From 55f92fe45a45eafe7c0bf759d7799bf019be2977 Mon Sep 17 00:00:00 2001 From: jomo Date: Sat, 17 Jan 2015 19:40:57 +0100 Subject: [PATCH] enable write-only forums when the role-write is lower than the role-read, a forum is considered write-only for anyone who can write, but not read, they can create posts, but they can only see and reply to their own posts. users who can read are able to see and reply to all posts in the forum. --- app/controllers/forums_controller.rb | 6 +++--- app/models/forum.rb | 6 +++++- app/models/forumgroup.rb | 6 +++++- app/models/forumthread.rb | 7 +++++-- app/views/forums/index.html.erb | 22 +++++++++++++++------- app/views/forums/show.html.erb | 9 ++++++--- 6 files changed, 39 insertions(+), 17 deletions(-) diff --git a/app/controllers/forums_controller.rb b/app/controllers/forums_controller.rb index 21321fb..2841be9 100644 --- a/app/controllers/forums_controller.rb +++ b/app/controllers/forums_controller.rb @@ -2,12 +2,12 @@ class ForumsController < ApplicationController before_filter :check_permission, only: [:show, :edit, :update, :destroy] def index - @groups = Forumgroup.select {|g| g.can_read?(current_user) } + @groups = Forumgroup.select {|g| g.can_view?(current_user) } @groups.sort_by!{ |g| g.position || 0 } end def show - @threads = @forum.forumthreads.to_a + @threads = @forum.forumthreads.select {|f| f.can_read?(current_user) }.to_a @threads.sort_by! do |t| # sticky goes first, then sort by last activity (new replies) [t.sticky ? 0 : 1, -(t.replies.last.try(:created_at) || t.created_at).to_i] @@ -78,7 +78,7 @@ class ForumsController < ApplicationController def check_permission @forum = Forum.find(params[:id]) - unless @forum.can_read?(current_user) + unless @forum.can_view?(current_user) flash[:alert] = "You are not allowed to view this forum" redirect_to forums_path end diff --git a/app/models/forum.rb b/app/models/forum.rb index 48a19b7..39e8f2a 100644 --- a/app/models/forum.rb +++ b/app/models/forum.rb @@ -22,7 +22,11 @@ class Forum < ActiveRecord::Base end def can_write?(user) - group.can_write?(user) && can_read?(user) && (role_write.nil? || (!user.nil? && user.role >= role_write)) + group.can_write?(user) && (role_write.nil? || (!user.nil? && user.role >= role_write)) + end + + def can_view?(user) + can_read?(user) || can_write?(user) end def to_param diff --git a/app/models/forumgroup.rb b/app/models/forumgroup.rb index 20fcd53..f9d156c 100644 --- a/app/models/forumgroup.rb +++ b/app/models/forumgroup.rb @@ -18,7 +18,11 @@ class Forumgroup < ActiveRecord::Base end def can_write?(user) - !user.nil? && can_read?(user) && user.confirmed? && (role_write.nil? || user.role >= role_write) + !user.nil? && user.confirmed? && (role_write.nil? || user.role >= role_write) + end + + def can_view?(user) + can_read?(user) || can_write?(user) end def to_param diff --git a/app/models/forumthread.rb b/app/models/forumthread.rb index b6db0b3..1b915dc 100644 --- a/app/models/forumthread.rb +++ b/app/models/forumthread.rb @@ -36,11 +36,14 @@ class Forumthread < ActiveRecord::Base end def can_read?(user) - forum && forum.can_read?(user) + # we might have threads without a forum + # e.g. forum deleted + forum && forum.can_read?(user) || author == user end def can_write?(user) - forum.can_write?(user) && (!locked? || user.mod?) + # unlike forums, you shouldn't be able to write when you can't read + can_read?(user) && forum.can_write?(user) && (!locked? || user.mod?) end def send_new_mention_mail(old_content = "") diff --git a/app/views/forums/index.html.erb b/app/views/forums/index.html.erb index 0a24f6c..a9e776e 100644 --- a/app/views/forums/index.html.erb +++ b/app/views/forums/index.html.erb @@ -11,20 +11,28 @@
<% group.forums.sort_by{ |f| f.position || 0 }.each do |f| %> - <% if f.can_read?(current_user) %> + <% if f.can_view?(current_user) %>
<%= link_to f.name, f, id: "forum-#{f.id}"%>
<% if last_thread = f.threads.last %> <% last_reply = Threadreply.where(forumthread: f.threads).order(:created_at).last %> <% if last_reply && last_reply.created_at > last_thread.created_at %> - <%= last_reply.author.name %> - <%= link_to "replied", forumthread_path(last_reply.thread) + "#reply-#{last_reply.id}" %> - <%= ago last_reply.created_at %>. + <% if last_reply.thread.can_read?(current_user) %> + <%= last_reply.author.name %> + <%= link_to "replied", forumthread_path(last_reply.thread) + "#reply-#{last_reply.id}" %> + <%= ago last_reply.created_at %>. + <% else %> + Hidden + <% end %> <% else %> - <%= last_thread.author.name %> - <%= link_to "posted", forumthread_path(last_thread) %> - <%= ago last_thread.created_at %>. + <% if last_thread.can_read?(current_user) %> + <%= last_thread.author.name %> + <%= link_to "posted", forumthread_path(last_thread) %> + <%= ago last_thread.created_at %>. + <% else %> + Hidden + <% end %> <% end %> <% else %> No posts yet. diff --git a/app/views/forums/show.html.erb b/app/views/forums/show.html.erb index 7200c78..2612102 100644 --- a/app/views/forums/show.html.erb +++ b/app/views/forums/show.html.erb @@ -1,11 +1,14 @@ -<% title @forum.name %> - <%= link_to @forum.group, forumgroup_path(@forum.group) %> → <%= @forum %> -

<%= @forum %>

+

<%= title @forum %>

<% if @forum.can_write?(current_user) %>

<%= link_to "New thread", new_forumthread_path(forum: @forum), class: "btn blue" %>

<% end %> + +<% if @forum.role_read && @forum.role_write && @forum.role_write < @forum.role_read %> +
This forum is write-only. You can only see your own posts.
+<% end %> +
<% @threads.each do |thread| %>