move explore maps methods into their own controller

app/controllers/explore_controller.rb

@@ -0,0 +1,114 @@
+class ExploreController < ApplicationController
+  before_action :authorize_explore
+  after_action :verify_authorized
+  after_action :verify_policy_scoped
+
+  respond_to :html, :json, :csv
+
+  # TODO remove?
+  #autocomplete :map, :name, full: true, extra_data: [:user_id]
+
+  # GET /explore/active
+  def activemaps
+    page = params[:page].present? ? params[:page] : 1
+    @maps = policy_scope(Map).order('updated_at DESC')
+                             .page(page).per(20)
+
+    respond_to do |format|
+      format.html do
+        # root url => main/home. main/home renders maps/activemaps view.
+        redirect_to(root_url) && return if authenticated?
+        respond_with(@maps, @user)
+      end
+      format.json { render json: @maps }
+    end
+  end
+
+  # GET /explore/featured
+  def featuredmaps
+    page = params[:page].present? ? params[:page] : 1
+    @maps = policy_scope(
+      Map.where('maps.featured = ? AND maps.permission != ?',
+                true, 'private')
+    ).order('updated_at DESC').page(page).per(20)
+
+    respond_to do |format|
+      format.html { respond_with(@maps, @user) }
+      format.json { render json: @maps }
+    end
+  end
+
+  # GET /explore/mine
+  def mymaps
+    unless authenticated?
+      skip_policy_scope
+      return redirect_to explore_active_path
+    end
+
+    page = params[:page].present? ? params[:page] : 1
+    @maps = policy_scope(
+      Map.where('maps.user_id = ?', current_user.id)
+    ).order('updated_at DESC').page(page).per(20)
+
+    respond_to do |format|
+      format.html { respond_with(@maps, @user) }
+      format.json { render json: @maps }
+    end
+  end
+
+  # GET /explore/shared
+  def sharedmaps
+    unless authenticated?
+      skip_policy_scope
+      return redirect_to explore_active_path
+    end
+
+    page = params[:page].present? ? params[:page] : 1
+    @maps = policy_scope(
+      Map.where('maps.id IN (?)', current_user.shared_maps.map(&:id))
+    ).order('updated_at DESC').page(page).per(20)
+
+    respond_to do |format|
+      format.html { respond_with(@maps, @user) }
+      format.json { render json: @maps }
+    end
+  end
+
+  # GET /explore/starred
+  def starredmaps
+    unless authenticated?
+      skip_policy_scope
+      return redirect_to explore_active_path
+    end
+
+    page = params[:page].present? ? params[:page] : 1
+    stars = current_user.stars.map(&:map_id)
+    @maps = policy_scope(
+      Map.where('maps.id IN (?)', stars)
+    ).order('updated_at DESC').page(page).per(20)
+
+    respond_to do |format|
+      format.html { respond_with(@maps, @user) }
+      format.json { render json: @maps }
+    end
+  end
+
+  # GET /explore/mapper/:id
+  def usermaps
+    page = params[:page].present? ? params[:page] : 1
+    @user = User.find(params[:id])
+    @maps = policy_scope(Map.where(user: @user))
+            .order('updated_at DESC').page(page).per(20)
+
+    respond_to do |format|
+      format.html { respond_with(@maps, @user) }
+      format.json { render json: @maps }
+    end
+  end
+
+  private
+
+  def authorize_explore
+    authorize :Explore
+  end
+end

app/controllers/maps_controller.rb

@@ -1,111 +1,12 @@
 # frozen_string_literal: true
 class MapsController < ApplicationController
   before_action :require_user, only: [:create, :update, :access, :star, :unstar, :screenshot, :events, :destroy]
-  after_action :verify_authorized, except: [:activemaps, :featuredmaps, :mymaps, :sharedmaps, :starredmaps, :usermaps]
+  after_action :verify_authorized
-  after_action :verify_policy_scoped, only: [:activemaps, :featuredmaps, :mymaps, :sharedmaps, :starredmaps, :usermaps]
 
   respond_to :html, :json, :csv
 
   autocomplete :map, :name, full: true, extra_data: [:user_id]
 
-  # GET /explore/active
-  def activemaps
-    page = params[:page].present? ? params[:page] : 1
-    @maps = policy_scope(Map).order('updated_at DESC')
-                             .page(page).per(20)
-
-    respond_to do |format|
-      format.html do
-        # root url => main/home. main/home renders maps/activemaps view.
-        redirect_to(root_url) && return if authenticated?
-        respond_with(@maps, @user)
-      end
-      format.json { render json: @maps.to_json }
-    end
-  end
-
-  # GET /explore/featured
-  def featuredmaps
-    page = params[:page].present? ? params[:page] : 1
-    @maps = policy_scope(
-      Map.where('maps.featured = ? AND maps.permission != ?',
-                true, 'private')
-    ).order('updated_at DESC').page(page).per(20)
-
-    respond_to do |format|
-      format.html { respond_with(@maps, @user) }
-      format.json { render json: @maps.to_json }
-    end
-  end
-
-  # GET /explore/mine
-  def mymaps
-    unless authenticated?
-      skip_policy_scope
-      return redirect_to explore_active_path
-    end
-
-    page = params[:page].present? ? params[:page] : 1
-    @maps = policy_scope(
-      Map.where('maps.user_id = ?', current_user.id)
-    ).order('updated_at DESC').page(page).per(20)
-
-    respond_to do |format|
-      format.html { respond_with(@maps, @user) }
-      format.json { render json: @maps.to_json }
-    end
-  end
-
-  # GET /explore/shared
-  def sharedmaps
-    unless authenticated?
-      skip_policy_scope
-      return redirect_to explore_active_path
-    end
-
-    page = params[:page].present? ? params[:page] : 1
-    @maps = policy_scope(
-      Map.where('maps.id IN (?)', current_user.shared_maps.map(&:id))
-    ).order('updated_at DESC').page(page).per(20)
-
-    respond_to do |format|
-      format.html { respond_with(@maps, @user) }
-      format.json { render json: @maps.to_json }
-    end
-  end
-
-  # GET /explore/starred
-  def starredmaps
-    unless authenticated?
-      skip_policy_scope
-      return redirect_to explore_active_path
-    end
-
-    page = params[:page].present? ? params[:page] : 1
-    stars = current_user.stars.map(&:map_id)
-    @maps = policy_scope(
-      Map.where('maps.id IN (?)', stars)
-    ).order('updated_at DESC').page(page).per(20)
-
-    respond_to do |format|
-      format.html { respond_with(@maps, @user) }
-      format.json { render json: @maps.to_json }
-    end
-  end
-
-  # GET /explore/mapper/:id
-  def usermaps
-    page = params[:page].present? ? params[:page] : 1
-    @user = User.find(params[:id])
-    @maps = policy_scope(Map.where(user: @user))
-            .order('updated_at DESC').page(page).per(20)
-
-    respond_to do |format|
-      format.html { respond_with(@maps, @user) }
-      format.json { render json: @maps.to_json }
-    end
-  end
-
   # GET maps/new
   def new
     @map = Map.new(name: 'Untitled Map', permission: 'public', arranged: true)
@@ -182,80 +83,33 @@ class MapsController < ApplicationController
     @map = Map.find(params[:id])
     authorize @map
 
-    @allmappers = @map.contributors
-    @allcollaborators = @map.editors
-    @alltopics = @map.topics.to_a.delete_if { |t| !policy(t).show? }
-    @allsynapses = @map.synapses.to_a.delete_if { |s| !policy(s).show? }
-    @allmappings = @map.mappings.to_a.delete_if { |m| !policy(m).show? }
-
-    @json = {}
-    @json['map'] = @map
-    @json['topics'] = @alltopics
-    @json['synapses'] = @allsynapses
-    @json['mappings'] = @allmappings
-    @json['mappers'] = @allmappers
-    @json['collaborators'] = @allcollaborators
-    @json['messages'] = @map.messages.sort_by(&:created_at)
-    @json['stars'] = @map.stars
-
     respond_to do |format|
-      format.json { render json: @json }
+      format.json { render json: @map.contains(current_user) }
     end
   end
 
   # POST maps
   def create
     @user = current_user
-    @map = Map.new
+    @map = Map.new(create_map_params)
-    @map.name = params[:name]
-    @map.desc = params[:desc]
-    @map.permission = params[:permission]
     @map.user = @user
     @map.arranged = false
 
-    if params[:topicsToMap]
+    if params[:topicsToMap].present?
-      @all = params[:topicsToMap]
+      create_topics!
-      @all = @all.split(',')
+      create_synapses! if params[:synapsesToMap].present?
-      @all.each do |topic|
-        topic = topic.split('/')
-        mapping = Mapping.new
-        mapping.map = @map
-        mapping.user = @user
-        mapping.mappable = Topic.find(topic[0])
-        mapping.xloc = topic[1]
-        mapping.yloc = topic[2]
-        authorize mapping, :create?
-        mapping.save
-      end
-
-      if params[:synapsesToMap]
-        @synAll = params[:synapsesToMap]
-        @synAll = @synAll.split(',')
-        @synAll.each do |synapse_id|
-          mapping = Mapping.new
-          mapping.map = @map
-          mapping.user = @user
-          mapping.mappable = Synapse.find(synapse_id)
-          authorize mapping, :create?
-          mapping.save
-        end
-      end
-
       @map.arranged = true
     end
 
     authorize @map
 
+    respond_to do |format|
     if @map.save
-      respond_to do |format|
       format.json { render json: @map }
-      end
     else
-      respond_to do |format|
       format.json { render json: 'invalid params' }
     end
   end
-  end
 
   # PUT maps/:id
   def update
@@ -263,7 +117,7 @@ class MapsController < ApplicationController
     authorize @map
 
     respond_to do |format|
-      if @map.update_attributes(map_params)
+      if @map.update_attributes(update_map_params)
         format.json { head :no_content }
       else
         format.json { render json: @map.errors, status: :unprocessable_entity }
@@ -366,7 +220,40 @@ class MapsController < ApplicationController
   private
 
   # Never trust parameters from the scary internet, only allow the white list through.
-  def map_params
+  def create_map_params
+    params.require(:map).permit(:name, :desc, :permission)
+  end
+
+  def update_map_params
     params.require(:map).permit(:id, :name, :arranged, :desc, :permission)
   end
+
+	def create_topics!
+		topics = params[:topicsToMap]
+		topics = topics.split(',')
+		topics.each do |topic|
+			topic = topic.split('/')
+			mapping = Mapping.new
+			mapping.map = @map
+			mapping.user = @user
+			mapping.mappable = Topic.find(topic[0])
+			mapping.xloc = topic[1]
+			mapping.yloc = topic[2]
+			authorize mapping, :create?
+			mapping.save
+		end
+	end
+
+	def create_synapses!
+		@synAll = params[:synapsesToMap]
+		@synAll = @synAll.split(',')
+		@synAll.each do |synapse_id|
+			mapping = Mapping.new
+			mapping.map = @map
+			mapping.user = @user
+			mapping.mappable = Synapse.find(synapse_id)
+			authorize mapping, :create?
+			mapping.save
+		end
+	end
 end

app/policies/explore_policy.rb

@@ -0,0 +1,25 @@
+class ExplorePolicy < ApplicationPolicy
+  def activemaps?
+    true
+  end
+
+  def featuredmaps?
+    true
+  end
+
+  def mymaps?
+    true
+  end
+
+  def sharedmaps?
+    true
+  end
+
+  def starredmaps?
+    true
+  end
+
+  def usermaps?
+    true
+  end
+end