[:id] @photo = current_user.find_visible_post_by_id params[:id]
@photo.destroy @photo.destroy
flash[:notice] = "Photo deleted." flash[:notice] = "Photo deleted."
respond_with :location => @photo.album respond_with :location => @photo.album
end end
def show def show
@photo = Photo.find_by_id params[:id] @photo = current_user.find_visible_post_by_id params[:id]
@album = @photo.album @album = @photo.album
respond_with @photo, @album respond_with @photo, @album
end end
def edit def edit
@photo = Photo.find_by_id params[:id] @photo = current_user.find_visible_post_by_id params[:id]
@album = @photo.album @album = @photo.album
redirect_to @photo unless current_user.owns? @album redirect_to @photo unless current_user.owns? @album
end end
def update def update
@photo = Photo.find_by_id params[:id] @photo = current_user.find_visible_post_by_id params[:id]
data = clean_hash(params) data = clean_hash(params)

4
app/controllers/status_messages_controller.rb
View file

@ -19,13 +19,13 @@ class StatusMessagesController < ApplicationController
end end
def destroy def destroy
@status_message = StatusMessage.find_by_id params[:id] @status_message = current_user.find_visible_post_by_id params[:id]
@status_message.destroy @status_message.destroy
respond_with :location => root_url respond_with :location => root_url
end end
def show def show
@status_message = StatusMessage.find_by_id params[:id] @status_message = current_user.find_visible_post_by_id params[:id]
respond_with @status_message respond_with @status_message
end end

13
lib/diaspora/user/querying.rb
View file

@ -7,14 +7,9 @@
module Diaspora module Diaspora
module UserModules module UserModules
module Querying module Querying
def visible_posts_from_others(opts ={})
if opts[:from].class == Person def find_visible_post_by_id( id )
Post.where(:person_id => opts[:from].id, :_id.in => self.visible_post_ids) self.raw_visible_posts.find id
elsif opts[:from].class == Aspect
Post.where(:_id.in => opts[:from].post_ids) unless opts[:from].user != self
else
Post.where(:_id.in => self.visible_post_ids)
end
end end
def visible_posts( opts = {} ) def visible_posts( opts = {} )
@ -22,6 +17,8 @@ module Diaspora
return raw_visible_posts if opts[:by_members_of] == :all return raw_visible_posts if opts[:by_members_of] == :all
aspect = self.aspects.find_by_id( opts[:by_members_of].id ) aspect = self.aspects.find_by_id( opts[:by_members_of].id )
aspect.posts aspect.posts
elsif opts[:from]
self.raw_visible_posts.find_all_by_person_id(opts[:from].id, :order => 'created_at DESC')
end end
end end

13
spec/models/user/visible_posts_spec.rb
View file

@ -45,6 +45,19 @@ describe User do
@user.visible_posts(:by_members_of => @aspect2).include?(status_message3).should be true @user.visible_posts(:by_members_of => @aspect2).include?(status_message3).should be true
end end
describe 'querying' do
it 'should find a visible post by id' do
status_message1 = @user.post :status_message, :message => "hi", :to => @aspect.id
status_message2 = @user2.post :status_message, :message => "heyyyy", :to => @user2_aspect.id
status_message3 = @user3.post :status_message, :message => "yooo", :to => @user3_aspect.id
@user.find_visible_post_by_id(status_message1.id).should == status_message1
@user2.find_visible_post_by_id(status_message1.id).should == nil
end
end
describe 'albums' do describe 'albums' do
before do before do
@album = @user.post :album, :name => "Georges", :to => @aspect.id @album = @user.post :album, :name => "Georges", :to => @aspect.id