scinote-web/app/controllers/step_comments_controller.rb

90 lines
2.4 KiB
Ruby
Raw Normal View History

# frozen_string_literal: true
2016-02-12 23:52:43 +08:00
class StepCommentsController < ApplicationController
include ActionView::Helpers::TextHelper
2017-01-13 00:02:01 +08:00
include InputSanitizeHelper
include ApplicationHelper
include CommentHelper
2016-02-12 23:52:43 +08:00
before_action :load_vars
2016-09-20 20:13:40 +08:00
before_action :check_view_permissions, only: [:index]
2016-11-19 23:54:55 +08:00
before_action :check_add_permissions, only: [:create]
before_action :check_update_permissions, only: %i(update)
before_action :check_destroy_permissions, only: %i(destroy)
2016-02-12 23:52:43 +08:00
def index
comments = @step.last_comments(@last_comment_id, @per_page)
2021-07-23 17:56:28 +08:00
more_url = step_step_comments_path(@step, format: :json, from: comments.first.id) unless comments.blank?
comment_index_helper(comments, more_url)
2016-02-12 23:52:43 +08:00
end
def create
@comment = StepComment.new(
2016-02-12 23:52:43 +08:00
message: comment_params[:message],
user: current_user,
step: @step
)
comment_create_helper(@comment)
end
def update
2017-04-06 14:42:16 +08:00
old_text = @comment.message
@comment.message = comment_params[:message]
comment_update_helper(@comment, old_text)
end
def destroy
comment_destroy_helper(@comment)
end
2016-02-12 23:52:43 +08:00
private
def load_vars
@last_comment_id = params[:from].to_i
@per_page = Constants::COMMENTS_SEARCH_LIMIT
2016-02-12 23:52:43 +08:00
@step = Step.find_by_id(params[:step_id])
@protocol = @step&.protocol
2016-02-12 23:52:43 +08:00
render_404 unless @step && @protocol
2016-02-12 23:52:43 +08:00
end
def check_view_permissions
render_403 unless can_read_protocol_in_module?(@protocol)
2016-02-12 23:52:43 +08:00
end
def check_add_permissions
render_403 unless can_create_my_module_comments?(@protocol.my_module)
end
def check_destroy_permissions
@comment = @step.step_comments.find_by(id: params[:id])
render_403 unless @comment.present? &&
can_delete_comment_in_my_module_steps?(@comment)
end
def check_update_permissions
@comment = @step.step_comments.find_by(id: params[:id])
render_403 unless @comment.present? &&
can_update_comment_in_my_module_steps?(@comment)
end
2016-02-12 23:52:43 +08:00
def comment_params
params.require(:comment).permit(:message)
end
2017-04-06 14:42:16 +08:00
def log_activity(type_of)
Activities::CreateActivityService
.call(activity_type: type_of,
owner: current_user,
subject: @protocol,
team: current_team,
project: @step.my_module.experiment.project,
message_items: {
2019-03-29 22:09:20 +08:00
my_module: @step.my_module.id,
step: @step.id,
step_position: { id: @step.id, value_for: 'position_plus_one' }
})
end
2016-02-12 23:52:43 +08:00
end