lib/zen/package/comments/lib/comments/controller/comments.rb in zen-0.2.7 vs lib/zen/package/comments/lib/comments/controller/comments.rb in zen-0.2.8

@@ -4,21 +4,22 @@
   module Controller
     ##
     # Controller used for managing comments. Administrations can't actually
     # add new comments using the backend controller but can edit or delete them.
     # Comments can be submitted to any section entry as long as the section
-    # allows it. When submitting a comment the user data such as the name and email
-    # will be retrieved from either the users table (if the user is logged in) or
-    # from the form that was submitted.
+    # allows it. When submitting a comment the user data such as the name and
+    # email will be retrieved from either the users table (if the user is logged
+    # in) or from the form that was submitted.
     #
     # @author  Yorick Peterse
     # @since   0.1
     #
     class Comments < Zen::Controller::AdminController
       include ::Comments::Model
 
-      map('/admin/comments')
+      map '/admin/comments'
+      helper :comment
 
       before_all do
         csrf_protection(:save, :delete) do
           respond(lang('zen_general.errors.csrf'), 403)
         end
@@ -34,13 +35,10 @@
       # @since  0.1
       #
       def initialize
         super
 
-        @form_save_url   = Comments.r(:save)
-        @form_delete_url = Comments.r(:delete)
-
         Zen::Language.load('comments')
 
         # Set the page title
         if !action.method.nil?
           method      = action.method.to_s
@@ -58,17 +56,15 @@
       #
       # @author Yorick Peterse
       # @since  0.1
       #
       def index
-        if !user_authorized?([:read])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:read)
 
         set_breadcrumbs(lang('comments.titles.index'))
 
-        @comments = Comment.all
+        @comments = paginate(Comment.eager(:comment_status))
       end
 
       ##
       # Edits an existing comment based on the ID.
       #
@@ -76,68 +72,78 @@
       #
       # * read
       # * update
       #
       # @author Yorick Peterse
-      # @param  [Integer] id The ID of the comment to retrieve so that we can edit it.
+      # @param  [Integer] id The ID of the comment to retrieve so that we can
+      # edit it.
       # @since  0.1
       #
       def edit(id)
-        if !user_authorized?([:read, :update])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:read, :update)
 
         set_breadcrumbs(
-          anchor_to(lang('comments.titles.index'), Comments.r(:index)), @page_title
+          Comments.a(lang('comments.titles.index'), :index),
+          @page_title
         )
 
         if flash[:form_data]
           @comment = flash[:form_data]
         else
-          @comment = Comment[id.to_i]
+          @comment = validate_comment(id)
         end
+
+        render_view(:form)
       end
 
       ##
       # Saves a comment based on the current POST data. Note that this
-      # method won't create a new comment as this can't be done using the backend.
+      # method won't create a new comment as this can't be done using the
+      # backend.
       #
       # This method requires the following permissions:
       #
       # * update
       #
       # @author Yorick Peterse
       # @since  0.1
       #
       def save
-        if !user_authorized?([:update])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:update)
 
         # Copy the POST data so we can work with it without messing things up
         post = request.subset(
-          :user_id, :name, :website, :email, :comment, :status, :section_entry_id, :id
+          :id,
+          :user_id,
+          :name,
+          :website,
+          :email,
+          :comment,
+          :comment_status_id,
+          :section_entry_id
         )
 
-        @comment = Comment[post['id']]
+        comment = validate_comment(post['id'])
 
         post.delete('id')
 
         begin
-          @comment.update(post)
+          comment.update(post)
           message(:success, lang('comments.success.save'))
         rescue => e
           Ramaze::Log.error(e.inspect)
           message(:error, lang('comments.errors.save'))
 
-          flash[:form_errors] = @comment.errors
-          flash[:form_data]   = @comment
+          flash[:form_errors] = comment.errors
+          flash[:form_data]   = comment
+
+          redirect_referrer
         end
 
         # Redirect the user to the proper page.
-        if @comment.id
-          redirect(Comments.r(:edit, @comment.id))
+        if comment.id
+          redirect(Comments.r(:edit, comment.id))
         else
           redirect_referrer
         end
       end
 
@@ -151,16 +157,15 @@
       #
       # @author Yorick Peterse
       # @since  0.1
       #
       def delete
-        if !user_authorized?([:delete])
-          respond(lang('zen_general.errors.not_authorized'), 403)
-        end
+        require_permissions(:delete)
 
         # Obviously we'll require some IDs
-        if !request.params['comment_ids'] or request.params['comment_ids'].empty?
+        if !request.params['comment_ids'] \
+        or request.params['comment_ids'].empty?
           message(:error, lang('comments.errors.no_delete'))
           redirect_referrer
         end
 
         # Delete each section
@@ -169,9 +174,11 @@
             Comment[id].destroy
             message(:success, lang('comments.success.delete'))
           rescue => e
             Ramaze::Log.error(e.inspect)
             message(:error, lang('comments.errors.delete') % id)
+
+            redirect_referrer
           end
         end
 
         redirect_referrer
       end