119 lines
3.4 KiB
Ruby
119 lines
3.4 KiB
Ruby
class CommentsController < ApplicationController
|
|
before_action :set_comment, only: [:show, :edit, :update, :destroy_by_id]
|
|
|
|
# to disable authorization check: comment the line below back in
|
|
# skip_after_action :verify_authorized
|
|
|
|
def authorize!
|
|
authorize(@comment || @comments)
|
|
end
|
|
private :authorize!
|
|
|
|
# GET /comments
|
|
# GET /comments.json
|
|
def index
|
|
file = CodeOcean::File.find(params[:file_id])
|
|
#there might be no submission yet, so dont use find
|
|
submission = Submission.find_by(id: file.context_id)
|
|
if submission
|
|
@comments = Comment.where(file_id: params[:file_id])
|
|
@comments.map{|comment|
|
|
comment.username = comment.user.displayname
|
|
}
|
|
else
|
|
@comments = []
|
|
end
|
|
authorize!
|
|
end
|
|
|
|
# GET /comments/1
|
|
# GET /comments/1.json
|
|
def show
|
|
authorize!
|
|
end
|
|
|
|
# GET /comments/new
|
|
def new
|
|
@comment = Comment.new
|
|
authorize!
|
|
end
|
|
|
|
# GET /comments/1/edit
|
|
def edit
|
|
authorize!
|
|
end
|
|
|
|
# POST /comments
|
|
# POST /comments.json
|
|
def create
|
|
@comment = Comment.new(comment_params_without_request_id)
|
|
|
|
if comment_params[:request_id]
|
|
UserMailer.got_new_comment(@comment, RequestForComment.find(comment_params[:request_id]), current_user)
|
|
end
|
|
|
|
respond_to do |format|
|
|
if @comment.save
|
|
format.html { redirect_to @comment, notice: 'Comment was successfully created.' }
|
|
format.json { render :show, status: :created, location: @comment }
|
|
else
|
|
format.html { render :new }
|
|
format.json { render json: @comment.errors, status: :unprocessable_entity }
|
|
end
|
|
end
|
|
authorize!
|
|
end
|
|
|
|
# PATCH/PUT /comments/1
|
|
# PATCH/PUT /comments/1.json
|
|
def update
|
|
respond_to do |format|
|
|
if @comment.update(comment_params_without_request_id)
|
|
format.html { head :no_content, notice: 'Comment was successfully updated.' }
|
|
format.json { render :show, status: :ok, location: @comment }
|
|
else
|
|
format.html { render :edit }
|
|
format.json { render json: @comment.errors, status: :unprocessable_entity }
|
|
end
|
|
end
|
|
authorize!
|
|
end
|
|
|
|
# DELETE /comments/1
|
|
# DELETE /comments/1.json
|
|
def destroy_by_id
|
|
@comment.destroy
|
|
respond_to do |format|
|
|
format.html { head :no_content, notice: 'Comment was successfully destroyed.' }
|
|
format.json { head :no_content }
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
@comments = Comment.where(file_id: params[:file_id], row: params[:row], user: current_user)
|
|
@comments.each { |comment| authorize comment; comment.destroy }
|
|
respond_to do |format|
|
|
#format.html { redirect_to comments_url, notice: 'Comments were successfully destroyed.' }
|
|
format.html { head :no_content, notice: 'Comments were successfully destroyed.' }
|
|
format.json { head :no_content }
|
|
end
|
|
end
|
|
|
|
private
|
|
# Use callbacks to share common setup or constraints between actions.
|
|
def set_comment
|
|
@comment = Comment.find(params[:id])
|
|
end
|
|
|
|
def comment_params_without_request_id
|
|
comment_params.except :request_id
|
|
end
|
|
|
|
# Never trust parameters from the scary internet, only allow the white list through.
|
|
def comment_params
|
|
#params.require(:comment).permit(:user_id, :file_id, :row, :column, :text)
|
|
# fuer production mode, damit böse menschen keine falsche user_id uebergeben:
|
|
params.require(:comment).permit(:file_id, :row, :column, :text, :request_id).merge(user_id: current_user.id, user_type: current_user.class.name)
|
|
end
|
|
end
|