Module: CommentOwnerControllerConcern

Extended by:: ActiveSupport::Concern

Included in:: Api::CommentsController, Api::ShareBoardController

Defined in:: app/controllers/concerns/comment_owner_controller_concern.rb

Overview

Ensures user is owner of the comment and sets the ‘@comment` variable in the controllers

Instance Method Summary collapse

#ensure_comment ⇒ Object

Ensures user is owner of the comment and sets the ‘@comment` variable in the controllers.
#ensure_comment_owner ⇒ Object

Ensures user is the owner of the comment.
#has_comment_access(post_id, comment_id) ⇒ Object

Validate if user has access to comment in the post.

Instance Method Details

#ensure_comment ⇒ `Object`

Ensures user is owner of the comment and sets the ‘@comment` variable in the controllers

# File 'app/controllers/concerns/comment_owner_controller_concern.rb', line 6

def ensure_comment
  post_id = params[:post_id]
  comment_id = params[:comment_id] || params[:id]
  result = has_comment_access post_id, comment_id
  @comment = result[:comment]
  status = result[:status]
  render json: {}, status: status if status != :ok
end

#ensure_comment_owner ⇒ `Object`

Ensures user is the owner of the comment. Must be run after #ensure_comment method.



29
30
31

# File 'app/controllers/concerns/comment_owner_controller_concern.rb', line 29

def ensure_comment_owner
  render json: {}, status: :forbidden if @comment.user_id != @user.id
end

#has_comment_access(post_id, comment_id) ⇒ `Object`

Validate if user has access to comment in the post

Parameters:

post_id (Integer) —

post id
comment_id (Integer) —

comment id

# File 'app/controllers/concerns/comment_owner_controller_concern.rb', line 19

def has_comment_access(post_id, comment_id)
  comment = Comment.where(id: comment_id, post_id: post_id, user_id: @user.id).first
  if comment.nil?
    return {status: :forbidden, comment: comment}
  else
    return {status: :ok, comment: comment}
  end
end