community_engine 2.3.2 → 3.0.0

data/app/controllers/metro_areas_controller.rb

@@ -3,7 +3,7 @@ class MetroAreasController < BaseController
   before_filter :admin_required
 
   def index
-    @metro_areas = MetroArea.order("countries.name, metro_areas.name DESC").includes(:country).page(params[:page])
+    @metro_areas = MetroArea.includes(:country).order("countries.name, metro_areas.name DESC").references(:countries).page(params[:page])
   end
   
   def show
@@ -24,7 +24,7 @@ class MetroAreasController < BaseController
   end
 
   def create
-    @metro_area = MetroArea.new(params[:metro_area])
+    @metro_area = MetroArea.new(metro_area_params)
     
     respond_to do |format|
       if @metro_area.save
@@ -46,7 +46,7 @@ class MetroAreasController < BaseController
     @metro_area = MetroArea.find(params[:id])
     
     respond_to do |format|
-      if @metro_area.update_attributes(params[:metro_area])
+      if @metro_area.update_attributes(metro_area_params)
         format.html { redirect_to metro_area_url(@metro_area) }
         format.xml  { render :nothing => true }
       else
@@ -65,4 +65,10 @@ class MetroAreasController < BaseController
       format.xml  { render :nothing => true }
     end
   end
+
+  private
+
+  def metro_area_params
+    params[:metro_area].permit(:name, :state, :country_id, :state_id)
+  end
 end

data/app/controllers/moderators_controller.rb

@@ -1,6 +1,6 @@
 class ModeratorsController < BaseController
   before_filter :admin_required
-  
+
   def create
     @forum = Forum.find(params[:forum_id])
     @user = User.find(params[:user_id])

data/app/controllers/monitorships_controller.rb

@@ -2,7 +2,7 @@ class MonitorshipsController < BaseController
   before_filter :login_required
 
   def create
-    @monitorship = Monitorship.find_or_initialize_by_user_id_and_topic_id(current_user.id, params[:topic_id])
+    @monitorship = Monitorship.find_or_initialize_by(:user_id => current_user.id, :topic_id => params[:topic_id])
     @monitorship.update_attribute :active, true
     respond_to do |format| 
       format.html { redirect_to forum_topic_path(params[:forum_id], params[:topic_id]) }
@@ -11,7 +11,7 @@ class MonitorshipsController < BaseController
   end
   
   def destroy
-    Monitorship.update_all ['active = ?', false], ['user_id = ? and topic_id = ?', current_user.id, params[:topic_id]]
+    Monitorship.where('user_id = ? and topic_id = ?', current_user.id, params[:topic_id]).update_all(['active = ?', false])
     respond_to do |format| 
       format.html { redirect_to forum_topic_path(params[:forum_id], params[:topic_id]) }
       format.js

data/app/controllers/pages_controller.rb

@@ -18,7 +18,7 @@ class PagesController < BaseController
   end
 
   def preview
-    @page = Page.find(params[:id])
+    @page = Page.unscoped.find(params[:id])
     render :action => :show
   end
 
@@ -32,9 +32,17 @@ class PagesController < BaseController
     flash[:error] = :page_not_found.l
     redirect_to home_path
   end
+  
+  def new
+    @page = Page.new
+  end 
+  
+  def edit
+    @page = Page.unscoped.find(params[:id])
+  end
 
   def create
-    @page = Page.new(params[:page])
+    @page = Page.new(page_params)
     if @page.save
       flash[:notice] = :page_was_successfully_created.l
       redirect_to admin_pages_path
@@ -44,7 +52,7 @@ class PagesController < BaseController
   end
 
   def update
-    if @page.update_attributes(params[:page])
+    if @page.update_attributes(page_params)
       flash[:notice] = :page_was_successfully_updated.l
       redirect_to admin_pages_path
     else
@@ -61,10 +69,14 @@ class PagesController < BaseController
   private
 
   def require_moderator
-    @page ||= Page.find(params[:id]) if params[:id]
+    @page ||= Page.unscoped.find(params[:id]) if params[:id]
     unless admin? || moderator?
       redirect_to :controller => 'sessions', :action => 'new' and return false
     end
   end
 
+  def page_params
+    params.require(:page).permit(:title, :body, :published_as, :page_public)
+  end
+
 end

data/app/controllers/password_resets_controller.rb

@@ -1,5 +1,4 @@
 class PasswordResetsController < BaseController
-
   before_filter :require_no_user
   before_filter :load_user_using_perishable_token, :only => [ :edit, :update ]
 

data/app/controllers/photos_controller.rb

@@ -1,7 +1,7 @@
 require 'pp'
 
 class PhotosController < BaseController
-  include Viewable  
+  include Viewable
   before_filter :login_required, :only => [:new, :edit, :update, :destroy, :create, :swfupload]
   before_filter :find_user, :only => [:new, :edit, :index, :show]
   before_filter :require_current_user, :only => [:new, :edit, :update, :destroy]
@@ -12,12 +12,12 @@ class PhotosController < BaseController
     {:only => [:show], :options => configatron.simple_mce_options}
   end
 
-  cache_sweeper :taggable_sweeper, :only => [:create, :update, :destroy]    
+  cache_sweeper :taggable_sweeper, :only => [:create, :update, :destroy]
 
   def recent
     @photos = Photo.recent.page(params[:page])
   end
-  
+
   def index
     @user = User.find(params[:user_id])
 
@@ -25,16 +25,16 @@ class PhotosController < BaseController
     if params[:tag_name]
       @photos = @photos.where('tags.name = ?', params[:tag_name])
     end
-    
+
     @photos = @photos.recent.page(params[:page]).per(20)
-  
+
     @tags = Photo.includes(:taggings).where(:user_id => @user.id).tag_counts(:limit => 20)
-  
+
     @rss_title = "#{configatron.community_name}: #{@user.login}'s photos"
     @rss_url = user_photos_path(@user,:format => :rss)
 
     respond_to do |format|
-      format.html 
+      format.html
       format.rss {
         render_rss_feed_for(@photos,
            { :feed => {:title => @rss_title, :link => url_for(:controller => 'photos', :action => 'index', :user_id => @user) },
@@ -50,8 +50,8 @@ class PhotosController < BaseController
 
   def manage_photos
     if logged_in?
-      @user = current_user      
-      @photos = current_user.photos.recent.includes(:tags)      
+      @user = current_user
+      @photos = current_user.photos.recent.includes(:tags)
       if params[:tag_name]
         @photos = @photos.where('tags.name = ?', params[:tag_name])
       end
@@ -68,9 +68,9 @@ class PhotosController < BaseController
   def show
     @photo = @user.photos.find(params[:id])
     update_view_count(@photo) if current_user && current_user.id != @photo.user_id
-    
+
     @is_current_user = @user.eql?(current_user)
-    @comment = Comment.new(params[:comment])
+    @comment = Comment.new
 
     @previous = @photo.previous_photo
     @next = @photo.next_photo
@@ -101,11 +101,11 @@ class PhotosController < BaseController
   # POST /photos.xml
   def create
     @user = current_user
-    @photo = Photo.new(params[:photo])
+    @photo = Photo.new(photo_params)
     @photo.user = @user
     @photo.tag_list = params[:tag_list] || ''
-    
-    @photo.album_id = params[:album_id] || ''    
+
+    @photo.album_id = params[:album_id] || ''
     @photo.album_id = params[:album_selected] unless params[:album_selected].blank?
 
 
@@ -113,20 +113,16 @@ class PhotosController < BaseController
       if @photo.save
         flash[:notice] = :photo_was_successfully_created.l
 
-        format.html {      
+        format.html {
           render :action => 'inline_new', :layout => false and return if params[:inline]
           if params[:album_id]
             redirect_to user_album_path(current_user,params[:album_id])
-          else  
+          else
             redirect_to user_photo_url(:id => @photo, :user_id => @photo.user)
           end
         }
         format.js {
-          responds_to_parent do
-            render :update do |page|
-              page << "upload_image_callback('#{@photo.photo.url()}', '#{@photo.display_name}', '#{@photo.id}');"
-            end
-          end
+          # render create.js.erb
         }
       else
         format.html {
@@ -134,27 +130,24 @@ class PhotosController < BaseController
           render :action => "new"
         }
         format.js {
-          responds_to_parent do
-            render :update do |page|
-              page.alert(:sorry_there_was_an_error_uploading_the_photo.l)
-            end
-          end
+          # render create.js.erb
+          @alert = :sorry_there_was_an_error_uploading_the_photo.l
         }
       end
     end
   end
 
 
-  # PUT /photos/1
-  # PUT /photos/1.xml
+  # patch /photos/1
+  # patch /photos/1.xml
   def update
     @photo = Photo.find(params[:id])
     @user = @photo.user
     @photo.tag_list = params[:tag_list] || ''
-    @photo.album_id = params[:photo][:album_id]
+    @photo.album_id = photo_params[:album_id]
 
     respond_to do |format|
-      if @photo.update_attributes(params[:photo])
+      if @photo.update_attributes(photo_params)
         format.html { redirect_to user_photo_url(@photo.user, @photo) }
       else
         format.html { render :action => "edit" }
@@ -186,4 +179,13 @@ class PhotosController < BaseController
     "<a href='#{user_photo_url(photo.user, photo)}' title='#{photo.name}'><img src='#{photo.photo.url(:large)}' alt='#{photo.name}' /><br />#{photo.description}</a>"
   end
 
+  private
+
+  def photo_params
+    params[:photo].permit(:name, :description, :album_id, :photo)
+  end
+
+  def comment_params
+    params[:comment].permit(:author_name, :author_email, :notify_by_email, :author_url, :comment)
+  end
 end

data/app/controllers/posts_controller.rb

@@ -21,9 +21,9 @@ class PostsController < BaseController
 
   def manage
     Post.unscoped do
-      @search = Post.search(params[:search])
-      @search.meta_sort ||= 'created_at.desc'
-      @posts = @search.where(:user_id => @user.id).page(params[:page]).per(params[:size]||10)
+      @search = Post.search(params[:q])
+      @posts = @search.result
+      @posts = @posts.where(:user_id => @user.id).order('created_at DESC').page(params[:page]).per(params[:size]||10)
     end
   end
 
@@ -37,7 +37,7 @@ class PostsController < BaseController
 
     @is_current_user = @user.eql?(current_user)
 
-    @popular_posts = @user.posts.order("view_count DESC").limit(10).all
+    @popular_posts = @user.posts.order("view_count DESC").limit(10).to_a
 
     @rss_title = "#{configatron.community_name}: #{@user.login}'s posts"
     @rss_url = user_posts_path(@user,:format => :rss)
@@ -65,13 +65,13 @@ class PostsController < BaseController
 
     @user = @post.user
     @is_current_user = @user.eql?(current_user)
-    @comment = Comment.new(params[:comment])
+    @comment = Comment.new
 
-    @comments = @post.comments.includes(:user).order('created_at DESC').limit(20)
+    @comments = @post.comments.includes(:user).order('created_at DESC').limit(20).to_a
 
     @previous = @post.previous_post
     @next = @post.next_post
-    @popular_posts = @user.posts.except(:order).order('view_count DESC').limit(10).all
+    @popular_posts = @user.posts.except(:order).order('view_count DESC').limit(10).to_a
     @related = Post.find_related_to(@post)
     @most_commented = Post.find_most_commented
   end
@@ -90,9 +90,10 @@ class PostsController < BaseController
   # GET /posts/new
   def new
     @user = User.find(params[:user_id])
-    @post = Post.new(params[:post])
+    @post = Post.new
+    @post.category = Category.find(params[:category_id]) if params[:category_id]
     @post.published_as = 'live'
-    @categories = Category.find(:all)
+    @categories = Category.all
   end
 
   # GET /posts/1;edit
@@ -104,9 +105,8 @@ class PostsController < BaseController
   # POST /posts.xml
   def create
     @user = User.find(params[:user_id])
-    @post = Post.new(params[:post])
+    @post = Post.new(post_params)
     @post.user = @user
-    @post.tag_list = params[:tag_list] || ''
 
     respond_to do |format|
       if @post.save
@@ -128,15 +128,14 @@ class PostsController < BaseController
     end
   end
 
-  # PUT /posts/1
-  # PUT /posts/1.xml
+  # patch /posts/1
+  # patch /posts/1.xml
   def update
     @post = Post.unscoped.find(params[:id])
     @user = @post.user
-    @post.tag_list = params[:tag_list] || ''
 
     respond_to do |format|
-      if @post.update_attributes(params[:post])
+      if @post.update_attributes(post_params)
         @post.update_poll(params[:poll], params[:choices]) if params[:poll]
 
         format.html { redirect_to user_post_path(@post.user, @post) }
@@ -167,9 +166,18 @@ class PostsController < BaseController
     end
     @post = Post.find(params[:id])
     if @post.send_to(params[:emails], params[:message], (current_user || nil))
-      render :inline => "It worked!"
+      flash[:notice] = "Your message has been sent."
+      respond_to do |format|
+        format.html {render :partial => 'shared/messages'}
+        format.js
+      end
     else
-      render :inline => "You entered invalid addresses: <ul>"+ @post.invalid_emails.collect{|email| '<li>'+email+'</li>' }.join+"</ul> Please correct these and try again.", :status => 500
+      flash[:error] = "You entered invalid addresses: "+ @post.invalid_emails.join(', ')+". Please correct these and try again."
+
+      respond_to do |format|
+        format.html {render :partial => 'shared/messages', :status => 500}
+        format.js
+      end
     end
   end
 
@@ -248,4 +256,12 @@ class PostsController < BaseController
     return @user
   end
 
+
+  def post_params
+    params[:post].permit(:category_id, :title, :raw_post, :published_as, :send_comment_notifications, :tag_list)
+  end
+
+  def comment_params
+    params[:comment].permit(:author_name, :author_email, :notify_by_email, :author_url, :comment)
+  end
 end

data/app/controllers/rsvps_controller.rb

@@ -22,7 +22,7 @@ class RsvpsController < BaseController
   # POST /rsvps
   # POST /rsvps.xml
   def create
-    @rsvp = @event.rsvps.new(params[:rsvp])
+    @rsvp = @event.rsvps.new(rsvp_params)
     @rsvp.user = current_user
     respond_to do |format|
       if @rsvp.save
@@ -36,10 +36,10 @@ class RsvpsController < BaseController
     end
   end
   
-  # PUT /rsvps/1
-  # PUT /rsvps/1.xml
+  # patch /rsvps/1
+  # patch /rsvps/1.xml
   def update
-    @rsvp.attendees_count = params[:rsvp][:attendees_count]
+    @rsvp.attendees_count = rsvp_params[:attendees_count]
     respond_to do |format|
       if @rsvp.save
         flash[:notice] = :your_rsvp_was_successfully_updated.l
@@ -73,5 +73,9 @@ class RsvpsController < BaseController
   rescue
     redirect_to [@event]
   end
+
+  def rsvp_params
+    params[:rsvp].permit(:attendees_count)
+  end
   
 end

data/app/controllers/sb_posts_controller.rb

@@ -19,27 +19,27 @@ class SbPostsController < BaseController
 
   def index
     conditions = []
-    [:user_id, :forum_id].each { |attr| 
-      conditions << SbPost.send(:sanitize_sql, ["sb_posts.#{attr} = ?", params[attr].to_i]) if params[attr] 
+    [:user_id, :forum_id].each { |attr|
+      conditions << SbPost.send(:sanitize_sql, ["sb_posts.#{attr} = ?", params[attr].to_i]) if params[attr]
     }
     conditions = conditions.any? ? conditions.collect { |c| "(#{c})" }.join(' AND ') : nil
 
     @posts = SbPost.with_query_options.where(conditions).page(params[:page])
-    
-    @users = User.find(:all, :select => 'distinct *', :conditions => ['id in (?)', @posts.collect(&:user_id).uniq]).index_by(&:id)
+
+    @users = User.distinct.where(:id => @posts.collect(&:user_id).uniq).to_a.index_by(&:id)
   end
 
   def search
     conditions = params[:q].blank? ? nil : SbPost.send(:sanitize_sql, ['LOWER(sb_posts.body) LIKE ?', "%#{params[:q]}%"])
-    
+
     @posts = SbPost.with_query_options.where(conditions).page(params[:page])
 
-    @users = User.find(:all, :select => 'distinct *', :conditions => ['id in (?)', @posts.collect(&:user_id).uniq]).index_by(&:id)
+    @users = User.distinct.where(:id => @posts.collect(&:user_id).uniq).to_a.index_by(&:id)
     render :action => :index
   end
 
   def monitored
-    @user = User.find params[:user_id]    
+    @user = User.find params[:user_id]
     @posts = SbPost.with_query_options.joins('INNER JOIN monitorships ON monitorships.topic_id = topics.id').where('monitorships.user_id = ? AND sb_posts.user_id != ?', params[:user_id], @user.id).page(params[:page])
   end
 
@@ -56,7 +56,7 @@ class SbPostsController < BaseController
   end
 
   def create
-    @topic = Topic.find_by_id_and_forum_id(params[:topic_id].to_i, params[:forum_id].to_i, :include => :forum)
+    @topic = Topic.includes(:forum).where(:id => params[:topic_id].to_i, :forum_id => params[:forum_id].to_i).first
     if @topic.locked?
       respond_to do |format|
         format.html do
@@ -68,10 +68,10 @@ class SbPostsController < BaseController
     end
 
     @forum = @topic.forum
-    @post  = @topic.sb_posts.new(params[:post])
+    @post  = @topic.sb_posts.new(sb_post_params)
 
     @post.user = current_user if current_user
-    @post.author_ip = request.remote_ip #save the ip address for everyone, just because    
+    @post.author_ip = request.remote_ip #save the ip address for everyone, just because
 
     if (logged_in? || verify_recaptcha(@post)) && @post.save
       respond_to do |format|
@@ -84,22 +84,22 @@ class SbPostsController < BaseController
       flash.now[:notice] = @post.errors.full_messages.to_sentence
       respond_to do |format|
         format.html do
-          redirect_to forum_topic_path({:forum_id => params[:forum_id], :id => params[:topic_id], :anchor => 'reply-form', :page => (params[:page] || '1')}.merge({:post => params[:post]}))
+          redirect_to forum_topic_path({:forum_id => params[:forum_id], :id => params[:topic_id], :anchor => 'reply-form', :page => (params[:page] || '1')}.merge({:sb_post => params[:sb_post]}))
         end
         format.js
       end
     end
   end
-  
+
   def edit
-    respond_to do |format| 
-      format.html 
+    respond_to do |format|
+      format.html
       format.js
     end
   end
-  
+
   def update
-    @post.update_attributes!(params[:post])
+    @post.update_attributes!(sb_post_params)
   rescue ActiveRecord::RecordInvalid
     flash[:bad_reply] = :an_error_occurred.l
   ensure
@@ -121,6 +121,7 @@ class SbPostsController < BaseController
       format.html do
         redirect_to forum_topic_path(:forum_id => params[:forum_id], :id => params[:topic_id], :page => params[:page]) unless performed?
       end
+      format.js
       format.xml { head 200 }
     end
   end
@@ -130,9 +131,12 @@ class SbPostsController < BaseController
     def authorized?
       %w(create new).include?(action_name) || @post.editable_by?(current_user)
     end
-    
+
     def find_post
       @post = SbPost.find_by_id_and_topic_id_and_forum_id(params[:id].to_i, params[:topic_id].to_i, params[:forum_id].to_i) || raise(ActiveRecord::RecordNotFound)
     end
-    
+
+  def sb_post_params
+    params[:sb_post].permit(:body, :author_email, :author_ip, :author_name, :author_url)
+  end
 end