Factor 'comment created by' out into controller so it is set to curre…

…nt user. Will aid caching of comment box in future and prevents comment impersonation.

app/controllers/comments_controller.rb

@@ -77,7 +77,9 @@ def edit
   # POST /comments.xml                                                     AJAX
   #----------------------------------------------------------------------------
   def create
-    @comment = Comment.new(params[:comment])
+    attributes = params[:comment] || {}
+    attributes.merge!(:user_id => current_user.id)
+    @comment = Comment.new(attributes)
 
     # Make sure commentable object exists and is accessible to the current user.
     model, id = @comment.commentable_type, @comment.commentable_id

app/views/comments/_edit.html.haml

@@ -2,7 +2,6 @@
 .comment{:style => "margin: 5px 0px 0px 0px"}
   = link_to avatar_for(current_user, :size => :small), user_path(current_user)
   = form_for(@comment, :remote => true) do |f|
-    = hidden_field_tag "comment[user_id]", @comment.user_id || current_user.id
     = hidden_field_tag "comment[commentable_id]", commentable.id
     = hidden_field_tag "comment[commentable_type]", class_name.classify
     = f.text_area :comment, :id => dom_id(@comment, :text)

app/views/comments/_new.html.haml

@@ -19,7 +19,6 @@
 
   %div{ {:id => "#{id_prefix}_post"}.merge(hidden_if(true))}
     = form_for(@comment, :remote => true, :html => {:id => "#{id_prefix}_new_comment"}) do |f|
-      = hidden_field_tag "comment[user_id]", current_user.id, :id => "#{id_prefix}_comment_user_id"
       = hidden_field_tag "comment[commentable_id]", commentable.id, :id => "#{id_prefix}_comment_commentable_id"
       = hidden_field_tag "comment[commentable_type]", class_name.classify, :id => "#{id_prefix}_comment_commentable_type"
       = f.text_area :comment, :id => "#{id_prefix}_comment_comment"