Module: PostOwnerControllerConcern

Extended by:: ActiveSupport::Concern

Included in:: Api::CommentsController, Api::PostsController, Api::ShareBoardController

Defined in:: app/controllers/concerns/post_owner_controller_concern.rb

Overview

Ensures user is owner of the post and sets the ‘@post` variable in the controllers

Instance Method Summary collapse

#ensure_post ⇒ Object

Ensures user is owner of the post and sets the ‘@post` variable in the controllers.
#ensure_post_owner ⇒ Object

Ensures user is owner of the post.
#has_post_access(board_id, post_id) ⇒ Object

Validate if user has access to the post in the board.

Instance Method Details

#ensure_post ⇒ `Object`

Ensures user is owner of the post and sets the ‘@post` variable in the controllers

# File 'app/controllers/concerns/post_owner_controller_concern.rb', line 6

def ensure_post
  post_id = params[:post_id] || params[:id]
  board_id = params[:board_id]
  result = has_post_access(board_id, post_id)
  status = result[:status]
  @post = result[:post]
  render json: {}, status: status if status != :ok
end

#ensure_post_owner ⇒ `Object`

Ensures user is owner of the post. Must be run after #ensure_post‘.



32
33
34

# File 'app/controllers/concerns/post_owner_controller_concern.rb', line 32

def ensure_post_owner
  render json: {}, status: :forbidden if @post.user_id != @user.id
end

#has_post_access(board_id, post_id) ⇒ `Object`

Validate if user has access to the post in the board

Parameters:

board_id (Integer) —

board id
post_id (Integer) —

post id

# File 'app/controllers/concerns/post_owner_controller_concern.rb', line 19

def has_post_access(board_id, post_id)
  post = Post.where(id: post_id, board_id: board_id)
              .joins("LEFT JOIN user_boards ON user_boards.board_id = posts.board_id")
              .where("user_boards.user_id = ?", @user.id)
              .first
  if post.nil?
    return {status: :forbidden}
  else
    return {status: :ok, post: post}
  end
end