From b6d28dccedf775e042174a1c3972bb1208e27ac5 Mon Sep 17 00:00:00 2001 From: Shayon Mukherjee Date: Mon, 12 Aug 2013 21:00:40 -0700 Subject: [PATCH] [webui][api] edit and delete both route through different methods now. --- .../controllers/webui/comments_controller.rb | 29 +++++++++++++++---- src/api/app/models/comment.rb | 15 ++++++---- src/api/app/models/comment_package.rb | 2 +- src/api/app/models/comment_project.rb | 2 +- src/api/app/models/comment_request.rb | 2 +- src/api/config/routes.rb | 9 ++++-- .../functional/comments_controller_test.rb | 24 +++++++-------- .../app/assets/stylesheets/comments.scss | 3 +- .../app/controllers/package_controller.rb | 23 +++++++++++++-- .../app/controllers/project_controller.rb | 22 ++++++++++++-- .../app/controllers/request_controller.rb | 22 ++++++++++++-- src/webui/app/models/api_details.rb | 10 +++++-- ...ments.html.erb => _edit_comments.html.erb} | 3 +- .../app/views/shared/_child_comment.html.erb | 4 ++- .../app/views/shared/_comment_links.html.erb | 20 ++++--------- .../views/shared/_comment_reply_link.html.erb | 2 -- .../app/views/shared/_parent_comments.erb | 2 +- src/webui/config/routes.rb | 9 ++++-- 18 files changed, 140 insertions(+), 63 deletions(-) rename src/webui/app/views/application/{_update_comments.html.erb => _edit_comments.html.erb} (86%) delete mode 100644 src/webui/app/views/shared/_comment_reply_link.html.erb diff --git a/src/api/app/controllers/webui/comments_controller.rb b/src/api/app/controllers/webui/comments_controller.rb index cec1ee9416c..a687cb367dd 100644 --- a/src/api/app/controllers/webui/comments_controller.rb +++ b/src/api/app/controllers/webui/comments_controller.rb @@ -37,18 +37,35 @@ def requests_new render_ok end - def projects_update - CommentProject.update_comment(params) + def projects_edit + CommentProject.edit_comment(params) render_ok end - def packages_update - CommentPackage.update_comment(params) + def packages_edit + CommentPackage.edit_comment(params) render_ok end - def requests_update - CommentRequest.update_comment(params) + def requests_edit + CommentRequest.edit_comment(params) render_ok end + + def projects_delete + CommentProject.delete_comment(params) + render_ok + end + + def packages_delete + CommentPackage.delete_comment(params) + render_ok + end + + def requests_delete + CommentRequest.delete_comment(params) + render_ok + end + + end \ No newline at end of file diff --git a/src/api/app/models/comment.rb b/src/api/app/models/comment.rb index 9fc16ff3918..ed57b009c0a 100644 --- a/src/api/app/models/comment.rb +++ b/src/api/app/models/comment.rb @@ -29,20 +29,25 @@ def self.save(params) end end - def self.update_comment(params) + def self.edit_comment(params) - if params[:update_type] == 'edit' && User.current.login == params[:user] + if User.current.login == params[:user] self.update(params[:comment_id],:body => params[:body]) - elsif params[:update_type] == 'delete' && @object_permission_check - self.update(params[:comment_id],:body => "Comment deleted.") else raise WritePermissionError, "You don't have the permissions to modify the content." end - if params[:update_type] == 'edit' && params[:body].blank? + if params[:body].blank? raise NoDataEnteredError.new "You didn't add a body to the comment." end + end + def self.delete_comment(params) + if @object_permission_check + self.update(params[:comment_id],:body => "Comment deleted.") + else + raise WritePermissionError, "You don't have the permissions to modify the content." + end end end diff --git a/src/api/app/models/comment_package.rb b/src/api/app/models/comment_package.rb index f4ff7646add..734bd81e8d8 100644 --- a/src/api/app/models/comment_package.rb +++ b/src/api/app/models/comment_package.rb @@ -6,7 +6,7 @@ def self.save(params) CommentPackage.create(@comment) end - def self.update_comment(params) + def self.delete_comment(params) package = Package.get_by_project_and_name(params[:project], params[:package]) @object_permission_check = (User.current.can_modify_package?(package) || User.current.is_admin? || User.current.login == params[:user]) super diff --git a/src/api/app/models/comment_project.rb b/src/api/app/models/comment_project.rb index 43f954e652e..f6b49d9d0c9 100644 --- a/src/api/app/models/comment_project.rb +++ b/src/api/app/models/comment_project.rb @@ -7,7 +7,7 @@ def self.save(params) CommentProject.create(@comment) end - def self.update_comment(params) + def self.delete_comment(params) project = Project.get_by_name(params[:project]) @object_permission_check = (User.current.can_modify_project?(project) || User.current.is_admin? || User.current.login == params[:user]) super diff --git a/src/api/app/models/comment_request.rb b/src/api/app/models/comment_request.rb index 3bf06b26661..659cff812a9 100644 --- a/src/api/app/models/comment_request.rb +++ b/src/api/app/models/comment_request.rb @@ -5,7 +5,7 @@ def self.save(params) CommentRequest.create(@comment) end - def self.update_comment(params) + def self.delete_comment(params) @object_permission_check = (User.current.is_admin? || User.current.login == params[:user]) super end diff --git a/src/api/config/routes.rb b/src/api/config/routes.rb index c7a8128745d..c513820e28b 100644 --- a/src/api/config/routes.rb +++ b/src/api/config/routes.rb @@ -355,10 +355,13 @@ post 'comments/package/:project/:package/new' => 'comments#packages_new', constraints: cons post 'comments/request/:id/new' => 'comments#requests_new', constraints: cons - put 'comments/project/:project/update' => 'comments#projects_update', constraints: cons - put 'comments/package/:project/:package/update' => 'comments#packages_update', constraints: cons - put 'comments/request/:id/update' => 'comments#requests_update', constraints: cons + put 'comments/project/:project/update' => 'comments#projects_edit', constraints: cons + put 'comments/package/:project/:package/update' => 'comments#packages_edit', constraints: cons + put 'comments/request/:id/update' => 'comments#requests_edit', constraints: cons + put 'comments/project/:project/delete' => 'comments#projects_delete', constraints: cons + put 'comments/package/:project/:package/delete' => 'comments#packages_delete', constraints: cons + put 'comments/request/:id/delete' => 'comments#requests_delete', constraints: cons end diff --git a/src/api/test/functional/comments_controller_test.rb b/src/api/test/functional/comments_controller_test.rb index 8d0958814aa..8dbc590518e 100644 --- a/src/api/test/functional/comments_controller_test.rb +++ b/src/api/test/functional/comments_controller_test.rb @@ -29,21 +29,21 @@ def test_update_permissions_for_comments_on_project reset_auth prepare_request_with_user "tom", "thunder" - put "/webui/comments/project/BaseDistro/update", {:comment_id => 100, :update_type => 'delete', :user => 'tom', :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/project/BaseDistro/update", {:comment_id => 100, :user => 'tom', :title => "This is a title", :body => "Comment deleted"} assert_response 200 # Test to see if another user can delete a comment he/she is not associated with prepare_request_with_user "tom", "thunder" - put "/webui/comments/project/BaseDistro/update", {:comment_id => 100, :update_type => 'delete', :user => 'Iggy',:project => "BaseDistro", :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/project/BaseDistro/delete", {:comment_id => 100, :user => 'Iggy',:project => "BaseDistro", :title => "This is a title", :body => "Comment deleted"} assert_response 400 # Test to see check permission on editing comments - put "/webui/comments/project/BaseDistro/update", {:comment_id => 100, :update_type => 'edit', :user => 'Iggy',:project => "BaseDistro", :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/project/BaseDistro/update", {:comment_id => 100, :user => 'Iggy',:project => "BaseDistro", :title => "This is a title", :body => "Comment deleted"} assert_response 400 - put "/webui/comments/project/BaseDistro/update", {:comment_id => 100, :update_type => 'edit', :user => 'tom',:project => "BaseDistro", :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/project/BaseDistro/update", {:comment_id => 100, :user => 'tom',:project => "BaseDistro", :title => "This is a title", :body => "Comment deleted"} assert_response 200 end @@ -51,21 +51,21 @@ def test_update_permissions_for_comments_on_package reset_auth prepare_request_with_user "tom", "thunder" - put "/webui/comments/package/BaseDistro/pack1/update", {:comment_id => 102, :update_type => 'delete', :user => 'tom', :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/package/BaseDistro/pack1/update", {:comment_id => 102, :user => 'tom', :title => "This is a title", :body => "Comment deleted"} assert_response 200 # Test to see if another user can delete a comment he/she is not associated with prepare_request_with_user "tom", "thunder" - put "/webui/comments/package/BaseDistro/pack1/update", {:comment_id => 102, :update_type => 'delete', :user => 'Iggy', :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/package/BaseDistro/pack1/delete", {:comment_id => 102, :user => 'Iggy', :title => "This is a title", :body => "Comment deleted"} assert_response 400 # Test to see check permission on editing comments - put "/webui/comments/package/BaseDistro/pack1/update", {:comment_id => 102, :update_type => 'edit', :user => 'Iggy', :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/package/BaseDistro/pack1/update", {:comment_id => 102, :user => 'Iggy', :title => "This is a title", :body => "Comment deleted"} assert_response 400 - put "/webui/comments/package/BaseDistro/pack1/update", {:comment_id => 102, :update_type => 'edit', :user => 'tom', :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/package/BaseDistro/pack1/update", {:comment_id => 102, :user => 'tom', :title => "This is a title", :body => "Comment deleted"} assert_response 200 end @@ -73,21 +73,21 @@ def test_update_permissions_for_comments_on_request reset_auth prepare_request_with_user "tom", "thunder" - put "/webui/comments/request/1000/update", {:comment_id => 103, :update_type => 'delete', :user => 'tom', :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/request/1000/update", {:comment_id => 103, :user => 'tom', :title => "This is a title", :body => "Comment deleted"} assert_response 200 # Test to see if another user can delete a comment he/she is not associated with prepare_request_with_user "tom", "thunder" - put "/webui/comments/request/1000/update", {:comment_id => 103, :update_type => 'delete', :user => 'Iggy', :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/request/1000/delete", {:comment_id => 103, :user => 'Iggy', :title => "This is a title", :body => "Comment deleted"} assert_response 400 # Test to see check permission on editing comments - put "/webui/comments/request/1000/update", {:comment_id => 103, :update_type => 'edit', :user => 'Iggy', :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/request/1000/update", {:comment_id => 103, :user => 'Iggy', :title => "This is a title", :body => "Comment deleted"} assert_response 400 - put "/webui/comments/request/1000/update", {:comment_id => 103, :update_type => 'edit', :user => 'tom', :title => "This is a title", :body => "Comment deleted"} + put "/webui/comments/request/1000/update", {:comment_id => 103, :user => 'tom', :title => "This is a title", :body => "Comment deleted"} assert_response 200 end diff --git a/src/webui/app/assets/stylesheets/comments.scss b/src/webui/app/assets/stylesheets/comments.scss index c6df38a97e5..5e5cab32cda 100644 --- a/src/webui/app/assets/stylesheets/comments.scss +++ b/src/webui/app/assets/stylesheets/comments.scss @@ -2,8 +2,9 @@ float: right; } -.comment_reply_link{ +.comment_links { float: right; + padding: 3px; } .comment_thread{ diff --git a/src/webui/app/controllers/package_controller.rb b/src/webui/app/controllers/package_controller.rb index 4a7be33b6fa..d591988a5ef 100644 --- a/src/webui/app/controllers/package_controller.rb +++ b/src/webui/app/controllers/package_controller.rb @@ -1111,12 +1111,12 @@ def save_comments end end - def update_comments + def edit_comments begin unless params[:update] == 'true' params[:project] = @project.name params[:package] = @package.name - ApiDetails.update_comments(:update_comments_for_packages, params) + ApiDetails.update_comments(:edit_comments_for_packages, params) respond_to do |format| format.js { render json: 'ok' } @@ -1126,6 +1126,7 @@ def update_comments end end else + @permission_check = @package.can_edit?(@user) render_dialog end rescue ActiveXML::Transport::Error => e @@ -1134,6 +1135,24 @@ def update_comments end end + def delete_comments + begin + params[:project] = @project.name + params[:package] = @package.name + ApiDetails.update_comments(:delete_comments_for_packages, params) + respond_to do |format| + format.js { render json: 'ok' } + format.html do + flash[:notice] = "Comment deleted successfully" + redirect_to action: :comments + end + end + rescue ActiveXML::Transport::Error => e + flash[:error] = e.summary + redirect_to(:action => "comments", :project => params[:project]) and return + end + end + private def file_available? url, max_redirects=5 diff --git a/src/webui/app/controllers/project_controller.rb b/src/webui/app/controllers/project_controller.rb index fb183ba0a3e..a54a85ee6ac 100644 --- a/src/webui/app/controllers/project_controller.rb +++ b/src/webui/app/controllers/project_controller.rb @@ -1295,11 +1295,11 @@ def save_comments end end - def update_comments + def edit_comments begin unless params[:update] == 'true' params[:project] = @project.name - ApiDetails.update_comments(:update_comments_for_projects, params) + ApiDetails.update_comments(:edit_comments_for_projects, params) respond_to do |format| format.js { render json: 'ok' } @@ -1309,6 +1309,7 @@ def update_comments end end else + @permission_check = @project.can_edit?(@user) render_dialog end rescue ActiveXML::Transport::Error => e @@ -1316,6 +1317,23 @@ def update_comments redirect_to(:action => "comments", :project => params[:project]) and return end end + + def delete_comments + begin + params[:project] = @project.name + ApiDetails.update_comments(:delete_comments_for_projects, params) + respond_to do |format| + format.js { render json: 'ok' } + format.html do + flash[:notice] = "Comment deleted successfully" + redirect_to action: :comments + end + end + rescue ActiveXML::Transport::Error => e + flash[:error] = e.summary + redirect_to(:action => "comments", :project => params[:project]) and return + end + end private diff --git a/src/webui/app/controllers/request_controller.rb b/src/webui/app/controllers/request_controller.rb index 572af210683..04ec9b432ce 100644 --- a/src/webui/app/controllers/request_controller.rb +++ b/src/webui/app/controllers/request_controller.rb @@ -317,11 +317,11 @@ def save_comments end end - def update_comments + def edit_comments begin unless params[:update] == 'true' params[:request_id] = params[:id] - ApiDetails.update_comments(:update_comments_for_requests, params) + ApiDetails.update_comments(:edit_comments_for_requests, params) respond_to do |format| format.js { render json: 'ok' } @@ -331,6 +331,7 @@ def update_comments end end else + @permission_check = @can_add_reviews render_dialog end rescue ActiveXML::Transport::Error => e @@ -339,6 +340,23 @@ def update_comments end end + def delete_comments + begin + params[:request_id] = params[:id] + ApiDetails.update_comments(:delete_comments_for_requests, params) + respond_to do |format| + format.js { render json: 'ok' } + format.html do + flash[:notice] = "Comment deleted successfully" + redirect_to action: :comments + end + end + rescue ActiveXML::Transport::Error => e + flash[:error] = e.summary + redirect_to(:action => "comments", :project => params[:project]) and return + end + end + private def change_request(changestate, params) diff --git a/src/webui/app/models/api_details.rb b/src/webui/app/models/api_details.rb index 1ba74f64ca2..8d4eb81526a 100644 --- a/src/webui/app/models/api_details.rb +++ b/src/webui/app/models/api_details.rb @@ -40,9 +40,13 @@ def self.save_comments(route_name, params) def self.update_comments(route_name, params) uri = "/webui/" + case route_name.to_sym - when :update_comments_for_projects then "comments/project/#{params[:project]}/update" - when :update_comments_for_packages then "comments/package/#{params[:project]}/#{params[:package]}/update" - when :update_comments_for_requests then "comments/request/#{params[:request_id]}/update" + when :edit_comments_for_projects then "comments/project/#{params[:project]}/update" + when :edit_comments_for_packages then "comments/package/#{params[:project]}/#{params[:package]}/update" + when :edit_comments_for_requests then "comments/request/#{params[:request_id]}/update" + + when :delete_comments_for_projects then "comments/project/#{params[:project]}/delete" + when :delete_comments_for_packages then "comments/package/#{params[:project]}/#{params[:package]}/delete" + when :delete_comments_for_requests then "comments/request/#{params[:request_id]}/delete" end uri = URI(uri) diff --git a/src/webui/app/views/application/_update_comments.html.erb b/src/webui/app/views/application/_edit_comments.html.erb similarity index 86% rename from src/webui/app/views/application/_update_comments.html.erb rename to src/webui/app/views/application/_edit_comments.html.erb index ed3e50e29db..9f5b2ad936f 100644 --- a/src/webui/app/views/application/_update_comments.html.erb +++ b/src/webui/app/views/application/_edit_comments.html.erb @@ -3,13 +3,12 @@

Update comment

- <%= form_tag url_for(:controller => params[:controller], :action => "update_comments"), :method => :put do %> + <%= form_tag url_for(:controller => params[:controller], :action => "edit_comments"), :method => :put do %>

Comment:
<%= text_area_tag 'body', @body, :cols => 80, :rows => 10 %>
<%= hidden_field_tag 'comment_id', params[:comment_id] %> <%= hidden_field_tag 'user', session[:login] %> - <%=hidden_field_tag 'update_type', "edit"%>

diff --git a/src/webui/app/views/shared/_child_comment.html.erb b/src/webui/app/views/shared/_child_comment.html.erb index 34b79e1fb42..dd9d8bd477d 100644 --- a/src/webui/app/views/shared/_child_comment.html.erb +++ b/src/webui/app/views/shared/_child_comment.html.erb @@ -4,7 +4,9 @@

" style="<%= "margin-left: #{level * 10}px;" if level <= 4 %><%= "padding-right: 20px;" if level <= 1 %>"> <%= user_icon(comment[:user], 48, 'comment_image')%> <%=comment[:user]%> - <%= link_to("Reply", {:controller => params[:controller], :action => 'save_comments', :parent_id => comment[:id], :reply => 'true' }, :remote => true, :class => 'comment_reply_link') %> + + <%=render :partial => "shared/comment_links", :locals => {:comment => comment } %> +
<%= distance_of_time_in_words_to_now(DateTime.parse(comment[:created_at])) %> ago: <%=simple_format(comment[:body]) %> diff --git a/src/webui/app/views/shared/_comment_links.html.erb b/src/webui/app/views/shared/_comment_links.html.erb index 9496035da74..ecb74c507d4 100644 --- a/src/webui/app/views/shared/_comment_links.html.erb +++ b/src/webui/app/views/shared/_comment_links.html.erb @@ -1,19 +1,9 @@ -<%= link_to("Reply", {:controller => params[:controller], :action => 'save_comments', :parent_id => comment[:id], :reply => 'true' }, :remote => true, :class => "custom_button") %> +<%= link_to("Reply", {:controller => params[:controller], :action => 'save_comments', :parent_id => comment[:id], :reply => 'true' }, :remote => true, :class => 'comment_links') %> <%if @user.login == comment[:user]%> -<%= link_to("Edit", {:controller => params[:controller], :action => 'update_comments', :comment_id => comment[:id], :update => 'true'}, :remote => true, :class => "custom_button") %> + <%= link_to("Edit", {:controller => params[:controller], :action => 'edit_comments', :comment_id => comment[:id], :update => 'true'}, :remote => true, :class => 'comment_links') %> <%end%> -<%if params[:controller] == 'project'%> - <% if @project.can_edit?(@user) || @user.is_admin? || @user.login == comment[:user]%> - <%= link_to("Delete", {:controller => params[:controller], :action => 'update_comments', :comment_id => comment[:id], :update_type => 'delete', :user => comment[:user]}, :class => "custom_button") %> - <%end%> -<%elsif params[:controller] == 'package'%> - <% if @package.can_edit?(@user) || @user.is_admin? || @user.login == comment[:user]%> - <%= link_to("Delete", {:controller => params[:controller], :action => 'update_comments', :comment_id => comment[:id], :update_type => 'delete', :user => comment[:user]}, :class => "custom_button") %> - <%end%> -<%elsif params[:controller] == 'request'%> - <% if @can_add_reviews || @user.is_admin? || @user.login == comment[:user]%> - <%= link_to("Delete", {:controller => params[:controller], :action => 'update_comments', :comment_id => comment[:id],:update_type => 'delete', :user => comment[:user]}, :class => "custom_button") %> - <%end%> -<%end%> \ No newline at end of file +<% if @permission_check || @user.is_admin? || @user.login == comment[:user]%> +<%= link_to("Delete", {:controller => params[:controller], :action => 'delete_comments', :comment_id => comment[:id], :user => comment[:user]}, :class => "comment_links") %> +<%end%> \ No newline at end of file diff --git a/src/webui/app/views/shared/_comment_reply_link.html.erb b/src/webui/app/views/shared/_comment_reply_link.html.erb deleted file mode 100644 index 08812ac4dc6..00000000000 --- a/src/webui/app/views/shared/_comment_reply_link.html.erb +++ /dev/null @@ -1,2 +0,0 @@ -<%= link_to("Reply", {:controller => params[:controller], :action => 'save_comments', :parent_id => comment[:id], :reply => 'true' }, :remote => true) %> - diff --git a/src/webui/app/views/shared/_parent_comments.erb b/src/webui/app/views/shared/_parent_comments.erb index 5dbf99a6eed..d3d9ad9763e 100644 --- a/src/webui/app/views/shared/_parent_comments.erb +++ b/src/webui/app/views/shared/_parent_comments.erb @@ -13,7 +13,7 @@
<%= user_icon(comment[:user], 48, 'comment_image')%> <%=comment[:user]%> - <%= link_to("Reply", {:controller => params[:controller], :action => 'save_comments', :parent_id => comment[:id], :reply => 'true' }, :remote => true, :class => 'comment_reply_link') %> + <%=render :partial => "shared/comment_links", :locals => {:comment => comment } %>
<%= distance_of_time_in_words_to_now(DateTime.parse(comment[:created_at])) %> ago <%=simple_format(comment[:body]) %> diff --git a/src/webui/config/routes.rb b/src/webui/config/routes.rb index ed2656c6d29..6ce6d806584 100644 --- a/src/webui/config/routes.rb +++ b/src/webui/config/routes.rb @@ -104,7 +104,8 @@ get "package/files/:project/:package" => :files, constraints: cons get 'package/comments/:project/:package' => :comments, constraints: cons post 'package/comments/:project/:package' => :save_comments, constraints: cons - match 'package/comments/:project/:package/update_comments' => :update_comments, :via => [:get, :put], constraints: cons + match 'package/comments/:project/:package/delete_comment' => :delete_comments, :via => [:get, :put], constraints: cons + match 'package/comments/:project/:package/edit_comment' => :edit_comments, :via => [:get, :put], constraints: cons end controller :patchinfo do @@ -196,7 +197,8 @@ post 'project/unlock' => :unlock get 'project/comments/:project' => :comments, constraints: cons post 'project/comments/:project' => :save_comments, constraints: cons - match 'project/comments/:project/update_comments' => :update_comments, :via => [:get, :put], constraints: cons + match 'project/comments/:project/delete_comment' => :delete_comments, :via => [:get, :put], constraints: cons + match 'project/comments/:project/edit_comment' => :edit_comments, :via => [:get, :put], constraints: cons end controller :request do @@ -221,7 +223,8 @@ post 'request/set_incident' => :set_incident get 'request/comments/:id' => :comments post 'request/comments/:id' => :save_comments - match 'request/comments/:id/update_comments' => :update_comments, :via => [:get, :put], constraints: cons + match 'request/comments/:id/delete_comment' => :delete_comments, :via => [:get, :put], constraints: cons + match 'request/comments/:id/edit_comments' => :edit_comments, :via => [:get, :put], constraints: cons end controller :search do