DG IZ; always query through the current_user in the controllers.
This commit is contained in:
danielvincent
parent
b097f93bf5
commit
af9cda52af
8 changed files with 39 additions and 35 deletions
|
|
@ -29,7 +29,7 @@ class AlbumsController < ApplicationController
|
|||
end
|
||||
|
||||
def destroy
|
||||
@album = current_user.album_by_id params[:id]
|
||||
@album = current_user.find_visible_post_by_id params[:id]
|
||||
@album.destroy
|
||||
flash[:notice] = "Album #{@album.name} deleted."
|
||||
respond_with :location => albums_url
|
||||
|
|
@ -37,19 +37,18 @@ class AlbumsController < ApplicationController
|
|||
|
||||
def show
|
||||
@photo = Photo.new
|
||||
@album = Album.find_by_id params[:id]
|
||||
@album = current_user.find_visible_post_by_id( params[:id] )
|
||||
@album_photos = @album.photos
|
||||
|
||||
respond_with @album
|
||||
end
|
||||
|
||||
def edit
|
||||
@album = current_user.album_by_id params[:id]
|
||||
@album = current_user.find_visible_post_by_id params[:id]
|
||||
redirect_to @album unless current_user.owns? @album
|
||||
end
|
||||
|
||||
def update
|
||||
@album = current_user.album_by_id params[:id]
|
||||
@album = current_user.find_visible_post_by_id params[:id]
|
||||
|
||||
data = clean_hash(params[:album])
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ class AspectsController < ApplicationController
|
|||
end
|
||||
|
||||
def destroy
|
||||
@aspect = Aspect.find_by_id params[:id]
|
||||
@aspect = current_user.aspect_by_id params[:id]
|
||||
|
||||
begin
|
||||
current_user.drop_aspect @aspect
|
||||
|
|
@ -38,7 +38,7 @@ class AspectsController < ApplicationController
|
|||
end
|
||||
|
||||
def show
|
||||
@aspect = Aspect.find_by_id params[:id]
|
||||
@aspect = current_user.aspect_by_id params[:id]
|
||||
@friends = @aspect.people
|
||||
@posts = current_user.visible_posts( :by_members_of => @aspect ).paginate :per_page => 15, :order => 'created_at DESC'
|
||||
|
||||
|
|
@ -51,7 +51,7 @@ class AspectsController < ApplicationController
|
|||
end
|
||||
|
||||
def update
|
||||
@aspect = Aspect.find_by_id(params[:id])
|
||||
@aspect = current_user.aspect_by_id(params[:id])
|
||||
|
||||
data = clean_hash(params[:aspect])
|
||||
@aspect.update_attributes( data )
|
||||
|
|
@ -63,26 +63,26 @@ class AspectsController < ApplicationController
|
|||
params[:moves].each{ |move|
|
||||
move = move[1]
|
||||
unless current_user.move_friend(move)
|
||||
flash[:error] = "Aspect editing failed for friend #{Person.find_by_id( move[:friend_id] ).real_name}."
|
||||
redirect_to Aspect.first, :action => "edit"
|
||||
flash[:error] = "Aspect editing failed for friend #{current_user.visible_person_by_id( move[:friend_id] ).real_name}."
|
||||
redirect_to aspects_manage_path
|
||||
return
|
||||
end
|
||||
}
|
||||
|
||||
flash[:notice] = "Aspects edited successfully."
|
||||
redirect_to Aspect.first, :action => "edit"
|
||||
redirect_to aspects_manage_path
|
||||
end
|
||||
|
||||
def move_friend
|
||||
unless current_user.move_friend( :friend_id => params[:friend_id], :from => params[:from], :to => params[:to][:to])
|
||||
flash[:error] = "didn't work #{params.inspect}"
|
||||
end
|
||||
if aspect = Aspect.first(:id => params[:to][:to])
|
||||
if aspect = current_user.aspect_by_id(params[:to][:to])
|
||||
flash[:notice] = "You are now showing your friend a different aspect of yourself."
|
||||
respond_with aspect
|
||||
else
|
||||
flash[:notice] = "You are now showing your friend a different aspect of yourself."
|
||||
respond_with Person.first(:id => params[:friend_id])
|
||||
respond_with current_user.visible_person_by_id(params[:friend_id])
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -17,9 +17,4 @@ class CommentsController < ApplicationController
|
|||
render :nothing => true
|
||||
end
|
||||
|
||||
def show
|
||||
@comment = Comment.find_by_id params[:id]
|
||||
respond_with @comment
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ class PeopleController < ApplicationController
|
|||
@profile = @person.profile
|
||||
@aspects_with_person = current_user.aspects_with_person(@person)
|
||||
@aspects_dropdown_array = current_user.aspects.collect{|x| [x.to_s, x.id]}
|
||||
@posts = current_user.visible_posts_from_others(:from => @person).paginate :page => params[:page], :order => 'created_at DESC'
|
||||
@posts = current_user.visible_posts(:from => @person).paginate :page => params[:page], :order => 'created_at DESC'
|
||||
@latest_status_message = current_user.raw_visible_posts.find_all_by__type_and_person_id("StatusMessage", params[:id]).last
|
||||
@post_count = @posts.count
|
||||
respond_with @person
|
||||
|
|
|
|||
|
|
@ -65,28 +65,28 @@ class PhotosController < ApplicationController
|
|||
end
|
||||
|
||||
def destroy
|
||||
@photo = Photo.find_by_id params[:id]
|
||||
@photo = current_user.find_visible_post_by_id params[:id]
|
||||
|
||||
@photo.destroy
|
||||
flash[:notice] = "Photo deleted."
|
||||
respond_with :location => @photo.album
|
||||
end
|
||||
|
||||
def show
|
||||
@photo = Photo.find_by_id params[:id]
|
||||
@photo = current_user.find_visible_post_by_id params[:id]
|
||||
@album = @photo.album
|
||||
|
||||
respond_with @photo, @album
|
||||
end
|
||||
|
||||
def edit
|
||||
@photo = Photo.find_by_id params[:id]
|
||||
@photo = current_user.find_visible_post_by_id params[:id]
|
||||
@album = @photo.album
|
||||
|
||||
redirect_to @photo unless current_user.owns? @album
|
||||
end
|
||||
|
||||
def update
|
||||
@photo = Photo.find_by_id params[:id]
|
||||
@photo = current_user.find_visible_post_by_id params[:id]
|
||||
|
||||
data = clean_hash(params)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,13 +19,13 @@ class StatusMessagesController < ApplicationController
|
|||
end
|
||||
|
||||
def destroy
|
||||
@status_message = StatusMessage.find_by_id params[:id]
|
||||
@status_message = current_user.find_visible_post_by_id params[:id]
|
||||
@status_message.destroy
|
||||
respond_with :location => root_url
|
||||
end
|
||||
|
||||
def show
|
||||
@status_message = StatusMessage.find_by_id params[:id]
|
||||
@status_message = current_user.find_visible_post_by_id params[:id]
|
||||
respond_with @status_message
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -7,14 +7,9 @@
|
|||
module Diaspora
|
||||
module UserModules
|
||||
module Querying
|
||||
def visible_posts_from_others(opts ={})
|
||||
if opts[:from].class == Person
|
||||
Post.where(:person_id => opts[:from].id, :_id.in => self.visible_post_ids)
|
||||
elsif opts[:from].class == Aspect
|
||||
Post.where(:_id.in => opts[:from].post_ids) unless opts[:from].user != self
|
||||
else
|
||||
Post.where(:_id.in => self.visible_post_ids)
|
||||
end
|
||||
|
||||
def find_visible_post_by_id( id )
|
||||
self.raw_visible_posts.find id
|
||||
end
|
||||
|
||||
def visible_posts( opts = {} )
|
||||
|
|
@ -22,6 +17,8 @@ module Diaspora
|
|||
return raw_visible_posts if opts[:by_members_of] == :all
|
||||
aspect = self.aspects.find_by_id( opts[:by_members_of].id )
|
||||
aspect.posts
|
||||
elsif opts[:from]
|
||||
self.raw_visible_posts.find_all_by_person_id(opts[:from].id, :order => 'created_at DESC')
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -45,6 +45,19 @@ describe User do
|
|||
@user.visible_posts(:by_members_of => @aspect2).include?(status_message3).should be true
|
||||
end
|
||||
|
||||
describe 'querying' do
|
||||
|
||||
it 'should find a visible post by id' do
|
||||
status_message1 = @user.post :status_message, :message => "hi", :to => @aspect.id
|
||||
status_message2 = @user2.post :status_message, :message => "heyyyy", :to => @user2_aspect.id
|
||||
status_message3 = @user3.post :status_message, :message => "yooo", :to => @user3_aspect.id
|
||||
|
||||
@user.find_visible_post_by_id(status_message1.id).should == status_message1
|
||||
@user2.find_visible_post_by_id(status_message1.id).should == nil
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
describe 'albums' do
|
||||
before do
|
||||
@album = @user.post :album, :name => "Georges", :to => @aspect.id
|
||||
|
|
|
|||
Loading…
Reference in a new issue