content_viewer_controller.rb
1.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
class ContentViewerController < ApplicationController
needs_profile
inverse_captcha :field => 'e_mail'
def view_page
path = params[:page].join('/')
if path.blank?
@page = profile.home_page
if @page.nil?
render :action => 'no_home_page'
return
end
else
@page = profile.articles.find_by_path(path)
# do not show unpublished articles
if @page && !@page.published
@page = nil
end
# page not found, give error
if @page.nil?
render_not_found(@path)
return
end
end
if !@page.public? && !request.ssl?
redirect_to_ssl
return
end
if !@page.display_to?(user)
# FIXME find a nice "access denied" layout
render :action => 'access_denied', :status => 403, :layout => false
end
if @page.mime_type != 'text/html'
headers['Content-Type'] = @page.mime_type
data = @page.data
# TODO test the condition
if data.nil?
raise "No data for file"
end
render :text => data, :layout => false
return
end
if request.post? && params[:comment] && params[self.icaptcha_field].blank? && @page.accept_comments?
add_comment
end
if request.post? && params[:remove_comment]
remove_comment
end
@comments = @page.comments(true)
end
protected
def add_comment
@comment = Comment.new(params[:comment])
@comment.author = user if logged_in?
@comment.article = @page
if @comment.save
@comment = nil # clear the comment form
else
@form_div = 'opened'
end
end
def remove_comment
@comment = @page.comments.find(params[:remove_comment])
if (user == @comment.author || user == @page.profile || user.has_permission?(:moderate_comments, @page.profile))
@comment.destroy
flash[:notice] = _('Comment succesfully deleted')
end
redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path
end
end