Module: Unsakini::PostOwnerControllerConcern

Extended by:

ActiveSupport::Concern

Included in:

CommentsController, PostsController, ShareBoardController

Defined in:

app/controllers/concerns/unsakini/post_owner_controller_concern.rb

Instance Method Summary

• #ensure_post ⇒ Object

  Ensures user is owner of the post and sets the ‘@post` variable in the controllers.

• #ensure_post_owner ⇒ Object

  Ensures user is owner of the post.

• #has_post_access(board_id, post_id) ⇒ Object

  Validate if user has access to the post in the board.

Instance Method Details

#ensure_post ⇒ Object

Ensures user is owner of the post and sets the ‘@post` variable in the controllers

# File 'app/controllers/concerns/unsakini/post_owner_controller_concern.rb', line 7

def ensure_post
  post_id = params[:post_id] || params[:id]
  board_id = params[:board_id]
  result = has_post_access(board_id, post_id)
  status = result[:status]
  @post = result[:post]
  head status if status != :ok
end

#ensure_post_owner ⇒ Object

Ensures user is owner of the post. Must be run after #ensure_post‘.

# File 'app/controllers/concerns/unsakini/post_owner_controller_concern.rb', line 33

def ensure_post_owner
  render json: {}, status: :forbidden if @post.user_id != @user.id
end

#has_post_access(board_id, post_id) ⇒ Object

Validate if user has access to the post in the board

Parameters:

• board_id (Integer) —

  board id

• post_id (Integer) —

  post id

# File 'app/controllers/concerns/unsakini/post_owner_controller_concern.rb', line 20

def has_post_access(board_id, post_id)
  post = Unsakini::Post.where(id: post_id, board_id: board_id)
  .joins("LEFT JOIN #{UserBoard.table_name} ON #{UserBoard.table_name}.board_id = #{Post.table_name}.board_id")
  .where("#{UserBoard.table_name}.user_id = ?", @user.id)
  .first
  if post.nil?
    return {status: :forbidden}
  else
    return {status: :ok, post: post}
  end
end