scinote-web/app/controllers/result_comments_controller.rb

class ResultCommentsController < ApplicationController
  include ActionView::Helpers::TextHelper
  include InputSanitizeHelper

  before_action :load_vars

  before_action :check_view_permissions, only: [:index]
  before_action :check_add_permissions, only: [:create]
  before_action :check_edit_permissions, only: [:edit, :update]
  before_action :check_destroy_permissions, only: [:destroy]

  def index
    @comments = @result.last_comments(@last_comment_id, @per_page)

    respond_to do |format|
      format.json do
        # 'index' partial includes header and form for adding new
        # messages. 'list' partial is used for showing more
        # comments.
        partial = 'index.html.erb'
        partial = 'list.html.erb' if @last_comment_id > 0
        more_url = ''
        if @comments.count > 0
          more_url = url_for(result_result_comments_path(@result,
                                                         format: :json,
                                                         from: @comments
                                                                 .first.id))
        end
        render json: {
          perPage: @per_page,
          resultsNumber: @comments.length,
          moreUrl: more_url,
          html: render_to_string(partial: partial,
                                 locals: { comments: @comments,
                                           more_comments_url: more_url })
        }
      end
    end
  end

  def create
    @comment = Comment.new(
      message: comment_params[:message],
      user: current_user)

    respond_to do |format|
      if (@comment.valid? && @result.comments << @comment)

        # Generate activity
        Activity.create(
          type_of: :add_comment_to_result,
          user: current_user,
          project: @result.my_module.experiment.project,
          my_module: @result.my_module,
          message: t(
            "activities.add_comment_to_result",
            user: current_user.full_name,
            result: @result.name
          )
        )

        format.json {
          render json: {
            html: render_to_string(
              partial: "comment.html.erb",
              locals: {
                comment: @comment
              }
            ),
            date: @comment.created_at.strftime('%d.%m.%Y')
          },
          status: :created
        }
      else
        response.status = 400
        format.json {
          render json: {
            errors: @comment.errors.to_hash(true)
          }
        }
      end
    end
  end

  def edit
    @update_url =
      result_result_comment_path(@result, @comment, format: :json)
    respond_to do |format|
      format.json do
        render json: {
          html: render_to_string(
            partial: '/comments/edit.html.erb'
          )
        }
      end
    end
  end

  def update
    @comment.message = comment_params[:message]
    respond_to do |format|
      format.json do
        if @comment.save
          # Generate activity
          Activity.create(
            type_of: :edit_result_comment,
            user: current_user,
            project: @result.my_module.experiment.project,
            my_module: @result.my_module,
            message: t(
              'activities.edit_result_comment',
              user: current_user.full_name,
              result: @result.name
            )
          )
          render json: {
            comment: custom_auto_link(
              simple_format(@comment.message),
              link: :urls,
              html: { target: '_blank' }
            )
          }, status: :ok
        else
          render json: { errors: @comment.errors.to_hash(true) },
                 status: :unprocessable_entity
        end
      end
    end
  end

  def destroy
    respond_to do |format|
      format.json do
        if @comment.destroy
          # Generate activity
          Activity.create(
            type_of: :delete_result_comment,
            user: current_user,
            project: @result.my_module.experiment.project,
            my_module: @result.my_module,
            message: t(
              'activities.delete_result_comment',
              user: current_user.full_name,
              result: @result.name
            )
          )
          render json: {}, status: :ok
        else
          render json: { message: I18n.t('comments.delete_error') },
                 status: :unprocessable_entity
        end
      end
    end
  end

  private

  def load_vars
    @last_comment_id = params[:from].to_i
    @per_page = Constants::COMMENTS_SEARCH_LIMIT
    @result = Result.find_by_id(params[:result_id])
    @my_module = @result.my_module

    unless @result
      render_404
    end
  end

  def check_view_permissions
    unless can_view_result_comments(@my_module)
      render_403
    end
  end

  def check_add_permissions
    unless can_add_result_comment_in_module(@my_module)
      render_403
    end
  end

  def check_edit_permissions
    @comment = Comment.find_by_id(params[:id])
    render_403 unless @comment.present? &&
                      can_edit_result_comment_in_module(@comment)
  end

  def check_destroy_permissions
    @comment = Comment.find_by_id(params[:id])
    render_403 unless @comment.present? &&
                      can_delete_result_comment_in_module(@comment)
  end

  def comment_params
    params.require(:comment).permit(:message)
  end

end
Initial commit. 2016-02-12 23:52:43 +08:00			`class ResultCommentsController < ApplicationController`
Fix 2 bugs with comments editing Closes SCI-820. 2016-12-24 03:41:23 +08:00			`include ActionView::Helpers::TextHelper`
Fix includes [SCI-102] 2017-01-13 00:02:01 +08:00			`include InputSanitizeHelper`
Fix 2 bugs with comments editing Closes SCI-820. 2016-12-24 03:41:23 +08:00
Initial commit. 2016-02-12 23:52:43 +08:00			`before_action :load_vars`

first working version 2016-09-20 23:06:07 +08:00			`before_action :check_view_permissions, only: [:index]`
Finish removing new comment forms 2016-11-19 23:54:55 +08:00			`before_action :check_add_permissions, only: [:create]`
Add edit/delete result comment functionality Lessons learned during this fix: Don't use dependant: :destroy on both ends of association between 2 ActiveRecords, or you will run into stack overflow. 2016-08-25 17:45:13 +08:00			`before_action :check_edit_permissions, only: [:edit, :update]`
			`before_action :check_destroy_permissions, only: [:destroy]`
Initial commit. 2016-02-12 23:52:43 +08:00
			`def index`
			`@comments = @result.last_comments(@last_comment_id, @per_page)`

			`respond_to do \|format\|`
first working version 2016-09-20 23:06:07 +08:00			`format.json do`
Initial commit. 2016-02-12 23:52:43 +08:00			`# 'index' partial includes header and form for adding new`
			`# messages. 'list' partial is used for showing more`
			`# comments.`
first working version 2016-09-20 23:06:07 +08:00			`partial = 'index.html.erb'`
			`partial = 'list.html.erb' if @last_comment_id > 0`
			`more_url = ''`
Initial commit. 2016-02-12 23:52:43 +08:00			`if @comments.count > 0`
			`more_url = url_for(result_result_comments_path(@result,`
first working version 2016-09-20 23:06:07 +08:00			`format: :json,`
			`from: @comments`
			`.first.id))`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
first working version 2016-09-20 23:06:07 +08:00			`render json: {`
fixing hound 2016-09-27 23:31:37 +08:00			`perPage: @per_page,`
			`resultsNumber: @comments.length,`
			`moreUrl: more_url,`
first working version 2016-09-20 23:06:07 +08:00			`html: render_to_string(partial: partial,`
			`locals: { comments: @comments,`
			`more_comments_url: more_url })`
Initial commit. 2016-02-12 23:52:43 +08:00			`}`
first working version 2016-09-20 23:06:07 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`

			`def create`
			`@comment = Comment.new(`
			`message: comment_params[:message],`
			`user: current_user)`

			`respond_to do \|format\|`
			`if (@comment.valid? && @result.comments << @comment)`

			`# Generate activity`
			`Activity.create(`
			`type_of: :add_comment_to_result,`
			`user: current_user,`
Add edit/delete result comment functionality Lessons learned during this fix: Don't use dependant: :destroy on both ends of association between 2 ActiveRecords, or you will run into stack overflow. 2016-08-25 17:45:13 +08:00			`project: @result.my_module.experiment.project,`
Initial commit. 2016-02-12 23:52:43 +08:00			`my_module: @result.my_module,`
			`message: t(`
			`"activities.add_comment_to_result",`
			`user: current_user.full_name,`
			`result: @result.name`
			`)`
			`)`

			`format.json {`
			`render json: {`
Fix hound warnings [SCI-557] 2016-10-21 15:37:24 +08:00			`html: render_to_string(`
Initial commit. 2016-02-12 23:52:43 +08:00			`partial: "comment.html.erb",`
			`locals: {`
			`comment: @comment`
			`}`
Fix hound warnings [SCI-557] 2016-10-21 15:37:24 +08:00			`),`
Fixes issue with new comments and date separator SCI-557 2016-10-21 04:33:15 +08:00			`date: @comment.created_at.strftime('%d.%m.%Y')`
Initial commit. 2016-02-12 23:52:43 +08:00			`},`
			`status: :created`
			`}`
			`else`
			`response.status = 400`
			`format.json {`
			`render json: {`
Bug fixed: comments in results have no error message if the text exceeds 1000 characters. 2016-09-13 18:01:56 +08:00			`errors: @comment.errors.to_hash(true)`
Initial commit. 2016-02-12 23:52:43 +08:00			`}`
			`}`
			`end`
			`end`
			`end`

Add edit/delete result comment functionality Lessons learned during this fix: Don't use dependant: :destroy on both ends of association between 2 ActiveRecords, or you will run into stack overflow. 2016-08-25 17:45:13 +08:00			`def edit`
			`@update_url =`
			`result_result_comment_path(@result, @comment, format: :json)`
			`respond_to do \|format\|`
			`format.json do`
			`render json: {`
			`html: render_to_string(`
			`partial: '/comments/edit.html.erb'`
			`)`
			`}`
			`end`
			`end`
			`end`

			`def update`
			`@comment.message = comment_params[:message]`
			`respond_to do \|format\|`
			`format.json do`
			`if @comment.save`
Generate activities when editing/deleting comments 2016-08-25 19:33:42 +08:00			`# Generate activity`
			`Activity.create(`
			`type_of: :edit_result_comment,`
			`user: current_user,`
			`project: @result.my_module.experiment.project,`
			`my_module: @result.my_module,`
			`message: t(`
			`'activities.edit_result_comment',`
			`user: current_user.full_name,`
			`result: @result.name`
			`)`
			`)`
Fix 2 bugs with comments editing Closes SCI-820. 2016-12-24 03:41:23 +08:00			`render json: {`
Added auto_link wrapper with custom sanitization [SCI-102] 2017-01-12 00:02:17 +08:00			`comment: custom_auto_link(`
Fix 2 bugs with comments editing Closes SCI-820. 2016-12-24 03:41:23 +08:00			`simple_format(@comment.message),`
			`link: :urls,`
			`html: { target: '_blank' }`
			`)`
			`}, status: :ok`
Add edit/delete result comment functionality Lessons learned during this fix: Don't use dependant: :destroy on both ends of association between 2 ActiveRecords, or you will run into stack overflow. 2016-08-25 17:45:13 +08:00			`else`
			`render json: { errors: @comment.errors.to_hash(true) },`
			`status: :unprocessable_entity`
			`end`
			`end`
			`end`
			`end`

			`def destroy`
			`respond_to do \|format\|`
			`format.json do`
			`if @comment.destroy`
Generate activities when editing/deleting comments 2016-08-25 19:33:42 +08:00			`# Generate activity`
			`Activity.create(`
			`type_of: :delete_result_comment,`
			`user: current_user,`
			`project: @result.my_module.experiment.project,`
			`my_module: @result.my_module,`
			`message: t(`
			`'activities.delete_result_comment',`
			`user: current_user.full_name,`
			`result: @result.name`
			`)`
			`)`
Add edit/delete result comment functionality Lessons learned during this fix: Don't use dependant: :destroy on both ends of association between 2 ActiveRecords, or you will run into stack overflow. 2016-08-25 17:45:13 +08:00			`render json: {}, status: :ok`
			`else`
			`render json: { message: I18n.t('comments.delete_error') },`
			`status: :unprocessable_entity`
			`end`
			`end`
			`end`
			`end`

Initial commit. 2016-02-12 23:52:43 +08:00			`private`

			`def load_vars`
			`@last_comment_id = params[:from].to_i`
Ruby constants are now automatically available in JS. Refactoring was needed. 2016-10-05 23:45:20 +08:00			`@per_page = Constants::COMMENTS_SEARCH_LIMIT`
Initial commit. 2016-02-12 23:52:43 +08:00			`@result = Result.find_by_id(params[:result_id])`
			`@my_module = @result.my_module`

			`unless @result`
			`render_404`
			`end`
			`end`

			`def check_view_permissions`
			`unless can_view_result_comments(@my_module)`
			`render_403`
			`end`
			`end`

			`def check_add_permissions`
			`unless can_add_result_comment_in_module(@my_module)`
			`render_403`
			`end`
			`end`

Add edit/delete result comment functionality Lessons learned during this fix: Don't use dependant: :destroy on both ends of association between 2 ActiveRecords, or you will run into stack overflow. 2016-08-25 17:45:13 +08:00			`def check_edit_permissions`
			`@comment = Comment.find_by_id(params[:id])`
			`render_403 unless @comment.present? &&`
			`can_edit_result_comment_in_module(@comment)`
			`end`

			`def check_destroy_permissions`
			`@comment = Comment.find_by_id(params[:id])`
			`render_403 unless @comment.present? &&`
			`can_delete_result_comment_in_module(@comment)`
			`end`

Initial commit. 2016-02-12 23:52:43 +08:00			`def comment_params`
			`params.require(:comment).permit(:message)`
			`end`

			`end`