thredded 0.2.2 → 0.3.0

data/app/commands/thredded/notify_mentioned_users.rb

@@ -1,7 +1,6 @@
+# frozen_string_literal: true
 module Thredded
   class NotifyMentionedUsers
-    DELIVER_METHOD = Rails.version < '4.2.0' ? :deliver : :deliver_later
-
     def initialize(post)
       @post = post
     end
@@ -13,13 +12,13 @@ module Thredded
       user_emails = members.map(&:email)
       (post.private_topic_post? ? PrivatePostMailer : PostMailer)
         .at_notification(post.id, user_emails)
-        .send(DELIVER_METHOD)
+        .deliver_later
       MembersMarkedNotified.new(post, members).run
     end
 
     def at_notifiable_members
       user_names = AtNotificationExtractor.new(post.content).run
-      members = post.readers_from_user_names(user_names).to_a
+      members    = post.readers_from_user_names(user_names).to_a
 
       members.delete post.user
       members = exclude_previously_notified(members)
@@ -34,31 +33,19 @@ module Thredded
     attr_reader :post
 
     def exclude_those_opting_out_of_at_notifications(members)
-      # TODO: implement global notification preferences for private topics.
-      return members if private_topic?
       members.select do |member|
-        Thredded::NotificationPreference
-          .for(member)
-          .in(post.messageboard)
-          .first_or_create
-          .notify_on_mention?
+        member.thredded_user_preference.notify_on_mention? &&
+          (private_topic? || member.thredded_user_messageboard_preferences.in(post.messageboard).notify_on_mention?)
       end
     end
 
     def exclude_those_that_are_not_private(members)
-      members.reject do |member|
-        private_topic? && post.postable.users.exclude?(member)
-      end
+      members.reject { |member| private_topic? && post.postable.users.exclude?(member) }
     end
 
     def exclude_previously_notified(members)
-      emails_notified = Thredded::PostNotification
-        .where(post: post)
-        .pluck(:email)
-
-      members.reject do |member|
-        emails_notified.include? member.email
-      end
+      emails_notified = Thredded::PostNotification.where(post: post).pluck(:email)
+      members.reject { |member| emails_notified.include? member.email }
     end
 
     def private_topic?

data/app/commands/thredded/notify_private_topic_users.rb

@@ -1,7 +1,6 @@
+# frozen_string_literal: true
 module Thredded
   class NotifyPrivateTopicUsers
-    DELIVER_METHOD = Rails.version < '4.2.0' ? :deliver : :deliver_later
-
     def initialize(private_topic)
       @post = private_topic.posts.first || Post.new
       @private_topic = private_topic
@@ -14,7 +13,7 @@ module Thredded
       user_emails = members.map(&:email)
       PrivateTopicMailer
         .message_notification(private_topic.id, user_emails)
-        .send(DELIVER_METHOD)
+        .deliver_later
       mark_notified(members)
     end
 
@@ -36,8 +35,7 @@ module Thredded
     end
 
     def exclude_those_opting_out_of_message_notifications(members)
-      # TODO: implement global notification preferences for private topics.
-      members
+      members.select { |member| member.thredded_user_preference.notify_on_message? }
     end
 
     def exclude_previously_notified(members)

data/app/controllers/thredded/application_controller.rb

@@ -1,68 +1,95 @@
+# frozen_string_literal: true
 module Thredded
   class ApplicationController < ::ApplicationController
-    layout Thredded.layout
+    layout :thredded_layout
+    include ::Thredded::UrlsHelper
+    include Pundit
 
     helper Thredded::Engine.helpers
     helper_method \
       :active_users,
+      :thredded_current_user,
       :messageboard,
+      :messageboard_or_nil,
       :preferences,
       :unread_private_topics_count,
       :signed_in?
 
-    rescue_from \
-      CanCan::AccessDenied,
-      Thredded::Errors::MessageboardNotFound,
-      Thredded::Errors::MessageboardReadDenied,
-      Thredded::Errors::TopicCreateDenied,
-      Thredded::Errors::MessageboardCreateDenied,
-      Thredded::Errors::PrivateTopicCreateDenied do |exception|
-        redirect_to root_path,
-          flash: { alert: exception.message }
-      end
+    rescue_from Thredded::Errors::MessageboardNotFound,
+                Thredded::Errors::PrivateTopicNotFound,
+                Thredded::Errors::TopicNotFound,
+                Thredded::Errors::UserNotFound do |exception|
+      @error   = exception
+      @message = exception.message
+      render template: 'thredded/error_pages/not_found', status: :not_found
+    end
 
-    rescue_from \
-      Thredded::Errors::EmptySearchResults,
-      Thredded::Errors::TopicNotFound do |exception|
-        redirect_to messageboard_topics_path(messageboard),
-          flash: { error: exception.message }
-      end
+    rescue_from Pundit::NotAuthorizedError,
+                Thredded::Errors::LoginRequired,
+                Thredded::Errors::TopicCreateDenied,
+                Thredded::Errors::MessageboardCreateDenied,
+                Thredded::Errors::PrivateTopicCreateDenied,
+                Thredded::Errors::MessageboardReadDenied do |exception|
+      @error   = exception
+      @message = if @error.is_a?(Pundit::NotAuthorizedError)
+                   t('thredded.errors.not_authorized')
+                 else
+                   exception.message
+                 end
+      render template: 'thredded/error_pages/forbidden', status: :forbidden
+    end
+
+    protected
+
+    def thredded_current_user
+      send(Thredded.current_user_method) || NullUser.new
+    end
 
     def signed_in?
       !thredded_current_user.thredded_anonymous?
     end
 
+    if Rails::VERSION::MAJOR < 5
+      # redirect_back polyfill
+      def redirect_back(fallback_location:, **args)
+        redirect_to :back, args
+      rescue ActionController::RedirectBackError
+        redirect_to fallback_location, args
+      end
+    end
+
     private
 
+    def thredded_layout
+      Thredded.layout
+    end
+
     def unread_private_topics_count
-      @unread_private_topics_count ||= Thredded::PrivateTopic
-        .joins(:private_users)
-        .where(
-          thredded_private_users: {
-            user_id: thredded_current_user.id,
-            read: false
-          })
-        .count
+      @unread_private_topics_count ||=
+        if signed_in?
+          Thredded::PrivateTopic
+            .for_user(thredded_current_user)
+            .unread(thredded_current_user)
+            .count
+        else
+          0
+        end
     end
 
     def authorize_reading(obj)
-      return if current_ability.can? :read, obj
+      return if policy(obj).read?
 
       class_name = obj.class.to_s
-      error = class_name
-        .gsub(/Thredded::/, 'Thredded::Errors::') + 'ReadDenied'
+      error      = class_name.gsub(/Thredded::/, 'Thredded::Errors::') + 'ReadDenied'
 
       fail error.constantize
     end
 
     def authorize_creating(obj)
-      obj = obj.new if obj.class == Class
-
-      return if current_ability.can? :create, obj
+      return if policy(obj).create?
 
       class_name = obj.class.to_s
-      error = class_name
-        .gsub(/Thredded::/, 'Thredded::Errors::') + 'CreateDenied'
+      error      = class_name.gsub(/Thredded::/, 'Thredded::Errors::') + 'CreateDenied'
 
       fail error.constantize
     end
@@ -76,24 +103,28 @@ module Thredded
       )
     end
 
-    def current_ability
-      @current_ability ||= Ability.new(thredded_current_user)
+    def pundit_user
+      thredded_current_user
     end
 
     def messageboard
-      @messageboard ||= params[:messageboard_id].presence && Messageboard.find_by_slug!(params[:messageboard_id])
+      @messageboard ||= params[:messageboard_id].presence && Messageboard.friendly.find(params[:messageboard_id])
+    rescue ActiveRecord::RecordNotFound
+      raise Thredded::Errors::MessageboardNotFound
     end
 
-    def preferences
-      @preferences ||= thredded_current_user.thredded_user_preference
+    def messageboard_or_nil
+      messageboard
+    rescue Thredded::Errors::MessageboardNotFound
+      nil
     end
 
-    def thredded_current_user
-      current_user || NullUser.new
+    def preferences
+      @preferences ||= thredded_current_user.thredded_user_preference
     end
 
     def active_users
-      users = if messageboard
+      users = if messageboard_or_nil
                 messageboard.recently_active_users
               else
                 Thredded.user_class.joins(:thredded_user_detail).merge(Thredded::UserDetail.recently_active).to_a
@@ -101,5 +132,9 @@ module Thredded
       users.push(thredded_current_user) unless thredded_current_user.is_a?(NullUser)
       users.uniq
     end
+
+    def thredded_require_login!
+      fail Thredded::Errors::LoginRequired if thredded_current_user.thredded_anonymous?
+    end
   end
 end

data/app/controllers/thredded/autocomplete_users_controller.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+module Thredded
+  class AutocompleteUsersController < Thredded::ApplicationController
+    MIN_QUERY_LENGTH = 2
+    MAX_RESULTS      = 20
+
+    def index
+      authorize_creating PrivateTopicForm.new(user: thredded_current_user).private_topic
+      users = params.key?(:q) ? users_by_prefix : users_by_ids
+      render json: {
+        results: users.map do |user|
+          { id:         user.id,
+            name:       user.send(Thredded.user_name_column),
+            avatar_url: Thredded.avatar_url.call(user) }
+        end
+      }
+    end
+
+    private
+
+    def users_by_prefix
+      query = params[:q].to_s.strip
+      if query.length >= MIN_QUERY_LENGTH
+        DbTextSearch::CaseInsensitive.new(users_scope, Thredded.user_name_column).prefix(query)
+          .where.not(id: thredded_current_user.id)
+          .limit(MAX_RESULTS)
+      else
+        []
+      end
+    end
+
+    # This method is used by select2 do fetch users by ids, e.g. in case of a browser-prefilled field.
+    def users_by_ids
+      ids = params[:ids].to_s.split(',')
+      if ids.present?
+        users_scope.where(id: ids)
+      else
+        []
+      end
+    end
+
+    def users_scope
+      thredded_current_user.thredded_can_message_users
+    end
+  end
+end

data/app/controllers/thredded/messageboards_controller.rb

@@ -1,21 +1,24 @@
+# frozen_string_literal: true
 module Thredded
   class MessageboardsController < Thredded::ApplicationController
     def index
-      @messageboards = Messageboard.where(closed: false).decorate
+      @messageboards = thredded_current_user.thredded_can_read_messageboards
     end
 
     def new
-      authorize_creating Messageboard
-
       @messageboard = Messageboard.new
+      authorize_creating @messageboard
     end
 
     def create
       @messageboard = Messageboard.new(messageboard_params)
+      authorize_creating @messageboard
 
       if signed_in? && @messageboard.save
-        @topic = Topic.create!(topic_params)
-        @post = Post.create!(post_params)
+        Topic.transaction do
+          @topic = Topic.create!(topic_params)
+          @post = Post.create!(post_params)
+        end
 
         redirect_to root_path
       else

data/app/controllers/thredded/posts_controller.rb

@@ -1,52 +1,50 @@
+# frozen_string_literal: true
 module Thredded
   class PostsController < Thredded::ApplicationController
     include ActionView::RecordIdentifier
 
-    load_and_authorize_resource only: [:index, :show]
-    helper_method :messageboard, :topic
-    before_filter :update_user_activity
+    helper_method :topic
+    before_action :update_user_activity
 
     def create
-      post = parent_topic.posts.create!(post_params)
+      post = parent_topic.posts.build(post_params)
+      authorize_creating post
+      post.save!
 
-      reset_read_status if for_a_private_topic?
       redirect_to post_path(post)
     end
 
     def edit
-      authorize! :edit, post
+      authorize post, :update?
     end
 
     def update
+      authorize post, :update?
       post.update_attributes(post_params.except(:user, :ip))
 
       redirect_to post_path(post)
     end
 
-    def topic
-      post.postable
+    def destroy
+      authorize post, :destroy?
+      post.destroy!
+
+      redirect_back fallback_location: topic_url(topic),
+                    notice: I18n.t('thredded.posts.deleted_notice')
     end
 
     private
 
-    def post_path(post)
-      if for_a_private_topic?
-        private_topic_path(post.postable, anchor: dom_id(post))
-      else
-        messageboard_topic_path(messageboard, post.postable, anchor: dom_id(post))
-      end
-    end
-
-    def reset_read_status
-      Thredded::UserResetsPrivateTopicToUnread.new(parent_topic, thredded_current_user).run
+    def topic
+      post.postable
     end
 
     def post_params
-      params
-        .require(:post)
+      p = params.require(:post)
         .permit(:content)
-        .merge!(user: thredded_current_user, ip: request.remote_ip)
-        .tap { |p| p.merge!(messageboard: messageboard) unless for_a_private_topic? }
+        .merge(user: thredded_current_user, ip: request.remote_ip)
+      p = p.merge(messageboard: messageboard) unless for_a_private_topic?
+      p
     end
 
     def parent_topic

data/app/controllers/thredded/preferences_controller.rb

@@ -1,28 +1,33 @@
+# frozen_string_literal: true
 module Thredded
   class PreferencesController < Thredded::ApplicationController
-    helper_method :preference
+    before_action :thredded_require_login!,
+                  :init_preferences
 
     def edit
     end
 
     def update
-      preference.update_attributes(preference_params)
-
-      redirect_to :back, flash: { notice: 'Your settings have been updated.' }
-    end
-
-    def preference
-      @preference ||= NotificationPreference
-        .where(messageboard_id: messageboard.id, user_id: thredded_current_user.id)
-        .first_or_create!
+      if @preferences.save
+        flash[:notice] = t('thredded.preferences.updated_notice')
+        redirect_back fallback_location: edit_preferences_url(@preferences.messageboard)
+      else
+        render :edit
+      end
     end
 
     private
 
-    def preference_params
-      params
-        .require(:notification_preference)
-        .permit(:notify_on_mention, :notify_on_message, :filter)
+    def init_preferences
+      @preferences = UserPreferencesForm.new(
+        user:         thredded_current_user,
+        messageboard: messageboard_or_nil,
+        params:       params.fetch(:user_preferences_form, {}).permit(
+          :notify_on_mention,
+          :notify_on_message,
+          :messageboard_notify_on_mention,
+        )
+      )
     end
   end
 end