glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

implement main_policy (headless). also remove all @current references

Browse source
This commit is contained in:
Devin Howard 2016-02-28 16:53:59 +08:00
parent 3ed6ffbdba
commit cbb6b648be
5 changed files with 55 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/main_controller.rb
View file

@ -8,15 +8,13 @@ class MainController < ApplicationController
# home page # home page
def home def home
@current = current_user @maps = Map.where("maps.permission != ?", "private").order("updated_at DESC").page(1).per(20)
respond_to do |format| respond_to do |format|
format.html { format.html {
if authenticated? if authenticated?
@maps = Map.where("maps.permission != ?", "private").order("updated_at DESC").page(1).per(20) render 'main/home'
respond_with(@maps, @current)
else else
respond_with(@current) render 'maps/activemaps'
end end
} }
end end
@ -213,5 +211,4 @@ class MainController < ApplicationController
render json: autocomplete_synapse_array_json(@synapses) render json: autocomplete_synapse_array_json(@synapses)
end end
end end

35
app/controllers/maps_controller.rb
View file

@ -7,10 +7,10 @@ class MapsController < ApplicationController
# GET /explore/active # GET /explore/active
def activemaps def activemaps
@current = current_user
page = params[:page].present? ? params[:page] : 1 page = params[:page].present? ? params[:page] : 1
@maps = Map.where("maps.permission != ?", "private").order("updated_at DESC").page(page).per(20) @maps = Map.where("maps.permission != ?", "private").order("updated_at DESC").page(page).per(20)
# root url => main/home. main/home renders maps/activemaps view.
redirect_to root_url and return if authenticated? redirect_to root_url and return if authenticated?
respond_to do |format| respond_to do |format|
@ -21,7 +21,6 @@ class MapsController < ApplicationController
# GET /explore/featured # GET /explore/featured
def featuredmaps def featuredmaps
@current = current_user
page = params[:page].present? ? params[:page] : 1 page = params[:page].present? ? params[:page] : 1
@maps = Map.where("maps.featured = ? AND maps.permission != ?", true, "private") @maps = Map.where("maps.featured = ? AND maps.permission != ?", true, "private")
.order("updated_at DESC").page(page).per(20) .order("updated_at DESC").page(page).per(20)
@ -36,10 +35,9 @@ class MapsController < ApplicationController
def mymaps def mymaps
return redirect_to activemaps_url if !authenticated? return redirect_to activemaps_url if !authenticated?
@current = current_user
page = params[:page].present? ? params[:page] : 1 page = params[:page].present? ? params[:page] : 1
# don't need to exclude private maps because they all belong to you # don't need to exclude private maps because they all belong to you
@maps = Map.where("maps.user_id = ?", @current.id).order("updated_at DESC").page(page).per(20) @maps = Map.where("maps.user_id = ?", current_user.id).order("updated_at DESC").page(page).per(20)
respond_to do |format| respond_to do |format|
format.html { respond_with(@maps, @user) } format.html { respond_with(@maps, @user) }
@ -49,7 +47,6 @@ class MapsController < ApplicationController
# GET /explore/mapper/:id # GET /explore/mapper/:id
def usermaps def usermaps
@current = current_user
page = params[:page].present? ? params[:page] : 1 page = params[:page].present? ? params[:page] : 1
@user = User.find(params[:id]) @user = User.find(params[:id])
@maps = Map.where("maps.user_id = ? AND maps.permission != ?", @user.id, "private").order("updated_at DESC").page(page).per(20) @maps = Map.where("maps.user_id = ? AND maps.permission != ?", @user.id, "private").order("updated_at DESC").page(page).per(20)
@ -62,8 +59,7 @@ class MapsController < ApplicationController
# GET maps/:id # GET maps/:id
def show def show
@current = current_user @map = Map.find(params[:id]).authorize_to_show(current_user)
@map = Map.find(params[:id]).authorize_to_show(@current)
if not @map if not @map
redirect_to root_url, notice: "Access denied. That map is private." and return redirect_to root_url, notice: "Access denied. That map is private." and return
@ -72,11 +68,11 @@ class MapsController < ApplicationController
respond_to do |format| respond_to do |format|
format.html { format.html {
@allmappers = @map.contributors @allmappers = @map.contributors
@alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) } @alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) }
@allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) } @allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && current_user.id != s.user_id)) }
@allmappings = @map.mappings.to_a.delete_if {|m| @allmappings = @map.mappings.to_a.delete_if {|m|
object = m.mappable object = m.mappable
!object || (object.permission == "private" && (!authenticated? || (authenticated? && @current.id != object.user_id))) !object || (object.permission == "private" && (!authenticated? || (authenticated? && current_user.id != object.user_id)))
} }
respond_with(@allmappers, @allmappings, @allsynapses, @alltopics, @map) respond_with(@allmappers, @allmappings, @allsynapses, @alltopics, @map)
@ -87,19 +83,18 @@ class MapsController < ApplicationController
# GET maps/:id/contains # GET maps/:id/contains
def contains def contains
@current = current_user @map = Map.find(params[:id]).authorize_to_show(current_user)
@map = Map.find(params[:id]).authorize_to_show(@current)
if not @map if not @map
redirect_to root_url, notice: "Access denied. That map is private." and return redirect_to root_url, notice: "Access denied. That map is private." and return
end end
@allmappers = @map.contributors @allmappers = @map.contributors
@alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) } @alltopics = @map.topics.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) }
@allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) } @allsynapses = @map.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && current_user.id != s.user_id)) }
@allmappings = @map.mappings.to_a.delete_if {|m| @allmappings = @map.mappings.to_a.delete_if {|m|
object = m.mappable object = m.mappable
!object || (object.permission == "private" && (!authenticated? || (authenticated? && @current.id != object.user_id))) !object || (object.permission == "private" && (!authenticated? || (authenticated? && current_user.id != object.user_id)))
} }
@json = Hash.new() @json = Hash.new()
@ -167,8 +162,7 @@ class MapsController < ApplicationController
# PUT maps/:id # PUT maps/:id
def update def update
@current = current_user @map = Map.find(params[:id]).authorize_to_edit(current_user)
@map = Map.find(params[:id]).authorize_to_edit(@current)
respond_to do |format| respond_to do |format|
if !@map if !@map
@ -183,8 +177,7 @@ class MapsController < ApplicationController
# POST maps/:id/upload_screenshot # POST maps/:id/upload_screenshot
def screenshot def screenshot
@current = current_user @map = Map.find(params[:id]).authorize_to_edit(current_user)
@map = Map.find(params[:id]).authorize_to_edit(@current)
if @map if @map
png = Base64.decode64(params[:encoded_image]['data:image/png;base64,'.length .. -1]) png = Base64.decode64(params[:encoded_image]['data:image/png;base64,'.length .. -1])
@ -207,9 +200,7 @@ class MapsController < ApplicationController
# DELETE maps/:id # DELETE maps/:id
def destroy def destroy
@current = current_user @map = Map.find(params[:id]).authorize_to_delete(current_user)
@map = Map.find(params[:id]).authorize_to_delete(@current)
@map.delete if @map @map.delete if @map

2
app/controllers/synapses_controller.rb
View file

@ -9,7 +9,7 @@ class SynapsesController < ApplicationController
def show def show
@synapse = Synapse.find(params[:id]) @synapse = Synapse.find(params[:id])
#.authorize_to_show(@current) #.authorize_to_show(current_user)
#if not @synapse #if not @synapse
# redirect_to root_url and return # redirect_to root_url and return

30
app/controllers/topics_controller.rb
View file

@ -7,7 +7,6 @@ class TopicsController < ApplicationController
# GET /topics/autocomplete_topic # GET /topics/autocomplete_topic
def autocomplete_topic def autocomplete_topic
@current = current_user
term = params[:term] term = params[:term]
if term && !term.empty? if term && !term.empty?
@topics = Topic.where('LOWER("name") like ?', term.downcase + '%').order('"name"') @topics = Topic.where('LOWER("name") like ?', term.downcase + '%').order('"name"')
@ -15,7 +14,7 @@ class TopicsController < ApplicationController
#read this next line as 'delete a topic if its private and you're either #read this next line as 'delete a topic if its private and you're either
#1. logged out or 2. logged in but not the topic creator #1. logged out or 2. logged in but not the topic creator
@topics.to_a.delete_if {|t| t.permission == "private" && @topics.to_a.delete_if {|t| t.permission == "private" &&
(!authenticated? || (authenticated? && @current.id != t.user_id)) } (!authenticated? || (authenticated? && current_user.id != t.user_id)) }
else else
@topics = [] @topics = []
end end
@ -24,8 +23,7 @@ class TopicsController < ApplicationController
# GET topics/:id # GET topics/:id
def show def show
@current = current_user @topic = Topic.find(params[:id]).authorize_to_show(current_user)
@topic = Topic.find(params[:id]).authorize_to_show(@current)
if not @topic if not @topic
redirect_to root_url, notice: "Access denied. That topic is private." and return redirect_to root_url, notice: "Access denied. That topic is private." and return
@ -33,8 +31,8 @@ class TopicsController < ApplicationController
respond_to do |format| respond_to do |format|
format.html { format.html {
@alltopics = ([@topic] + @topic.relatives).delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) } # should limit to topics visible to user @alltopics = ([@topic] + @topic.relatives).delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) } # should limit to topics visible to user
@allsynapses = @topic.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) } @allsynapses = @topic.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && current_user.id != s.user_id)) }
@allcreators = [] @allcreators = []
@alltopics.each do |t| @alltopics.each do |t|
@ -56,15 +54,14 @@ class TopicsController < ApplicationController
# GET topics/:id/network # GET topics/:id/network
def network def network
@current = current_user @topic = Topic.find(params[:id]).authorize_to_show(current_user)
@topic = Topic.find(params[:id]).authorize_to_show(@current)
if not @topic if not @topic
redirect_to root_url, notice: "Access denied. That topic is private." and return redirect_to root_url, notice: "Access denied. That topic is private." and return
end end
@alltopics = @topic.relatives.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id)) } @alltopics = @topic.relatives.to_a.delete_if {|t| t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)) }
@allsynapses = @topic.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && @current.id != s.user_id)) } @allsynapses = @topic.synapses.to_a.delete_if {|s| s.permission == "private" && (!authenticated? || (authenticated? && current_user.id != s.user_id)) }
@allcreators = [] @allcreators = []
@allcreators.push(@topic.user) @allcreators.push(@topic.user)
@alltopics.each do |t| @alltopics.each do |t|
@ -91,8 +88,7 @@ class TopicsController < ApplicationController
# GET topics/:id/relative_numbers # GET topics/:id/relative_numbers
def relative_numbers def relative_numbers
@current = current_user @topic = Topic.find(params[:id]).authorize_to_show(current_user)
@topic = Topic.find(params[:id]).authorize_to_show(@current)
if not @topic if not @topic
redirect_to root_url, notice: "Access denied. That topic is private." and return redirect_to root_url, notice: "Access denied. That topic is private." and return
@ -102,7 +98,7 @@ class TopicsController < ApplicationController
@alltopics = @topic.relatives.to_a.delete_if {|t| @alltopics = @topic.relatives.to_a.delete_if {|t|
@topicsAlreadyHas.index(t.id.to_s) != nil || @topicsAlreadyHas.index(t.id.to_s) != nil ||
(t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id))) (t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)))
} }
@alltopics.uniq! @alltopics.uniq!
@ -123,8 +119,7 @@ class TopicsController < ApplicationController
# GET topics/:id/relatives # GET topics/:id/relatives
def relatives def relatives
@current = current_user @topic = Topic.find(params[:id]).authorize_to_show(current_user)
@topic = Topic.find(params[:id]).authorize_to_show(@current)
if not @topic if not @topic
redirect_to root_url, notice: "Access denied. That topic is private." and return redirect_to root_url, notice: "Access denied. That topic is private." and return
@ -135,7 +130,7 @@ class TopicsController < ApplicationController
@alltopics = @topic.relatives.to_a.delete_if {|t| @alltopics = @topic.relatives.to_a.delete_if {|t|
@topicsAlreadyHas.index(t.id.to_s) != nil || @topicsAlreadyHas.index(t.id.to_s) != nil ||
(params[:metacode] && t.metacode_id.to_s != params[:metacode]) || (params[:metacode] && t.metacode_id.to_s != params[:metacode]) ||
(t.permission == "private" && (!authenticated? || (authenticated? && @current.id != t.user_id))) (t.permission == "private" && (!authenticated? || (authenticated? && current_user.id != t.user_id)))
} }
@alltopics.uniq! @alltopics.uniq!
@ -198,8 +193,7 @@ class TopicsController < ApplicationController
# DELETE topics/:id # DELETE topics/:id
def destroy def destroy
@current = current_user @topic = Topic.find(params[:id]).authorize_to_delete(current_user)
@topic = Topic.find(params[:id]).authorize_to_delete(@current)
@topic.delete if @topic @topic.delete if @topic
respond_to do |format| respond_to do |format|

26
app/policies/main_policy.rb Normal file
View file

@ -0,0 +1,26 @@
class MainPolicy < ApplicationPolicy
def initialize(user, record)
@user = user
@record = nil
end
def home?
true
end
def searchtopics?
true
end
def searchmaps?
true
end
def searchmappers?
true
end
def searchsynapses?
true
end
end