Contents

module Unsakini
  # Ensures user is owner of the comment and sets the `@comment` variable in the controllers
  module CommentOwnerControllerConcern
    extend ActiveSupport::Concern

    # Ensures user is owner of the comment and sets the `@comment` variable in the controllers
    def ensure_comment
      post_id = params[:post_id]
      comment_id = params[:comment_id] || params[:id]
      result = has_comment_access post_id, comment_id
      @comment = result[:comment]
      status = result[:status]
      head status if status != :ok
    end

    # Validate if user has access to comment in the post
    #
    # @param post_id [Integer] post id
    # @param comment_id [Integer] comment id
    def has_comment_access(post_id, comment_id)
      comment = Unsakini::Comment.where(id: comment_id, post_id: post_id, user_id: @user.id).first
      if comment.nil?
        return {status: :forbidden, comment: comment}
      else
        return {status: :ok, comment: comment}
      end
    end

    # Ensures user is the owner of the comment. Must be run after {#ensure_comment} method.
    def ensure_comment_owner
      render json: {}, status: :forbidden if @comment.user_id != @user.id
    end

  end

end

Version data entries

4 entries across 4 versions & 1 rubygems

Version	Path
unsakini-0.0.5	app/controllers/concerns/unsakini/comment_owner_controller_concern.rb
unsakini-0.0.5.pre.1	app/controllers/concerns/unsakini/comment_owner_controller_concern.rb
unsakini-0.0.4.pre.1	app/controllers/concerns/unsakini/comment_owner_controller_concern.rb
unsakini-0.0.4.3	app/controllers/concerns/unsakini/comment_owner_controller_concern.rb