update main controller (searching) to use policies
This commit is contained in:
parent
bc505a1361
commit
bb03b49d80
2 changed files with 39 additions and 74 deletions
|
@ -4,14 +4,13 @@ class MainController < ApplicationController
|
||||||
include UsersHelper
|
include UsersHelper
|
||||||
include SynapsesHelper
|
include SynapsesHelper
|
||||||
|
|
||||||
# after_action :verify_authorized, except: :index
|
after_action :verify_policy_scoped
|
||||||
# after_action :verify_policy_scoped, only: :index
|
|
||||||
|
|
||||||
respond_to :html, :json
|
respond_to :html, :json
|
||||||
|
|
||||||
# home page
|
# home page
|
||||||
def home
|
def home
|
||||||
@maps = Map.where("maps.permission != ?", "private").order("updated_at DESC").page(1).per(20)
|
@maps = policy_scope(Map).order("updated_at DESC").page(1).per(20)
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html {
|
format.html {
|
||||||
if authenticated?
|
if authenticated?
|
||||||
|
@ -60,69 +59,35 @@ class MainController < ApplicationController
|
||||||
filterByMetacode = m
|
filterByMetacode = m
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
search = '%' + term.downcase + '%'
|
||||||
|
builder = policy_scope(Topic)
|
||||||
|
|
||||||
if filterByMetacode
|
if filterByMetacode
|
||||||
if term == ""
|
if term == ""
|
||||||
@topics = []
|
builder = builder.none
|
||||||
else
|
else
|
||||||
search = term.downcase + '%'
|
builder = builder.where('LOWER("name") like ? OR
|
||||||
|
LOWER("desc") like ? OR
|
||||||
if user
|
LOWER("link") like ?', search, search, search)
|
||||||
@topics = Set.new(Topic.where('LOWER("name") like ?', search).where('metacode_id = ? AND user_id = ?', filterByMetacode.id, user).order('"name"'))
|
builder = builder.where(metacode_id: filterByMetacode.id)
|
||||||
@topics2 = Set.new(Topic.where('LOWER("name") like ?', '%' + search).where('metacode_id = ? AND user_id = ?', filterByMetacode.id, user).order('"name"'))
|
|
||||||
@topics3 = Set.new(Topic.where('LOWER("desc") like ?', '%' + search).where('metacode_id = ? AND user_id = ?', filterByMetacode.id, user).order('"name"'))
|
|
||||||
@topics4 = Set.new(Topic.where('LOWER("link") like ?', '%' + search).where('metacode_id = ? AND user_id = ?', filterByMetacode.id, user).order('"name"'))
|
|
||||||
else
|
|
||||||
@topics = Set.new(Topic.where('LOWER("name") like ?', search).where('metacode_id = ?', filterByMetacode.id).order('"name"'))
|
|
||||||
@topics2 = Set.new(Topic.where('LOWER("name") like ?', '%' + search).where('metacode_id = ?', filterByMetacode.id).order('"name"'))
|
|
||||||
@topics3 = Set.new(Topic.where('LOWER("desc") like ?', '%' + search).where('metacode_id = ?', filterByMetacode.id).order('"name"'))
|
|
||||||
@topics4 = Set.new(Topic.where('LOWER("link") like ?', '%' + search).where('metacode_id = ?', filterByMetacode.id).order('"name"'))
|
|
||||||
end
|
|
||||||
|
|
||||||
#get unique elements only through the magic of Sets
|
|
||||||
@topics = (@topics + @topics2 + @topics3 + @topics4).to_a
|
|
||||||
end
|
end
|
||||||
elsif desc
|
elsif desc
|
||||||
search = '%' + term.downcase + '%'
|
builder = builder.where('LOWER("desc") like ?', search)
|
||||||
if !user
|
|
||||||
@topics = Topic.where('LOWER("desc") like ?', search).order('"name"')
|
|
||||||
elsif user
|
|
||||||
@topics = Topic.where('LOWER("desc") like ?', search).where('user_id = ?', user).order('"name"')
|
|
||||||
end
|
|
||||||
elsif link
|
elsif link
|
||||||
search = '%' + term.downcase + '%'
|
builder = builder.where('LOWER("link") like ?', search)
|
||||||
if !user
|
|
||||||
@topics = Topic.where('LOWER("link") like ?', search).order('"name"')
|
|
||||||
elsif user
|
|
||||||
@topics = Topic.where('LOWER("link") like ?', search).where('user_id = ?', user).order('"name"')
|
|
||||||
end
|
|
||||||
else #regular case, just search the name
|
else #regular case, just search the name
|
||||||
search = term.downcase + '%'
|
builder = builder.where('LOWER("name") like ? OR
|
||||||
if !user
|
LOWER("desc") like ? OR
|
||||||
@topics = Topic.where('LOWER("name") like ?', search).order('"name"')
|
LOWER("link") like ?', search, search, search)
|
||||||
@topics2 = Topic.where('LOWER("name") like ?', '%' + search).order('"name"')
|
|
||||||
@topics3 = Topic.where('LOWER("desc") like ?', '%' + search).order('"name"')
|
|
||||||
@topics4 = Topic.where('LOWER("link") like ?', '%' + search).order('"name"')
|
|
||||||
@topics = @topics + (@topics2 - @topics)
|
|
||||||
@topics = @topics + (@topics3 - @topics)
|
|
||||||
@topics = @topics + (@topics4 - @topics)
|
|
||||||
elsif user
|
|
||||||
@topics = Topic.where('LOWER("name") like ?', search).where('user_id = ?', user).order('"name"')
|
|
||||||
@topics2 = Topic.where('LOWER("name") like ?', '%' + search).where('user_id = ?', user).order('"name"')
|
|
||||||
@topics3 = Topic.where('LOWER("desc") like ?', '%' + search).where('user_id = ?', user).order('"name"')
|
|
||||||
@topics4 = Topic.where('LOWER("link") like ?', '%' + search).where('user_id = ?', user).order('"name"')
|
|
||||||
@topics = @topics + (@topics2 - @topics)
|
|
||||||
@topics = @topics + (@topics3 - @topics)
|
|
||||||
@topics = @topics + (@topics4 - @topics)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
builder = builder.where(user: user) if user
|
||||||
|
@topics = builder.order(:name)
|
||||||
else
|
else
|
||||||
@topics = []
|
@topics = []
|
||||||
end
|
end
|
||||||
|
|
||||||
#read this next line as 'delete a topic if its private and you're either 1. logged out or 2. logged in but not the topic creator
|
|
||||||
@topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) }
|
|
||||||
|
|
||||||
render json: autocomplete_array_json(@topics)
|
render json: autocomplete_array_json(@topics)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -142,21 +107,21 @@ class MainController < ApplicationController
|
||||||
term = term[5..-1]
|
term = term[5..-1]
|
||||||
desc = true
|
desc = true
|
||||||
end
|
end
|
||||||
|
|
||||||
search = '%' + term.downcase + '%'
|
search = '%' + term.downcase + '%'
|
||||||
query = desc ? 'LOWER("desc") like ?' : 'LOWER("name") like ?'
|
builder = policy_scope(Map)
|
||||||
if !user
|
|
||||||
# !connor why is the limit 5 done here and not above? also, why not limit after sorting alphabetically?
|
if desc
|
||||||
@maps = Map.where(query, search).limit(5).order('"name"')
|
builder = builder.where('LOWER("desc") like ?', search)
|
||||||
elsif user
|
else
|
||||||
@maps = Map.where(query, search).where('user_id = ?', user).order('"name"')
|
builder = builder.where('LOWER("name") like ?', search)
|
||||||
end
|
end
|
||||||
|
builder = builder.where(user: user) if user
|
||||||
|
@maps = builder.order(:name)
|
||||||
else
|
else
|
||||||
@maps = []
|
@maps = []
|
||||||
end
|
end
|
||||||
|
|
||||||
#read this next line as 'delete a map if its private and you're either 1. logged out or 2. logged in but not the map creator
|
|
||||||
@maps.to_a.delete_if {|m| m.permission == "private" && (!authenticated? || (authenticated? && current_user.id != m.user_id)) }
|
|
||||||
|
|
||||||
render json: autocomplete_map_array_json(@maps)
|
render json: autocomplete_map_array_json(@maps)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -167,7 +132,10 @@ class MainController < ApplicationController
|
||||||
|
|
||||||
#remove "mapper:" if appended at beginning
|
#remove "mapper:" if appended at beginning
|
||||||
term = term[7..-1] if term.downcase[0..6] == "mapper:"
|
term = term[7..-1] if term.downcase[0..6] == "mapper:"
|
||||||
@mappers = User.where('LOWER("name") like ?', term.downcase + '%').order('"name"')
|
search = term.downcase + '%'
|
||||||
|
builder = policy_scope(User) # TODO do I need to policy scope? I guess yes to verify_policy_scoped
|
||||||
|
builder = builder.where('LOWER("name") like ?', search)
|
||||||
|
@mappers = builder.order(:name)
|
||||||
else
|
else
|
||||||
@mappers = []
|
@mappers = []
|
||||||
end
|
end
|
||||||
|
@ -182,7 +150,7 @@ class MainController < ApplicationController
|
||||||
topic2id = params[:topic2id]
|
topic2id = params[:topic2id]
|
||||||
|
|
||||||
if term && !term.empty?
|
if term && !term.empty?
|
||||||
@synapses = Synapse.where('LOWER("desc") like ?', '%' + term.downcase + '%').order('"desc"')
|
@synapses = policy_scope(Synapse).where('LOWER("desc") like ?', '%' + term.downcase + '%').order('"desc"')
|
||||||
|
|
||||||
# remove any duplicate synapse types that just differ by
|
# remove any duplicate synapse types that just differ by
|
||||||
# leading or trailing whitespaces
|
# leading or trailing whitespaces
|
||||||
|
@ -196,22 +164,18 @@ class MainController < ApplicationController
|
||||||
boolean = true
|
boolean = true
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
|
|
||||||
#limit to 5 results
|
|
||||||
@synapses = @synapses.slice(0,5)
|
|
||||||
elsif topic1id && !topic1id.empty?
|
elsif topic1id && !topic1id.empty?
|
||||||
@one = Synapse.where('node1_id = ? AND node2_id = ?', topic1id, topic2id)
|
@one = policy_scope(Synapse).where('node1_id = ? AND node2_id = ?', topic1id, topic2id)
|
||||||
@two = Synapse.where('node2_id = ? AND node1_id = ?', topic1id, topic2id)
|
@two = policy_scope(Synapse).where('node2_id = ? AND node1_id = ?', topic1id, topic2id)
|
||||||
@synapses = @one + @two
|
@synapses = @one + @two
|
||||||
@synapses.sort! {|s1,s2| s1.desc <=> s2.desc }.to_a
|
@synapses.sort! {|s1,s2| s1.desc <=> s2.desc }.to_a
|
||||||
|
|
||||||
#permissions
|
|
||||||
@synapses.delete_if {|s| s.permission == "private" && !authenticated? }
|
|
||||||
@synapses.delete_if {|s| s.permission == "private" && authenticated? && current_user.id != s.user_id }
|
|
||||||
else
|
else
|
||||||
@synapses = []
|
@synapses = []
|
||||||
end
|
end
|
||||||
|
|
||||||
|
#limit to 5 results
|
||||||
|
@synapses = @synapses.slice(0,5)
|
||||||
|
|
||||||
render json: autocomplete_synapse_array_json(@synapses)
|
render json: autocomplete_synapse_array_json(@synapses)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -18,6 +18,7 @@ class MappingsController < ApplicationController
|
||||||
@mapping = Mapping.new(mapping_params)
|
@mapping = Mapping.new(mapping_params)
|
||||||
authorize @mapping
|
authorize @mapping
|
||||||
@mapping.user = current_user
|
@mapping.user = current_user
|
||||||
|
|
||||||
if @mapping.save
|
if @mapping.save
|
||||||
render json: @mapping, status: :created
|
render json: @mapping, status: :created
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in a new issue