Commit 63ea40d37514122fdd0f392d877efeb786ab3478
1 parent
4891d3e9
Exists in
master
and in
22 other branches
[comments-refactor-review] Moving edit/update check to a filter
Showing
1 changed file
with
13 additions
and
17 deletions
Show diff stats
app/controllers/public/comment_controller.rb
| @@ -2,6 +2,8 @@ class CommentController < ApplicationController | @@ -2,6 +2,8 @@ class CommentController < ApplicationController | ||
| 2 | 2 | ||
| 3 | needs_profile | 3 | needs_profile |
| 4 | 4 | ||
| 5 | + before_filter :can_update?, :only => [:edit, :update] | ||
| 6 | + | ||
| 5 | def create | 7 | def create |
| 6 | begin | 8 | begin |
| 7 | @page = profile.articles.find(params[:id]) | 9 | @page = profile.articles.find(params[:id]) |
| @@ -106,26 +108,10 @@ class CommentController < ApplicationController | @@ -106,26 +108,10 @@ class CommentController < ApplicationController | ||
| 106 | end | 108 | end |
| 107 | 109 | ||
| 108 | def edit | 110 | def edit |
| 109 | - begin | ||
| 110 | - @comment = profile.comments_received.find(params[:id]) | ||
| 111 | - raise ActiveRecord::RecordNotFound unless @comment.can_be_updated_by?(user) # Not reveal that the comment exists | ||
| 112 | - rescue ActiveRecord::RecordNotFound | ||
| 113 | - render_not_found | ||
| 114 | - return | ||
| 115 | - end | ||
| 116 | - | ||
| 117 | render :partial => "comment_form", :locals => {:comment => @comment, :display_link => params[:reply_of_id].present?, :edition_mode => true, :show_form => true} | 111 | render :partial => "comment_form", :locals => {:comment => @comment, :display_link => params[:reply_of_id].present?, :edition_mode => true, :show_form => true} |
| 118 | end | 112 | end |
| 119 | 113 | ||
| 120 | def update | 114 | def update |
| 121 | - begin | ||
| 122 | - @comment = profile.comments_received.find(params[:id]) | ||
| 123 | - raise ActiveRecord::RecordNotFound unless @comment.can_be_updated_by?(user) # Not reveal that the comment exists | ||
| 124 | - rescue ActiveRecord::RecordNotFound | ||
| 125 | - render_not_found | ||
| 126 | - return | ||
| 127 | - end | ||
| 128 | - | ||
| 129 | if @comment.update_attributes(params[:comment]) | 115 | if @comment.update_attributes(params[:comment]) |
| 130 | respond_to do |format| | 116 | respond_to do |format| |
| 131 | format.js do | 117 | format.js do |
| @@ -149,7 +135,7 @@ class CommentController < ApplicationController | @@ -149,7 +135,7 @@ class CommentController < ApplicationController | ||
| 149 | end | 135 | end |
| 150 | end | 136 | end |
| 151 | end | 137 | end |
| 152 | - | 138 | + |
| 153 | def check_actions | 139 | def check_actions |
| 154 | comment = profile.comments_received.find(params[:id]) | 140 | comment = profile.comments_received.find(params[:id]) |
| 155 | ids = @plugins.dispatch(:check_comment_actions, comment).collect do |action| | 141 | ids = @plugins.dispatch(:check_comment_actions, comment).collect do |action| |
| @@ -165,4 +151,14 @@ class CommentController < ApplicationController | @@ -165,4 +151,14 @@ class CommentController < ApplicationController | ||
| 165 | end | 151 | end |
| 166 | helper_method :pass_without_comment_captcha? | 152 | helper_method :pass_without_comment_captcha? |
| 167 | 153 | ||
| 154 | + def can_update? | ||
| 155 | + begin | ||
| 156 | + @comment = profile.comments_received.find(params[:id]) | ||
| 157 | + raise ActiveRecord::RecordNotFound unless @comment.can_be_updated_by?(user) # Not reveal that the comment exists | ||
| 158 | + rescue ActiveRecord::RecordNotFound | ||
| 159 | + render_not_found | ||
| 160 | + return | ||
| 161 | + end | ||
| 162 | + end | ||
| 163 | + | ||
| 168 | end | 164 | end |