[myexperiment-hackers] [2795] trunk/app: Refactoring helpers.

[noreply]

Revision

2795

Author

fbacall

Date

2011-11-09 09:57:00 -0500 (Wed, 09 Nov 2011)

Log Message

Refactoring helpers. Also fixed bug that allowed users to upload pictures to anyones profile

Modified Paths

• trunk/app/controllers/pictures_controller.rb
• trunk/app/helpers/application_helper.rb
• trunk/app/views/blog_posts/_post.rhtml
• trunk/app/views/friendships/index.rhtml
• trunk/app/views/friendships/show.rhtml
• trunk/app/views/memberships/_table.rhtml
• trunk/app/views/memberships/index.rhtml
• trunk/app/views/pictures/index.rhtml

Removed Paths

• trunk/app/views/pictures/edit.rhtml

Diff

Modified: trunk/app/controllers/pictures_controller.rb (2794 => 2795)

--- trunk/app/controllers/pictures_controller.rb	2011-11-09 12:26:57 UTC (rev 2794)
+++ trunk/app/controllers/pictures_controller.rb	2011-11-09 14:57:00 UTC (rev 2795)
@@ -5,7 +5,8 @@
 
 class PicturesController < ApplicationController
   before_filter :login_required, :except => [:index, :show]
-  
+
+  before_filter :find_user
   before_filter :find_picture, : [:show]
   before_filter :find_pictures, : [:index]
   before_filter :find_picture_auth, : [:select, :edit, :update, :destroy]
@@ -16,14 +17,12 @@
     if @picture.select!
       # create and save picture selection record
       PictureSelection.create(:user => current_user, :picture => @picture)
-      
-      respond_to do |format|
-        flash[:notice] = 'Picture was successfully selected as profile picture.'
-        format.html { redirect_to user_pictures_url(@picture.owner) }
-      end
-    else
-      error("Picture already selected", "already selected")
     end
+
+    respond_to do |format|
+      flash[:notice] = 'Picture was successfully selected as profile picture.'
+      format.html { redirect_to user_pictures_url(@picture.owner) }
+    end
   end
   
   # GET /users/1/pictures
@@ -77,12 +76,6 @@
     @picture = Picture.new
   end
 
-  # GET /users/1/pictures/1;edit
-  # GET /pictures/1;edit
-  def edit
-    
-  end
-
   # POST /users/1/pictures
   # POST /pictures
   def create
@@ -102,19 +95,6 @@
     end
   end
 
-  # PUT /users/1/pictures/1
-  # PUT /pictures/1
-  def update
-    respond_to do |format|
-      if @picture.update_attributes(params[:picture])
-        flash[:notice] = 'Picture was successfully updated.'
-        format.html { redirect_to user_pictures_url(@picture.user_id) }
-      else
-        format.html { render :action ="" "edit" }
-      end
-    end
-  end
-
   # DELETE /users/1/pictures/1
   # DELETE /pictures/1
   def destroy
@@ -130,39 +110,25 @@
 protected
 
   def find_pictures
-    if params[:user_id]
-      @pictures = Picture.find(:all, :conditions => ["user_id = ?", params[:user_id]])
+    if @user
+      @pictures = @user.pictures
     elsif logged_in?
       redirect_to user_pictures_url(current_user)
-    else
-      error("Please supply a User ID", "not supplied", :user_id)
     end
   end
   
   def find_picture
-    if params[:id]
-      if picture = Picture.find(:first, :conditions => ["id = ?", params[:id]])
-        @picture = picture
-      else
-        error("Picture not found (id not found)", "is invalid (not found)")
-      end
-    else
-      error("Please supply an ID", "not supplied")
-    end
+    @picture = Picture.find(params[:id])
   end
 
   def find_picture_auth
-    if params[:user_id]
-      begin
-        @picture = Picture.find(params[:id], :conditions => ["user_id = ?", params[:user_id]])
-      rescue ActiveRecord::RecordNotFound
-        error("Picture not found (id not authorized)", "is invalid (not owner)")
-      end
-    else
-      error("Please supply a User ID", "not supplied", :user_id)
-    end
+    @picture = Picture.find(params[:id], :conditions => ["user_id = ?", current_user.id])
   end
 
+  def find_user
+    @user = User.find(params[:user_id])
+  end
+
 private
   
   def error(notice, message, attr=:id)

Modified: trunk/app/helpers/application_helper.rb (2794 => 2795)

--- trunk/app/helpers/application_helper.rb	2011-11-09 12:26:57 UTC (rev 2794)
+++ trunk/app/helpers/application_helper.rb	2011-11-09 14:57:00 UTC (rev 2795)
@@ -7,20 +7,8 @@
 module ApplicationHelper
   require 'country_codes'
   
-  def my_page?(contributor_id, contributor_type="User")
-    #logged_in? and current_user.id.to_i == contributor_id.to_i and current_user.class.to_s == contributor_type.to_s
-
-    return false unless logged_in?
-    
-    case contributor_type.to_s
-    when "User"
-      return current_user.id.to_i == contributor_id.to_i
-    when "Network"
-      return false unless Network.find(:first, :conditions => ["id = ? AND user_id = ?", contributor_id, current_user.id])
-      return true
-    else
-      return false
-    end
+  def my_page?(contributor)
+    logged_in? && contributor == current_user
   end
   
   def mine?(thing)

Modified: trunk/app/views/blog_posts/_post.rhtml (2794 => 2795)

--- trunk/app/views/blog_posts/_post.rhtml	2011-11-09 12:26:57 UTC (rev 2794)
+++ trunk/app/views/blog_posts/_post.rhtml	2011-11-09 14:57:00 UTC (rev 2795)
@@ -1,7 +1,7 @@
 <p>
   <b><%=h post.title %></b> (<%=datetime post.created_at, false %>)
   
-  <% if my_page?(post.blog.contribution.contributor_id, post.blog.contribution.contributor_type) %>
+  <% if my_page?(post.blog.contribution.contributor) %>
      <%= icon "edit", edit_blog_blog_post_path(post.blog, post) %>
      <%= icon "destroy", blog_blog_post_path(post.blog, post), nil, :confirm => "Are you sure?", :method => "delete" %>
   <% end %>

Modified: trunk/app/views/friendships/index.rhtml (2794 => 2795)

--- trunk/app/views/friendships/index.rhtml	2011-11-09 12:26:57 UTC (rev 2794)
+++ trunk/app/views/friendships/index.rhtml	2011-11-09 14:57:00 UTC (rev 2795)
@@ -1,6 +1,6 @@
 <% if @user %>
 
-  <% if my_page? @user.id %>
+  <% if my_page? @user %>
     
     <% unless @user.friendships_pending.empty? %>
       <h2>You need to respond to</h2>

Modified: trunk/app/views/friendships/show.rhtml (2794 => 2795)

--- trunk/app/views/friendships/show.rhtml	2011-11-09 12:26:57 UTC (rev 2794)
+++ trunk/app/views/friendships/show.rhtml	2011-11-09 14:57:00 UTC (rev 2795)
@@ -1,6 +1,6 @@
 <h1>Friendship</h1>
 
-<% display_user = !my_page?(@friendship.user_id) %>
+<% display_user = !my_page?(@friendship.user) %>
 <% display_user_instance = display_user ? @friendship.user : @friendship.friend %>
 
 
@@ -33,7 +33,7 @@
 				      <b>Accepted at:</b><br/>
 			        <%=datetime @friendship.accepted_at %>
 		        </p>
-		      <% elsif my_page? @friendship.friend_id %>
+		      <% elsif my_page? @friendship.friend %>
 		        <% if @friendship.message %>
 						  <p style="margin-top: 1.5em; font-size: 93%; text-align: center;">
 							  <b>Message from user:</b><br/>
@@ -55,7 +55,7 @@
 <br/>
 <center>
   <div class="box_currentuser_specific" style="width: 500px; padding-bottom: 0;">
-    <% if my_page? @friendship.friend_id %>
+    <% if my_page? @friendship.friend %>
 			<p style="color: #990000; font-size: 108%; text-align: center; padding-top: 0.5em;">
 			  <b><i>Your confirmation needed</i></b><br/>
 			</p>

Modified: trunk/app/views/memberships/_table.rhtml (2794 => 2795)

--- trunk/app/views/memberships/_table.rhtml	2011-11-09 12:26:57 UTC (rev 2794)
+++ trunk/app/views/memberships/_table.rhtml	2011-11-09 14:57:00 UTC (rev 2795)
@@ -25,7 +25,7 @@
     <td><%= "<b>" unless membership.accepted? %><%=datetime membership.created_at, false %><%= "</b>" unless membership.accepted? %></td>
     <td><%= "<b>" unless membership.accepted? %><%=datetime(membership.accepted_at, false) || "Pending" %><%= "</b>" unless membership.accepted? %></td>
     <td class="actions">
-      <% if my_page? membership.user.id or (logged_in? and membership.network.administrator?(current_user.id)) %>
+      <% if my_page? membership.user or (logged_in? and membership.network.administrator?(current_user.id)) %>
         <%= icon "show", membership_path(membership.user_id, membership), nil, nil, "View" %>
 				<% if membership.accepted? %>
 					<%= icon "destroy", membership_path(membership.user_id, membership), nil, { :confirm => "Are you sure?", :method => :delete }, "Remove" %>

Modified: trunk/app/views/memberships/index.rhtml (2794 => 2795)

--- trunk/app/views/memberships/index.rhtml	2011-11-09 12:26:57 UTC (rev 2794)
+++ trunk/app/views/memberships/index.rhtml	2011-11-09 14:57:00 UTC (rev 2795)
@@ -1,6 +1,6 @@
 <% if @user %>
 
-	<% if my_page? @user.id %>
+	<% if my_page? @user %>
 
 		<h1>My Memberships</h1>
 

Deleted: trunk/app/views/pictures/edit.rhtml (2794 => 2795)

--- trunk/app/views/pictures/edit.rhtml	2011-11-09 12:26:57 UTC (rev 2794)
+++ trunk/app/views/pictures/edit.rhtml	2011-11-09 14:57:00 UTC (rev 2795)
@@ -1,9 +0,0 @@
-<h1>Editing Picture</h1>
-
-<%= error_messages_for :picture %>
-
-<% form_for(:picture, :url ="" user_picture_path(@picture.user_id, @picture), :html => { :method => :put }) do |f| %>
-  <p>
-    <%= submit_tag "Update", :disable_with => "Updating..." %>
-  </p>
-<% end %>

Modified: trunk/app/views/pictures/index.rhtml (2794 => 2795)

--- trunk/app/views/pictures/index.rhtml	2011-11-09 12:26:57 UTC (rev 2794)
+++ trunk/app/views/pictures/index.rhtml	2011-11-09 14:57:00 UTC (rev 2795)
@@ -1,58 +1,46 @@
-<% if params[:user_id] %>
-  <h1>Profile Pictures</h1>
-<% end %>
+<h1>Profile Pictures</h1>
 
-<% if my_page? params[:user_id] %>
+<% if my_page? @user %>
   <ul class="sectionIcons">
-		<li><%= icon('profile', user_path(current_user), nil, nil, 'Return to Profile')%></li>
+    <li><%= icon('profile', user_path(current_user), nil, nil, 'Return to Profile')%></li>
     <li><%= icon('avatar', new_user_picture_path(current_user), nil, nil, 'Upload New Picture')%></li>
   </ul>
 <% end %>
 
 <% unless @pictures.empty? %>
 
-<br/>
+  <br/>
 
-<table class="alt_table">
-  
-<% odd_row = false -%>
-<% for picture in @pictures %>
-<% if Authorization.is_authorized?("view", nil, picture, current_user) %>
-  <tr class="<%= (odd_row = !odd_row) ? "odd_row" : "even_row" %>">
-    <td width="150">
-      <% if picture.selected? %> 
-        <%= image_tag("people.png", :size => "60x60", :text => "current profile pic") %><br/>
-        Current
+  <table class="alt_table">
+
+    <% odd_row = false -%>
+    <% for picture in @pictures %>
+      <% if Authorization.is_authorized?("view", nil, picture, current_user) %>
+        <tr class="<%= (odd_row = !odd_row) ? "odd_row" : "even_row" %>">
+          <td width="150">
+            <% if picture.selected? %>
+              <%= image_tag("people.png", :size => "60x60", :text => "current profile pic") %><br/>
+              Current
+            <% end %>
+          </td>
+          <td>
+            <%= image_tag avatar_url(picture.id, 100), :class => 'framed' %>
+          </td>
+          <td class="actions">
+            <% if my_page? picture.user %>
+              <% unless picture.selected? %>
+                <%= icon "picture", select_user_picture_path(picture.user_id, picture), nil, nil, "Make Profile Pic" %>
+              <% end %>
+              <%= icon "destroy", user_picture_path(picture.user_id, picture), nil, { :confirm => 'Are you sure?', :method => :delete }, "Delete"  %>
+            <% end %>
+          </td>
+        </tr>
       <% end %>
-    </td>
-    <% unless params[:user_id] %>
-      <td width="150">
-        <font size="18"><%=h picture.user_id %></font>
-      </td>
     <% end %>
-    <td>
-      <% if false %>
-        <%= image_tag(url_for_file_column(picture, "data", "large")) %>
-      <% end %>
-      <%= image_tag avatar_url(picture.id, 100), :class => 'framed' %>
-    </td>
-    <td class="actions">
-      <% if my_page? picture.user_id %>
-				<% unless picture.selected? %>
-					<%= icon "picture", select_user_picture_path(picture.user_id, picture), nil, nil, "Make Profile Pic" %>
-				<% end %>
-				<%= icon "destroy", user_picture_path(picture.user_id, picture), nil, { :confirm => 'Are you sure?', :method => :delete }, "Delete"  %>
-			<% end %>
-    </td>
-  </tr>
-<% end %>
-<% end %>
-</table>
+  </table>
 
 <% else %>
 
-<p>No pictures yet!</p>
+  <p>No pictures yet!</p>
 
 <% end %>
-
-<br />