diff --git a/app/controllers/main_controller.rb b/app/controllers/main_controller.rb index 1cd0f577..31a55abc 100644 --- a/app/controllers/main_controller.rb +++ b/app/controllers/main_controller.rb @@ -8,15 +8,13 @@ class MainController < ApplicationController # home page def home - @current = current_user - + @maps = Map.where("maps.permission != ?", "private").order("updated_at DESC").page(1).per(20) respond_to do |format| format.html { if authenticated? - @maps = Map.where("maps.permission != ?", "private").order("updated_at DESC").page(1).per(20) - respond_with(@maps, @current) + render 'main/home' else - respond_with(@current) + render 'maps/activemaps' end } end @@ -213,5 +211,4 @@ class MainController < ApplicationController render json: autocomplete_synapse_array_json(@synapses) end - end diff --git a/app/controllers/maps_controller.rb b/app/controllers/maps_controller.rb index cad6d8f6..cb949098 100644 --- a/app/controllers/maps_controller.rb +++ b/app/controllers/maps_controller.rb @@ -7,10 +7,10 @@ class MapsController < ApplicationController # GET /explore/active def activemaps - @current = current_user page = params[:page].present? ? params[:page] : 1 @maps = Map.where("maps.permission != ?", "private").order("updated_at DESC").page(page).per(20) + # root url => main/home. main/home renders maps/activemaps view. redirect_to root_url and return if authenticated? respond_to do |format| @@ -21,7 +21,6 @@ class MapsController < ApplicationController # GET /explore/featured def featuredmaps - @current = current_user page = params[:page].present? ? params[:page] : 1 @maps = Map.where("maps.featured = ? AND maps.permission != ?", true, "private") .order("updated_at DESC").page(page).per(20) @@ -36,10 +35,9 @@ class MapsController < ApplicationController def mymaps return redirect_to activemaps_url if !authenticated? - @current = current_user page = params[:page].present? ? params[:page] : 1 # don't need to exclude private maps because they all belong to you - @maps = Map.where("maps.user_id = ?", @current.id).order("updated_at DESC").page(page).per(20) + @maps = Map.where("maps.user_id = ?", current_user.id).order("updated_at DESC").page(page).per(20) respond_to do |format| format.html { respond_with(@maps, @user) } @@ -49,7 +47,6 @@ class MapsController < ApplicationController # GET /explore/mapper/:id def usermaps - @current = current_user page = params[:page].present? ? params[:page] : 1 @user = User.find(params[:id]) @maps = Map.where("maps.user_id = ? AND maps.permission != ?", @user.id, "private").order("updated_at DESC").page(page).per(20) @@ -62,8 +59,7 @@ class MapsController < ApplicationController # GET maps/:id def show - @current = current_user - @map = Map.find(params[:id]).authorize_to_show(@current) + @map = Map.find(params[:id]).authorize_to_show(current_user) if not @map redirect_to root_url, notice: "Access denied. That map is private." and return @@ -72,11 +68,11 @@ class MapsController < ApplicationController respond_to do |format| format.html { @allmappers = @map.contributors - @alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) } - @allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) } + @alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) } + @allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && current_user.id != s.user_id)) } @allmappings = @map.mappings.to_a.delete_if {|m| object = m.mappable - !object || (object.permission == "private" && (!authenticated? || (authenticated? && @current.id != object.user_id))) + !object || (object.permission == "private" && (!authenticated? || (authenticated? && current_user.id != object.user_id))) } respond_with(@allmappers, @allmappings, @allsynapses, @alltopics, @map) @@ -87,19 +83,18 @@ class MapsController < ApplicationController # GET maps/:id/contains def contains - @current = current_user - @map = Map.find(params[:id]).authorize_to_show(@current) + @map = Map.find(params[:id]).authorize_to_show(current_user) if not @map redirect_to root_url, notice: "Access denied. That map is private." and return end @allmappers = @map.contributors - @alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) } - @allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) } + @alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) } + @allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && current_user.id != s.user_id)) } @allmappings = @map.mappings.to_a.delete_if {|m| object = m.mappable - !object || (object.permission == "private" && (!authenticated? || (authenticated? && @current.id != object.user_id))) + !object || (object.permission == "private" && (!authenticated? || (authenticated? && current_user.id != object.user_id))) } @json = Hash.new() @@ -167,8 +162,7 @@ class MapsController < ApplicationController # PUT maps/:id def update - @current = current_user - @map = Map.find(params[:id]).authorize_to_edit(@current) + @map = Map.find(params[:id]).authorize_to_edit(current_user) respond_to do |format| if !@map @@ -183,8 +177,7 @@ class MapsController < ApplicationController # POST maps/:id/upload_screenshot def screenshot - @current = current_user - @map = Map.find(params[:id]).authorize_to_edit(@current) + @map = Map.find(params[:id]).authorize_to_edit(current_user) if @map png = Base64.decode64(params[:encoded_image]['data:image/png;base64,'.length .. -1]) @@ -207,9 +200,7 @@ class MapsController < ApplicationController # DELETE maps/:id def destroy - @current = current_user - - @map = Map.find(params[:id]).authorize_to_delete(@current) + @map = Map.find(params[:id]).authorize_to_delete(current_user) @map.delete if @map diff --git a/app/controllers/synapses_controller.rb b/app/controllers/synapses_controller.rb index f19dc053..e706aac4 100644 --- a/app/controllers/synapses_controller.rb +++ b/app/controllers/synapses_controller.rb @@ -9,7 +9,7 @@ class SynapsesController < ApplicationController def show @synapse = Synapse.find(params[:id]) - #.authorize_to_show(@current) + #.authorize_to_show(current_user) #if not @synapse # redirect_to root_url and return diff --git a/app/controllers/topics_controller.rb b/app/controllers/topics_controller.rb index 19062ba9..47105396 100644 --- a/app/controllers/topics_controller.rb +++ b/app/controllers/topics_controller.rb @@ -7,7 +7,6 @@ class TopicsController < ApplicationController # GET /topics/autocomplete_topic def autocomplete_topic - @current = current_user term = params[:term] if term && !term.empty? @topics = Topic.where('LOWER("name") like ?', term.downcase + '%').order('"name"') @@ -15,7 +14,7 @@ class TopicsController < ApplicationController #read this next line as 'delete a topic if its private and you're either #1. logged out or 2. logged in but not the topic creator @topics.to_a.delete_if {|t| t.permission == "private" && - (!authenticated? || (authenticated? && @current.id != t.user_id)) } + (!authenticated? || (authenticated? && current_user.id != t.user_id)) } else @topics = [] end @@ -24,8 +23,7 @@ class TopicsController < ApplicationController # GET topics/:id def show - @current = current_user - @topic = Topic.find(params[:id]).authorize_to_show(@current) + @topic = Topic.find(params[:id]).authorize_to_show(current_user) if not @topic redirect_to root_url, notice: "Access denied. That topic is private." and return @@ -33,8 +31,8 @@ class TopicsController < ApplicationController respond_to do |format| format.html { - @alltopics = ([@topic] + @topic.relatives).delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) } # should limit to topics visible to user - @allsynapses = @topic.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) } + @alltopics = ([@topic] + @topic.relatives).delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) } # should limit to topics visible to user + @allsynapses = @topic.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && current_user.id != s.user_id)) } @allcreators = [] @alltopics.each do |t| @@ -56,15 +54,14 @@ class TopicsController < ApplicationController # GET topics/:id/network def network - @current = current_user - @topic = Topic.find(params[:id]).authorize_to_show(@current) + @topic = Topic.find(params[:id]).authorize_to_show(current_user) if not @topic redirect_to root_url, notice: "Access denied. That topic is private." and return end - @alltopics = @topic.relatives.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) } - @allsynapses = @topic.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) } + @alltopics = @topic.relatives.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) } + @allsynapses = @topic.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && current_user.id != s.user_id)) } @allcreators = [] @allcreators.push(@topic.user) @alltopics.each do |t| @@ -91,8 +88,7 @@ class TopicsController < ApplicationController # GET topics/:id/relative_numbers def relative_numbers - @current = current_user - @topic = Topic.find(params[:id]).authorize_to_show(@current) + @topic = Topic.find(params[:id]).authorize_to_show(current_user) if not @topic redirect_to root_url, notice: "Access denied. That topic is private." and return @@ -102,7 +98,7 @@ class TopicsController < ApplicationController @alltopics = @topic.relatives.to_a.delete_if {|t| @topicsAlreadyHas.index(t.id.to_s) != nil || - (t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id))) + (t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id))) } @alltopics.uniq! @@ -123,8 +119,7 @@ class TopicsController < ApplicationController # GET topics/:id/relatives def relatives - @current = current_user - @topic = Topic.find(params[:id]).authorize_to_show(@current) + @topic = Topic.find(params[:id]).authorize_to_show(current_user) if not @topic redirect_to root_url, notice: "Access denied. That topic is private." and return @@ -135,7 +130,7 @@ class TopicsController < ApplicationController @alltopics = @topic.relatives.to_a.delete_if {|t| @topicsAlreadyHas.index(t.id.to_s) != nil || (params[:metacode] && t.metacode_id.to_s != params[:metacode]) || - (t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id))) + (t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id))) } @alltopics.uniq! @@ -198,8 +193,7 @@ class TopicsController < ApplicationController # DELETE topics/:id def destroy - @current = current_user - @topic = Topic.find(params[:id]).authorize_to_delete(@current) + @topic = Topic.find(params[:id]).authorize_to_delete(current_user) @topic.delete if @topic respond_to do |format| diff --git a/app/policies/main_policy.rb b/app/policies/main_policy.rb new file mode 100644 index 00000000..ee7f9fc9 --- /dev/null +++ b/app/policies/main_policy.rb @@ -0,0 +1,26 @@ +class MainPolicy < ApplicationPolicy + def initialize(user, record) + @user = user + @record = nil + end + + def home? + true + end + + def searchtopics? + true + end + + def searchmaps? + true + end + + def searchmappers? + true + end + + def searchsynapses? + true + end +end