fix deleting/undeleting stories for users and moderators

2012-07-04 19:33:12 -05:00 · 2012-07-04 19:33:12 -05:00 · cd568eaa38
parent 805b0fd1a0
commit cd568eaa38
7 changed files with 89 additions and 34 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -30,7 +30,7 @@ class ApplicationController < ActionController::Base
  def find_stories_for_user_and_tag_and_newest(user, tag = nil, newest = false)
    stories = []

-    conds = [ "is_expired = 0 " ]
+    conds = [ "is_expired = 0 AND is_moderated = 0 " ]

    if user && !newest
      # exclude downvoted items
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@ -4,7 +4,7 @@ class CommentsController < ApplicationController
  before_filter :require_logged_in_user, :only => [ :threads ]

  def create
-    if !(story = Story.find_by_short_id(params[:story_id]))
+    if !(story = Story.find_by_short_id(params[:story_id])) || story.is_gone?
      return render :text => "can't find story", :status => 400
    end

--- a/app/controllers/stories_controller.rb
+++ b/app/controllers/stories_controller.rb
@ -37,19 +37,29 @@ class StoriesController < ApplicationController
  end

  def destroy
-    @story.is_expired = true
+    if !@story.is_editable_by_user?(@user)
+      flash[:error] = "You cannot edit that story."
+      return redirect_to "/"
+    end
+
+    if @user.is_admin? && @user.id != @story.user_id
+      @story.is_moderated = true
+    else
+      @story.is_expired = true
+    end
+
    @story.save(:validate => false)

    redirect_to @story.comments_url
  end
  
  def edit
-    @page_title = "Edit Story"
-
    if !@story.is_editable_by_user?(@user)
      flash[:error] = "You cannot edit that story."
      return redirect_to "/"
    end
+
+    @page_title = "Edit Story"
  end

  def fetch_url_title
@ -81,7 +91,11 @@ class StoriesController < ApplicationController
  def show
    @story = Story.find_by_short_id!(params[:id])

-    @page_title = @story.title
+    if @story.can_be_seen_by_user?(@user)
+      @page_title = @story.title
+    else
+      @page_title = "[Story removed]"
+    end

    @comments = Comment.ordered_for_story_or_thread_for_user(@story.id, nil,
      @user ? @user.id : nil)
@ -143,13 +157,25 @@ class StoriesController < ApplicationController
  end

  def undelete
+    if !(@story.is_editable_by_user?(@user) &&
+    @story.is_undeletable_by_user?(@user))
+      flash[:error] = "You cannot edit that story."
+      return redirect_to "/"
+    end
+
    @story.is_expired = false
+    @story.is_moderated = false
    @story.save(:validate => false)

    redirect_to @story.comments_url
  end

  def update
+    if !@story.is_editable_by_user?(@user)
+      flash[:error] = "You cannot edit that story."
+      return redirect_to "/"
+    end
+
    @story.is_expired = false

    if @story.update_attributes(params[:story].except(:url))
@ -199,9 +225,10 @@ class StoriesController < ApplicationController
 private
  def find_story
    if @user.is_admin?
-      @story = Story.find_by_short_id(params[:id])
+      @story = Story.find_by_short_id(params[:story_id] || params[:id])
    else
-      @story = Story.find_by_user_id_and_short_id(@user.id, params[:id])
+      @story = Story.find_by_user_id_and_short_id(@user.id,
+        (params[:story_id] || params[:id]))
    end

    if !@story
--- a/app/models/story.rb
+++ b/app/models/story.rb
@ -204,22 +204,38 @@ class Story < ActiveRecord::Base

  def is_editable_by_user?(user)
    if user && user.is_admin?
-      true
+      return true
    elsif user && user.id == self.user_id
-      (Time.now.to_i - self.created_at.to_i < (60 * MAX_EDIT_MINS))
+      if self.is_moderated?
+        return false
+      else
+        return (Time.now.to_i - self.created_at.to_i < (60 * MAX_EDIT_MINS))
+      end
    else
      return false
    end
  end
  
  def is_undeletable_by_user?(user)
-    if !user || user.id != self.user_id
+    if user && (user.is_admin? || user.id == self.user_id)
+      return true
+    else
+      return false
+    end
+  end
+
+  def can_be_seen_by_user?(user)
+    if is_gone? && !(user && (user.is_admin? || user.id == self.user_id))
      return false
    end

    true
  end

+  def is_gone?
+    is_expired? || is_moderated?
+  end
+
  def update_comment_count!
    Keystore.put("story:#{self.id}:comment_count",
      Comment.where(:story_id => self.id).count)
--- a/app/views/comments/_comment.html.erb
+++ b/app/views/comments/_comment.html.erb
@ -35,14 +35,16 @@ class="comment <%= comment.current_vote ? (comment.current_vote[:vote] == 1 ?

      <% if !comment.previewing %>
        |
-
        <a href="<%= story.comments_url %>/comments/<%= comment.short_id
          %>">link</a>
-        |
-        <% if comment.is_editable_by_user?(@user) %>
-          <a class="comment_editor">edit</a>
-        <% else %>
-          <a class="comment_replier">reply</a>
+
+        <% if !story.is_gone? %>
+          |
+          <% if comment.is_editable_by_user?(@user) %>
+            <a class="comment_editor">edit</a>
+          <% else %>
+            <a class="comment_replier">reply</a>
+          <% end %>
        <% end %>

        <% if false && defined?(collapsable) && collapsable # XXX %>
--- a/app/views/stories/_listdetail.html.erb
+++ b/app/views/stories/_listdetail.html.erb
@ -18,35 +18,45 @@ class="story <%= story.vote == 1 ? "upvoted" : (story.vote == -1 ?
 	</div>
 	<div class="details">
 		<span class="link">
-			<a href="<%= story.url_or_comments_url %>"><%= story.title %></a>
-		</span>
-		<span class="tags">
-			<% story.taggings.each do |tagging| %>
-				<a href="<%= tag_url(tagging.tag.tag) %>" class="tag tag_<%=
-          tagging.tag.tag %>"><%= tagging.tag.tag %></a>
-			<% end %>
-		</span>
-		<span class="domain">
-			<%= story.domain %>
+      <% if story.can_be_seen_by_user?(@user) %>
+        <a href="<%= story.url_or_comments_url %>"><%= story.title %></a>
+      <% end %>
+      <% if story.is_gone? %>
+        [Story removed by <%= story.is_expired? ? "original submitter" :
+          "moderator" %>]
+      <% end %>
 		</span>
+    <% if story.can_be_seen_by_user?(@user) %>
+      <span class="tags">
+        <% story.taggings.each do |tagging| %>
+          <a href="<%= tag_url(tagging.tag.tag) %>" class="tag tag_<%=
+            tagging.tag.tag %>"><%= tagging.tag.tag %></a>
+        <% end %>
+      </span>
+      <span class="domain">
+        <%= story.domain %>
+      </span>
+    <% end %>
 		<div class="byline">
 			by <a href="/u/<%= story.user.username %>"><%= story.user.username %></a>
 			<%= time_ago_in_words(story.created_at).gsub(/^about /, "") %> ago

-			<% if story.is_editable_by_user? @user %>
+			<% if story.is_editable_by_user?(@user) %>
 				|
 				<a href="<%= edit_story_url(story.short_id) %>">edit</a>
-        |
-        <% if story.is_expired? %>
+
+        <% if story.is_gone? && story.is_undeletable_by_user?(@user) %>
+          |
          <%= link_to "undelete", story_undelete_url(story.short_id),
            :method => :post,
            :confirm => "Are you sure you want to undelete this story?" %>
-        <% else %>
+        <% elsif !story.is_gone? %>
+          |
          <%= link_to "delete", story_url(story.short_id), :method => :delete,
            :confirm => "Are you sure you want to delete this story?" %>
        <% end %>
 			<% end %>
-      <% if !story.is_expired? %>
+      <% if !story.is_gone? %>
        |
        <a href="<%= story.comments_url %>"><%=
          (c = story.comment_count) == 0 ? "discuss" :
--- a/app/views/stories/show.html.erb
+++ b/app/views/stories/show.html.erb
@ -4,14 +4,14 @@
 </ol>

 <div class="story_content">
-	<% if @story.url.blank? %>
+	<% if @story.description.present? %>
 		<div class="story_text">
 			<%= raw @story.linkified_text %>
 		</div>
 	<% end %>

  <p></p>
-  <% if @user && !@story.is_expired? %>
+  <% if @user && !@story.is_gone? %>
    <%= render :partial => "comments/commentbox",
      :locals => { :story => @story, :comment => @comment } %>
  <% end %>