class PostsController < ApplicationController before_filter :find_post, :except => [:index, :index_rss, :create, :monitored, :search] @@query_options = { :select => 'posts.*, topics.title as topic_title, forums.name as forum_name', :joins => 'inner join topics on posts.topic_id = topics.id inner join forums on topics.forum_id = forums.id', :order => 'posts.created_at desc' } @@hubssolib_permissions = HubSsoLib::Permissions.new({ :new => [ :admin, :webmaster, :privileged, :normal ], :create => [ :admin, :webmaster, :privileged, :normal ], :edit => [ :admin, :webmaster, :privileged, :normal ], :update => [ :admin, :webmaster, :privileged, :normal ], :destroy => [ :admin, :webmaster ], }) def PostsController.hubssolib_permissions @@hubssolib_permissions end def index index_initialise render_posts_or_xml end # Backwards compatibility with RForum global feed via a routing hack. # def index_rss index_initialise render :action => "index.rxml", :layout => false end def search conditions = params[:q].blank? ? nil : Post.send(:sanitize_sql, ['LOWER(posts.body) LIKE ?', "%#{params[:q].downcase}%"]) @post_pages, @posts = paginate(:posts, @@query_options.merge(:conditions => conditions).merge(per_page())) @users = User.find(:all, :select => 'distinct *', :conditions => ['id in (?)', @posts.collect(&:user_id).uniq]).index_by(&:id) render_posts_or_xml :index end def monitored @user = User.find params[:user_id] options = @@query_options.merge(:conditions => ['monitorships.user_id = ? and posts.user_id != ?', params[:user_id], @user.id]) options[:joins] += ' inner join monitorships on monitorships.topic_id = topics.id' @post_pages, @posts = paginate(:posts, options.merge(per_page())) render_posts_or_xml end def show respond_to do |format| format.html { redirect_to topic_path(@post.forum_id, @post.topic_id) } format.xml { render :xml => @post.to_xml } end end def create @topic = Topic.find_by_id_and_forum_id(params[:topic_id],params[:forum_id], :include => :forum) if @topic.locked? respond_to do |format| format.html do flash[:notice] = 'This topic is locked.' redirect_to(long_topic_path()) end format.xml do render :text => 'This topic is locked.', :status => 400 end end return end @forum = @topic.forum @post = @topic.posts.build(params[:post]) @post.user = current_user @post.save! respond_to do |format| format.html do redirect_to(long_topic_path(@post.dom_id)) end format.xml { head :created, :location => formatted_post_url(:forum_id => params[:forum_id], :topic_id => params[:topic_id], :id => @post, :format => :xml) } end rescue ActiveRecord::RecordInvalid flash[:bad_reply] = 'Your reply was empty, or contained prohibited words' respond_to do |format| format.html do redirect_to(long_topic_path('reply-form')) end format.xml { render :xml => @post.errors.to_xml, :status => 400 } end end def edit respond_to do |format| format.html format.js end end def update @post.attributes = params[:post] @post.save! rescue ActiveRecord::RecordInvalid flash[:bad_reply] = 'Your edited post was empty, or contained prohibited words' ensure respond_to do |format| format.html do redirect_to(long_topic_path(@post.dom_id)) end format.js format.xml { head 200 } end end def destroy @post.destroy flash[:notice] = "Post of '#{CGI::escapeHTML @post.topic.title}' was deleted." # check for posts_count == 1 because its cached and counting the currently deleted post @post.topic.destroy and redirect_to forum_path(params[:forum_id]) if @post.topic.posts_count == 1 respond_to do |format| format.html do redirect_to(long_topic_path()) unless performed? end format.xml { head 200 } end end protected def index_initialise conditions = [] [:user_id, :forum_id].each { |attr| conditions << Post.send(:sanitize_sql, ["posts.#{attr} = ?", params[attr]]) if params[attr] } conditions = conditions.any? ? conditions.collect { |c| "(#{c})" }.join(' AND ') : nil if conditions.nil? if params[:tests_and_aldershot] == 'yes' conditions = "(name = 'Aldershot' OR name = 'Tests')" elsif params[:everything] != 'yes' conditions = "name != 'Aldershot' AND name != 'Tests'" end end @post_pages, @posts = paginate(:posts, @@query_options.merge(:conditions => conditions).merge(per_page())) @users = User.find(:all, :select => 'distinct *', :conditions => ['id in (?)', @posts.collect(&:user_id).uniq]).index_by(&:id) end def authorized? action_name == 'create' || @post.editable_by?(current_user) end def find_post @post = Post.find_by_id_and_topic_id_and_forum_id(params[:id], params[:topic_id], params[:forum_id]) || raise(ActiveRecord::RecordNotFound) end def render_posts_or_xml(template_name = action_name) respond_to do |format| format.html { render :action => "#{template_name}.rhtml" } format.rss { render :action => "#{template_name}.rxml", :layout => false } format.xml { render :xml => @posts.to_xml } end end def long_topic_path(anchor = nil) options = { :forum_id => params[:forum_id], :id => params[:topic_id] } options[:anchor] = anchor unless (anchor.nil?) options[:page] = (params[:page] || '1').to_i.to_s if (params.has_key?(:page)) options[:posts_per_page] = (params[:posts_per_page] || '25').to_i.to_s if (params.has_key?(:posts_per_page)) topic_path(options) end def per_page { :per_page => [params[:posts_per_page].to_i, 25].max } end end