Changesets can be listed by changeset number.
The Git repository is here.
- Revision:
- 120
- Log:
Hub integration. RForum Users are lazy-created when Hub users, logged in,
visit RForum for the first time. RForum navigation links to log in and
out or change settings all point at Hub. Webmaster and adminstrator roles
in Hub map to administrator permissions in RForum; in addition to the
RForum permission management system, though, added Hub permissions hashes
to various controllers to include Hub authorisation too. Two layers can't
hurt and it means sensible return-to'd redirections to Hub for some
action types.Corrected grammar on deletion confirmation messages and tidied up a few
templates here and there, too.
- Author:
- adh
- Date:
- Sat Oct 28 23:53:03 +0100 2006
- Size:
- 7752 Bytes
1 | class TopicController < ApplicationController |
2 | helper :forum |
3 | |
4 | # Use HubSsoLib for permissions management, as a layer on top of |
5 | # the provision within RForum. |
6 | |
7 | @@hubssolib_permissions = HubSsoLib::Permissions.new({ |
8 | :new => [ :admin, :webmaster, :privileged, :normal ], |
9 | :subscribe => [ :admin, :webmaster, :privileged, :normal ], |
10 | :unsubscribe => [ :admin, :webmaster, :privileged, :normal ], |
11 | :delete_post => [ :admin, :webmaster, :privileged, :normal ], |
12 | :move => [ :admin, :webmaster, :privileged ], |
13 | :undelete_post => [ :admin, :webmaster, :privileged ] |
14 | }) |
15 | |
16 | def TopicController.hubssolib_permissions |
17 | @@hubssolib_permissions |
18 | end |
19 | |
20 | # Display a topic. If reply_to parameter is included, handle the post editing form, too |
21 | def show |
22 | begin |
23 | @topic = Topic.find(@params['id']) |
24 | rescue ActiveRecord::RecordNotFound |
25 | render_text "Topic not found", 404 |
26 | return |
27 | end |
28 | |
29 | @title = @topic.subject |
30 | @forum = @topic.forum |
31 | |
32 | return if redirect_if_site_doesnt_match |
33 | |
34 | raise RForum::SecurityError if @topic.hidden? && !@user.can_view_deleted_posts?(@topic) |
35 | |
36 | # Get the time of the last visit |
37 | @last_read_at = @user.last_read_time(@topic) || Time.at(0) unless @user.guest? |
38 | @user.update_read_time(@topic).updated_at unless @user.guest? |
39 | |
40 | @posts = @topic.posts_with_user_data(include_hidden = @user.can_view_deleted_posts?(@topic)) |
41 | |
42 | if @params['post'] |
43 | begin |
44 | if not @params['post']['id'].to_s.empty? |
45 | # Edit post; check permission and update text and subject |
46 | raise RForum::SecurityError unless @user.can_edit?(Post.find(@params['post']['id'])) |
47 | post = Post.update(@params['post']['id'], |
48 | {'subject' => @params['post']['subject'], 'text' => @params['post']['text']}) |
49 | else |
50 | # Create reply |
51 | raise RForum::SecurityError unless @user.can_reply? |
52 | post = prepare_post_from_params(@params['post']) |
53 | |
54 | post.parent_id = @params['post']['parent_id'] |
55 | parent = Post.find(@params['post']['parent_id']) |
56 | |
57 | if parent.topic.forum.readonly == 1 |
58 | render_text 'This forum does not allow posts.' |
59 | end |
60 | |
61 | parent.add_reply(post) |
62 | end |
63 | |
64 | display_post(post) |
65 | # on error, re-render the same topic with the form again |
66 | rescue RForum::ValidationError => e |
67 | @post = e.entity |
68 | end |
69 | # if reply_to parameter specified, prepare template inputs for a post editing form |
70 | elsif @params['reply_to'] |
71 | if @forum.readonly == 1 |
72 | render_text 'This forum does not allow posts.' |
73 | end |
74 | |
75 | raise RForum::SecurityError unless @user.can_post? |
76 | |
77 | @no_robots = true |
78 | @post = prepare_reply_for_form(@params['reply_to']) |
79 | elsif @params['edit'] |
80 | @no_robots = true |
81 | @post = Post.find(@params['edit']) |
82 | |
83 | raise RForum::SecurityError unless @user.can_edit?(@post) |
84 | end |
85 | end |
86 | |
87 | # If this action is called via a hyperlink, it displays a form |
88 | # Submit button on the same form reinvokes the same action, but also puts the form data |
89 | # into @params['post'], and in that case the action creates the form. |
90 | # If form creation fails due to validation errors, the form is re-displayed; otherwise |
91 | # user is redirected to the post in the topic |
92 | def new |
93 | raise RForum::SecurityError unless @user.can_post? |
94 | |
95 | @no_robots = true |
96 | @forum = Forum.find(@params['forum_id']) rescue Forum.find_first |
97 | @title = "New post in forum '#{@forum.name}'" |
98 | |
99 | if @forum.readonly == 1 |
100 | render_text 'This forum does not allow posts.' |
101 | return |
102 | end |
103 | |
104 | if @params['post'] |
105 | # Form submitted |
106 | new_post = prepare_post_from_params(@params['post']) |
107 | |
108 | begin |
109 | saved_post = @forum.add_post(new_post) |
110 | display_post(saved_post) |
111 | rescue RForum::ValidationError => e |
112 | # on error, re-render the form again |
113 | @post = e.entity |
114 | end |
115 | else |
116 | return if redirect_if_site_doesnt_match |
117 | @post = Post.new |
118 | @post.author = @user |
119 | end |
120 | end |
121 | |
122 | def move |
123 | topic = Topic.find(@params['id']) |
124 | raise RForum::SecurityError unless @user.can_move?(topic) |
125 | |
126 | @title = l(:move_topic_title) |
127 | |
128 | if @params['to'] |
129 | new_forum = Forum.find(@params['to']) |
130 | topic.forum = new_forum |
131 | topic.save |
132 | redirect_to :action => 'show', :id => topic.id |
133 | else |
134 | @topic = topic |
135 | end |
136 | end |
137 | |
138 | # Delete a topic or a single post |
139 | def delete_post |
140 | post = Post.find(@params['id']) |
141 | raise RForum::SecurityError unless @user.can_delete?(post) |
142 | |
143 | recursive = @user.can_delete_recursive?(post) && (@params['recursive'].to_i == 1) |
144 | |
145 | if post.root? |
146 | Post.transaction do |
147 | post.topic.hide |
148 | end |
149 | redirect_to :controller => 'forum', :action => 'forum', :id => post.topic.forum_id |
150 | else |
151 | Post.transaction do |
152 | post.hide(recursive) |
153 | end |
154 | redirect_to :controller => 'topic', :action => 'show', :id => post.topic_id |
155 | end |
156 | end |
157 | |
158 | # Undelete a single post |
159 | def undelete_post |
160 | post = Post.find(@params['id']) |
161 | raise RForum::SecurityError unless @user.can_undelete?(post) |
162 | |
163 | recursive = @user.can_undelete_recursive?(post) && (@params['recursive'].to_i == 1) |
164 | |
165 | if post.root? |
166 | Post.transaction do |
167 | post.topic.unhide(recursive) |
168 | end |
169 | redirect_to :controller => 'topic', :action => 'show', :id => post.topic_id |
170 | else |
171 | Post.transaction do |
172 | post.unhide(recursive) |
173 | end |
174 | redirect_to :controller => 'topic', :action => 'show', :id => post.topic_id, :anchor => post.id |
175 | end |
176 | end |
177 | |
178 | # Subscribe to receive notification about new posts in this topic. |
179 | def subscribe |
180 | @topic = Topic.find(@params['id']) |
181 | unless @user.guest? |
182 | @user.subscribe_topic(@topic) |
183 | end |
184 | |
185 | flash[:attention] = 'Email notification for new posts in this topic is now enabled.' |
186 | redirect_to :controller => 'topic', :action => 'show', :id => @topic.id |
187 | end |
188 | |
189 | def unsubscribe |
190 | @topic = Topic.find(@params['id']) |
191 | unless @user.guest? |
192 | # Ignore errors; if the user wasn't subscribed anyway, there's no need |
193 | # to moan about it. |
194 | @user.unsubscribe_topic(@topic) |
195 | end |
196 | |
197 | flash[:attention] = 'Email notification for new posts in this topic is now disabled.' |
198 | redirect_to :controller => 'topic', :action => 'show', :id => @topic.id |
199 | end |
200 | |
201 | private |
202 | |
203 | def display_post(post) |
204 | redirect_to :controller => 'topic', :action => 'show', :id => post.topic_id, :anchor => post.id |
205 | end |
206 | |
207 | def prepare_reply_for_form(reply_to_id) |
208 | reply_to = Post.find_with_user_data(reply_to_id) |
209 | post = Post.new( |
210 | 'topic_id' => reply_to.topic_id, |
211 | 'parent_id' => reply_to.id, |
212 | 'subject' => reply_to.reply_subject, |
213 | 'text' => "#{reply_to.get_display_name} wrote:\n#{reply_to.quoted_text}\n\n") |
214 | |
215 | post.author = @user |
216 | |
217 | return post |
218 | end |
219 | |
220 | # prepare a Post object from a form, update @user with guest_name and guest_email |
221 | def prepare_post_from_params(form_attributes) |
222 | new_post = Post.new |
223 | |
224 | if form_attributes['new_attachment'] && form_attributes['new_attachment'].size > 0 |
225 | new_post.new_attachment = form_attributes['new_attachment'] |
226 | end |
227 | |
228 | new_post.subject = form_attributes['subject'] |
229 | new_post.text = form_attributes['text'] |
230 | |
231 | if @user.guest? |
232 | @user.guest_name = form_attributes['guest_name'] |
233 | @user.guest_email = form_attributes['guest_email'] |
234 | end |
235 | |
236 | new_post.author = @user |
237 | new_post.author_host = @request.remote_ip |
238 | |
239 | return new_post |
240 | end |
241 | |
242 | end |