2015-03-31 12:58:56 -04:00
|
|
|
require_dependency 'new_post_manager'
|
2013-02-05 14:16:51 -05:00
|
|
|
require_dependency 'post_creator'
|
2013-03-18 17:52:29 -04:00
|
|
|
require_dependency 'post_destroyer'
|
2013-07-28 22:25:19 -04:00
|
|
|
require_dependency 'distributed_memoizer'
|
2015-03-31 12:58:56 -04:00
|
|
|
require_dependency 'new_post_result_serializer'
|
2013-02-05 14:16:51 -05:00
|
|
|
|
|
|
|
class PostsController < ApplicationController
|
|
|
|
|
|
|
|
# Need to be logged in for all actions here
|
2015-01-24 00:04:14 -05:00
|
|
|
before_filter :ensure_logged_in, except: [:show, :replies, :by_number, :short_link, :reply_history, :revisions, :latest_revision, :expand_embed, :markdown_id, :markdown_num, :cooked, :latest]
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2014-07-11 17:34:26 -04:00
|
|
|
skip_before_filter :check_xhr, only: [:markdown_id, :markdown_num, :short_link]
|
2013-04-30 02:29:57 -04:00
|
|
|
|
2014-07-11 17:34:26 -04:00
|
|
|
def markdown_id
|
|
|
|
markdown Post.find(params[:id].to_i)
|
|
|
|
end
|
|
|
|
|
|
|
|
def markdown_num
|
|
|
|
markdown Post.find_by(topic_id: params[:topic_id].to_i, post_number: (params[:post_number] || 1).to_i)
|
|
|
|
end
|
|
|
|
|
|
|
|
def markdown(post)
|
2013-04-30 02:29:57 -04:00
|
|
|
if post && guardian.can_see?(post)
|
|
|
|
render text: post.raw, content_type: 'text/plain'
|
|
|
|
else
|
|
|
|
raise Discourse::NotFound
|
|
|
|
end
|
|
|
|
end
|
2013-04-24 04:05:35 -04:00
|
|
|
|
2015-01-24 00:04:14 -05:00
|
|
|
def latest
|
2015-01-24 00:22:19 -05:00
|
|
|
params.permit(:before)
|
|
|
|
last_post_id = params[:before].to_i
|
|
|
|
last_post_id = Post.last.id if last_post_id <= 0
|
|
|
|
|
|
|
|
# last 50 post IDs only, to avoid counting deleted posts in security check
|
2015-01-24 00:04:14 -05:00
|
|
|
posts = Post.order(created_at: :desc)
|
2015-01-24 00:22:19 -05:00
|
|
|
.where('posts.id <= ?', last_post_id)
|
|
|
|
.where('posts.id > ?', last_post_id - 50)
|
2015-01-24 00:04:14 -05:00
|
|
|
.includes(topic: :category)
|
|
|
|
.includes(:user)
|
|
|
|
.limit(50)
|
|
|
|
# Remove posts the user doesn't have permission to see
|
|
|
|
# This isn't leaking any information we weren't already through the post ID numbers
|
|
|
|
posts = posts.reject { |post| !guardian.can_see?(post) }
|
|
|
|
|
|
|
|
counts = PostAction.counts_for(posts, current_user)
|
|
|
|
|
|
|
|
render_json_dump(serialize_data(posts,
|
|
|
|
PostSerializer,
|
|
|
|
scope: guardian,
|
|
|
|
root: 'latest_posts',
|
|
|
|
add_raw: true,
|
|
|
|
all_post_actions: counts)
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
2014-06-20 17:06:44 -04:00
|
|
|
def cooked
|
|
|
|
post = find_post_from_params
|
|
|
|
render json: {cooked: post.cooked}
|
|
|
|
end
|
|
|
|
|
2014-10-17 15:18:29 -04:00
|
|
|
def raw_email
|
|
|
|
post = Post.find(params[:id].to_i)
|
2014-11-12 08:49:42 -05:00
|
|
|
guardian.ensure_can_view_raw_email!(post)
|
2014-10-17 15:18:29 -04:00
|
|
|
render json: {raw_email: post.raw_email}
|
|
|
|
end
|
|
|
|
|
2013-04-24 04:05:35 -04:00
|
|
|
def short_link
|
|
|
|
post = Post.find(params[:post_id].to_i)
|
2014-07-11 17:34:26 -04:00
|
|
|
# Stuff the user in the request object, because that's what IncomingLink wants
|
|
|
|
if params[:user_id]
|
|
|
|
user = User.find(params[:user_id].to_i)
|
|
|
|
request['u'] = user.username_lower if user
|
|
|
|
end
|
2015-02-04 14:49:05 -05:00
|
|
|
|
|
|
|
guardian.ensure_can_see!(post)
|
2013-04-24 04:05:35 -04:00
|
|
|
redirect_to post.url
|
|
|
|
end
|
2013-02-05 14:16:51 -05:00
|
|
|
|
|
|
|
def create
|
2015-03-31 12:58:56 -04:00
|
|
|
@manager_params = create_params
|
|
|
|
manager = NewPostManager.new(current_user, @manager_params)
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2015-03-31 12:58:56 -04:00
|
|
|
if is_api?
|
|
|
|
memoized_payload = DistributedMemoizer.memoize(signature_for(@manager_params), 120) do
|
|
|
|
result = manager.perform
|
|
|
|
MultiJson.dump(serialize_data(result, NewPostResultSerializer, root: false))
|
|
|
|
end
|
2014-07-14 01:59:58 -04:00
|
|
|
|
2015-03-31 12:58:56 -04:00
|
|
|
parsed_payload = JSON.parse(memoized_payload)
|
|
|
|
backwards_compatible_json(parsed_payload, parsed_payload['success'])
|
2014-07-14 01:59:58 -04:00
|
|
|
else
|
2015-03-31 12:58:56 -04:00
|
|
|
result = manager.perform
|
|
|
|
json = serialize_data(result, NewPostResultSerializer, root: false)
|
|
|
|
backwards_compatible_json(json, result.success?)
|
2014-07-14 01:59:58 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
def update
|
2013-06-06 03:14:32 -04:00
|
|
|
params.require(:post)
|
2013-02-07 10:45:24 -05:00
|
|
|
|
2014-01-06 02:12:51 -05:00
|
|
|
post = Post.where(id: params[:id])
|
|
|
|
post = post.with_deleted if guardian.is_staff?
|
|
|
|
post = post.first
|
2013-02-21 18:09:56 -05:00
|
|
|
post.image_sizes = params[:image_sizes] if params[:image_sizes].present?
|
2014-01-07 10:32:09 -05:00
|
|
|
|
2014-02-18 11:19:38 -05:00
|
|
|
if too_late_to(:edit, post)
|
2014-10-27 17:06:43 -04:00
|
|
|
return render json: { errors: [I18n.t('too_late_to_edit')] }, status: 422
|
2014-01-07 10:32:09 -05:00
|
|
|
end
|
|
|
|
|
2013-02-21 18:09:56 -05:00
|
|
|
guardian.ensure_can_edit!(post)
|
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
changes = {
|
|
|
|
raw: params[:post][:raw],
|
|
|
|
edit_reason: params[:post][:edit_reason]
|
|
|
|
}
|
2013-03-27 02:49:23 -04:00
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
# to stay consistent with the create api, we allow for title & category changes here
|
|
|
|
if post.post_number == 1
|
|
|
|
changes[:title] = params[:title] if params[:title]
|
|
|
|
changes[:category_id] = params[:post][:category_id] if params[:post][:category_id]
|
2013-03-27 02:49:23 -04:00
|
|
|
end
|
|
|
|
|
2013-02-21 18:09:56 -05:00
|
|
|
revisor = PostRevisor.new(post)
|
2014-10-27 17:06:43 -04:00
|
|
|
if revisor.revise!(current_user, changes)
|
2013-02-21 18:09:56 -05:00
|
|
|
TopicLink.extract_from(post)
|
2014-07-15 03:47:24 -04:00
|
|
|
QuotedPost.extract_from(post)
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
return render_json_error(post) if post.errors.present?
|
|
|
|
return render_json_error(post.topic) if post.topic.errors.present?
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2013-02-21 18:09:56 -05:00
|
|
|
post_serializer = PostSerializer.new(post, scope: guardian, root: false)
|
|
|
|
post_serializer.draft_sequence = DraftSequence.current(current_user, post.topic.draft_key)
|
2013-06-05 02:10:26 -04:00
|
|
|
link_counts = TopicLink.counts_for(guardian,post.topic, [post])
|
2013-02-21 18:09:56 -05:00
|
|
|
post_serializer.single_post_link_counts = link_counts[post.id] if link_counts.present?
|
|
|
|
|
|
|
|
result = {post: post_serializer.as_json}
|
|
|
|
if revisor.category_changed.present?
|
2013-05-10 02:47:47 -04:00
|
|
|
result[:category] = BasicCategorySerializer.new(revisor.category_changed, scope: guardian, root: false).as_json
|
2013-02-21 18:09:56 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
render_json_dump(result)
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
def show
|
2014-02-24 12:03:29 -05:00
|
|
|
post = find_post_from_params
|
|
|
|
display_post(post)
|
2013-12-11 21:41:34 -05:00
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
def by_number
|
2014-02-24 12:03:29 -05:00
|
|
|
post = find_post_from_params_by_number
|
|
|
|
display_post(post)
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2013-08-06 17:42:36 -04:00
|
|
|
def reply_history
|
2014-02-20 11:38:13 -05:00
|
|
|
post = find_post_from_params
|
2014-10-26 18:44:42 -04:00
|
|
|
render_serialized(post.reply_history(params[:max_replies].to_i), PostSerializer)
|
2013-08-06 17:42:36 -04:00
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
def destroy
|
2013-02-08 17:49:15 -05:00
|
|
|
post = find_post_from_params
|
2014-01-07 10:32:09 -05:00
|
|
|
|
2014-02-18 11:19:38 -05:00
|
|
|
if too_late_to(:delete_post, post)
|
2014-01-07 10:32:09 -05:00
|
|
|
render json: {errors: [I18n.t('too_late_to_edit')]}, status: 422
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2013-02-07 15:12:55 -05:00
|
|
|
guardian.ensure_can_delete!(post)
|
2013-03-18 17:52:29 -04:00
|
|
|
|
2014-10-01 11:40:13 -04:00
|
|
|
destroyer = PostDestroyer.new(current_user, post, { context: params[:context] })
|
2013-03-18 17:52:29 -04:00
|
|
|
destroyer.destroy
|
|
|
|
|
2013-02-07 15:12:55 -05:00
|
|
|
render nothing: true
|
|
|
|
end
|
|
|
|
|
2014-04-01 17:45:16 -04:00
|
|
|
def expand_embed
|
2014-04-03 11:30:43 -04:00
|
|
|
render json: {cooked: TopicEmbed.expanded_for(find_post_from_params) }
|
2014-04-02 13:22:10 -04:00
|
|
|
rescue
|
|
|
|
render_json_error I18n.t('errors.embed.load_from_remote')
|
2014-04-01 17:45:16 -04:00
|
|
|
end
|
|
|
|
|
2013-02-07 15:12:55 -05:00
|
|
|
def recover
|
2013-02-08 17:49:15 -05:00
|
|
|
post = find_post_from_params
|
2013-02-07 15:12:55 -05:00
|
|
|
guardian.ensure_can_recover_post!(post)
|
2013-07-22 03:48:24 -04:00
|
|
|
destroyer = PostDestroyer.new(current_user, post)
|
|
|
|
destroyer.recover
|
|
|
|
post.reload
|
2013-07-09 12:15:55 -04:00
|
|
|
|
2013-07-22 03:48:24 -04:00
|
|
|
render_post_json(post)
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def destroy_many
|
2013-06-06 03:14:32 -04:00
|
|
|
params.require(:post_ids)
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2013-09-04 11:53:00 -04:00
|
|
|
posts = Post.where(id: post_ids_including_replies)
|
2013-02-05 14:16:51 -05:00
|
|
|
raise Discourse::InvalidParameters.new(:post_ids) if posts.blank?
|
|
|
|
|
|
|
|
# Make sure we can delete the posts
|
|
|
|
posts.each {|p| guardian.ensure_can_delete!(p) }
|
|
|
|
|
|
|
|
Post.transaction do
|
2013-09-04 20:50:58 -04:00
|
|
|
posts.each {|p| PostDestroyer.new(current_user, p).destroy }
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
render nothing: true
|
|
|
|
end
|
|
|
|
|
|
|
|
# Direct replies to this post
|
|
|
|
def replies
|
2013-02-08 17:49:15 -05:00
|
|
|
post = find_post_from_params
|
2013-02-05 14:16:51 -05:00
|
|
|
render_serialized(post.replies, PostSerializer)
|
|
|
|
end
|
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
def revisions
|
|
|
|
post_revision = find_post_revision_from_params
|
|
|
|
post_revision_serializer = PostRevisionSerializer.new(post_revision, scope: guardian, root: false)
|
|
|
|
render_json_dump(post_revision_serializer)
|
|
|
|
end
|
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
def latest_revision
|
|
|
|
post_revision = find_latest_post_revision_from_params
|
|
|
|
post_revision_serializer = PostRevisionSerializer.new(post_revision, scope: guardian, root: false)
|
|
|
|
render_json_dump(post_revision_serializer)
|
|
|
|
end
|
|
|
|
|
2014-10-13 04:18:49 -04:00
|
|
|
def hide_revision
|
|
|
|
post_revision = find_post_revision_from_params
|
2014-10-27 17:06:43 -04:00
|
|
|
guardian.ensure_can_hide_post_revision!(post_revision)
|
|
|
|
|
2014-10-13 04:18:49 -04:00
|
|
|
post_revision.hide!
|
2014-10-27 17:06:43 -04:00
|
|
|
|
|
|
|
post = find_post_from_params
|
|
|
|
post.public_version -= 1
|
|
|
|
post.save
|
|
|
|
|
2014-10-13 04:18:49 -04:00
|
|
|
render nothing: true
|
|
|
|
end
|
|
|
|
|
|
|
|
def show_revision
|
|
|
|
post_revision = find_post_revision_from_params
|
2014-10-27 17:06:43 -04:00
|
|
|
guardian.ensure_can_show_post_revision!(post_revision)
|
|
|
|
|
2014-10-13 04:18:49 -04:00
|
|
|
post_revision.show!
|
2014-10-27 17:06:43 -04:00
|
|
|
|
|
|
|
post = find_post_from_params
|
|
|
|
post.public_version += 1
|
|
|
|
post.save
|
|
|
|
|
2014-10-13 04:18:49 -04:00
|
|
|
render nothing: true
|
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
def bookmark
|
2013-02-08 17:49:15 -05:00
|
|
|
post = find_post_from_params
|
2015-01-12 06:10:15 -05:00
|
|
|
|
|
|
|
if params[:bookmarked] == "true"
|
|
|
|
PostAction.act(current_user, post, PostActionType.types[:bookmark])
|
|
|
|
else
|
|
|
|
PostAction.remove_act(current_user, post, PostActionType.types[:bookmark])
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
2015-01-12 06:10:15 -05:00
|
|
|
|
2015-02-18 18:58:57 -05:00
|
|
|
tu = TopicUser.get(post.topic, current_user)
|
|
|
|
|
2015-02-18 19:42:01 -05:00
|
|
|
render_json_dump(topic_bookmarked: tu.try(:bookmarked))
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2014-05-13 08:53:11 -04:00
|
|
|
def wiki
|
|
|
|
guardian.ensure_can_wiki!
|
|
|
|
|
|
|
|
post = find_post_from_params
|
2014-10-27 17:06:43 -04:00
|
|
|
post.revise(current_user, { wiki: params[:wiki] })
|
2014-05-13 08:53:11 -04:00
|
|
|
|
|
|
|
render nothing: true
|
|
|
|
end
|
|
|
|
|
2014-09-10 17:08:33 -04:00
|
|
|
def post_type
|
|
|
|
guardian.ensure_can_change_post_type!
|
|
|
|
|
|
|
|
post = find_post_from_params
|
2014-10-27 17:06:43 -04:00
|
|
|
post.revise(current_user, { post_type: params[:post_type].to_i })
|
2014-09-10 17:08:33 -04:00
|
|
|
|
|
|
|
render nothing: true
|
|
|
|
end
|
|
|
|
|
2014-09-11 10:04:40 -04:00
|
|
|
def rebake
|
|
|
|
guardian.ensure_can_rebake!
|
|
|
|
|
|
|
|
post = find_post_from_params
|
|
|
|
post.rebake!(invalidate_oneboxes: true)
|
|
|
|
|
|
|
|
render nothing: true
|
|
|
|
end
|
|
|
|
|
2014-09-22 12:55:13 -04:00
|
|
|
def unhide
|
|
|
|
post = find_post_from_params
|
|
|
|
|
|
|
|
guardian.ensure_can_unhide!(post)
|
|
|
|
|
|
|
|
post.unhide!
|
|
|
|
|
|
|
|
render nothing: true
|
|
|
|
end
|
|
|
|
|
2014-07-16 15:04:55 -04:00
|
|
|
def flagged_posts
|
|
|
|
params.permit(:offset, :limit)
|
|
|
|
guardian.ensure_can_see_flagged_posts!
|
|
|
|
|
|
|
|
user = fetch_user_from_params
|
|
|
|
offset = [params[:offset].to_i, 0].max
|
|
|
|
limit = [(params[:limit] || 60).to_i, 100].min
|
|
|
|
|
2015-04-13 11:48:31 -04:00
|
|
|
posts = user_posts(guardian, user.id, offset: offset, limit: limit)
|
2014-10-09 10:10:16 -04:00
|
|
|
.where(id: PostAction.where(post_action_type_id: PostActionType.notify_flag_type_ids)
|
|
|
|
.where(disagreed_at: nil)
|
2014-07-16 15:04:55 -04:00
|
|
|
.select(:post_id))
|
|
|
|
|
|
|
|
render_serialized(posts, AdminPostSerializer)
|
|
|
|
end
|
|
|
|
|
|
|
|
def deleted_posts
|
|
|
|
params.permit(:offset, :limit)
|
|
|
|
guardian.ensure_can_see_deleted_posts!
|
|
|
|
|
|
|
|
user = fetch_user_from_params
|
|
|
|
offset = [params[:offset].to_i, 0].max
|
|
|
|
limit = [(params[:limit] || 60).to_i, 100].min
|
|
|
|
|
2015-04-13 11:48:31 -04:00
|
|
|
posts = user_posts(guardian, user.id, offset: offset, limit: limit).where.not(deleted_at: nil)
|
2014-07-16 15:04:55 -04:00
|
|
|
|
|
|
|
render_serialized(posts, AdminPostSerializer)
|
|
|
|
end
|
|
|
|
|
2013-02-08 17:49:15 -05:00
|
|
|
protected
|
|
|
|
|
2015-03-31 12:58:56 -04:00
|
|
|
# We can't break the API for making posts. The new, queue supporting API
|
|
|
|
# doesn't return the post as the root JSON object, but as a nested object.
|
|
|
|
# If a param is present it uses that result structure.
|
|
|
|
def backwards_compatible_json(json_obj, success)
|
|
|
|
json_obj = json_obj[:post] || json_obj['post'] unless params[:nested_post]
|
|
|
|
render json: json_obj, status: (!!success) ? 200 : 422
|
|
|
|
end
|
|
|
|
|
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
def find_post_revision_from_params
|
|
|
|
post_id = params[:id] || params[:post_id]
|
|
|
|
revision = params[:revision].to_i
|
|
|
|
raise Discourse::InvalidParameters.new(:revision) if revision < 2
|
|
|
|
|
2014-05-06 09:41:59 -04:00
|
|
|
post_revision = PostRevision.find_by(post_id: post_id, number: revision)
|
2014-10-27 17:06:43 -04:00
|
|
|
raise Discourse::NotFound unless post_revision
|
|
|
|
|
2014-02-04 14:05:50 -05:00
|
|
|
post_revision.post = find_post_from_params
|
2014-10-27 17:06:43 -04:00
|
|
|
guardian.ensure_can_see!(post_revision)
|
2014-02-04 14:05:50 -05:00
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
post_revision
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_latest_post_revision_from_params
|
|
|
|
post_id = params[:id] || params[:post_id]
|
|
|
|
|
|
|
|
finder = PostRevision.where(post_id: post_id).order(:number)
|
|
|
|
finder = finder.where(hidden: false) unless guardian.is_staff?
|
|
|
|
post_revision = finder.last
|
|
|
|
|
|
|
|
raise Discourse::NotFound unless post_revision
|
|
|
|
|
|
|
|
post_revision.post = find_post_from_params
|
2013-12-11 21:41:34 -05:00
|
|
|
guardian.ensure_can_see!(post_revision)
|
2014-10-27 17:06:43 -04:00
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
post_revision
|
|
|
|
end
|
2013-06-07 03:52:03 -04:00
|
|
|
|
|
|
|
private
|
|
|
|
|
2015-04-13 11:48:31 -04:00
|
|
|
def user_posts(guardian, user_id, opts)
|
|
|
|
posts = Post.includes(:user, :topic, :deleted_by, :user_actions)
|
|
|
|
.where(user_id: user_id)
|
|
|
|
.with_deleted
|
|
|
|
.order(created_at: :desc)
|
|
|
|
|
|
|
|
if guardian.user.moderator?
|
|
|
|
|
|
|
|
# Awful hack, but you can't seem to remove the `default_scope` when joining
|
|
|
|
# So instead I grab the topics separately
|
|
|
|
topic_ids = posts.dup.pluck(:topic_id)
|
|
|
|
secured_category_ids = guardian.secure_category_ids
|
|
|
|
topics = Topic.where(id: topic_ids).with_deleted.where.not(archetype: 'private_message')
|
|
|
|
topics = topics.secured(guardian)
|
|
|
|
|
|
|
|
posts = posts.where(topic_id: topics.pluck(:id))
|
|
|
|
end
|
|
|
|
|
|
|
|
posts.offset(opts[:offset])
|
|
|
|
.limit(opts[:limit])
|
2014-07-16 15:04:55 -04:00
|
|
|
end
|
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
def create_params
|
|
|
|
permitted = [
|
|
|
|
:raw,
|
|
|
|
:topic_id,
|
|
|
|
:archetype,
|
|
|
|
:category,
|
|
|
|
:target_usernames,
|
|
|
|
:reply_to_post_number,
|
|
|
|
:auto_track
|
|
|
|
]
|
|
|
|
|
|
|
|
# param munging for WordPress
|
|
|
|
params[:auto_track] = !(params[:auto_track].to_s == "false") if params[:auto_track]
|
|
|
|
|
|
|
|
if api_key_valid?
|
|
|
|
# php seems to be sending this incorrectly, don't fight with it
|
|
|
|
params[:skip_validations] = params[:skip_validations].to_s == "true"
|
|
|
|
permitted << :skip_validations
|
2014-04-03 14:42:26 -04:00
|
|
|
|
|
|
|
# We allow `embed_url` via the API
|
|
|
|
permitted << :embed_url
|
2013-12-11 21:41:34 -05:00
|
|
|
end
|
2013-07-01 22:22:56 -04:00
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
params.require(:raw)
|
2014-09-08 11:11:56 -04:00
|
|
|
result = params.permit(*permitted).tap do |whitelisted|
|
|
|
|
whitelisted[:image_sizes] = params[:image_sizes]
|
|
|
|
# TODO this does not feel right, we should name what meta_data is allowed
|
|
|
|
whitelisted[:meta_data] = params[:meta_data]
|
|
|
|
end
|
|
|
|
|
|
|
|
# Staff are allowed to pass `is_warning`
|
|
|
|
if current_user.staff?
|
|
|
|
params.permit(:is_warning)
|
|
|
|
result[:is_warning] = (params[:is_warning] == "true")
|
2015-03-31 12:58:56 -04:00
|
|
|
else
|
|
|
|
result[:is_warning] = false
|
2013-06-07 03:52:03 -04:00
|
|
|
end
|
2014-09-08 11:11:56 -04:00
|
|
|
|
2015-01-28 11:01:01 -05:00
|
|
|
PostRevisor.tracked_topic_fields.keys.each do |f|
|
2015-01-27 12:13:45 -05:00
|
|
|
params.permit(f => [])
|
|
|
|
result[f] = params[f] if params.has_key?(f)
|
|
|
|
end
|
2015-01-06 14:53:12 -05:00
|
|
|
|
2015-01-29 13:09:35 -05:00
|
|
|
# Stuff we can use in spam prevention plugins
|
|
|
|
result[:ip_address] = request.remote_ip
|
|
|
|
result[:user_agent] = request.user_agent
|
|
|
|
result[:referrer] = request.env["HTTP_REFERER"]
|
|
|
|
|
2014-09-08 11:11:56 -04:00
|
|
|
result
|
2013-12-11 21:41:34 -05:00
|
|
|
end
|
|
|
|
|
2015-03-31 12:58:56 -04:00
|
|
|
def signature_for(args)
|
|
|
|
"post##" << Digest::SHA1.hexdigest(args
|
|
|
|
.to_a
|
|
|
|
.concat([["user", current_user.id]])
|
|
|
|
.sort{|x,y| x[0] <=> y[0]}.join do |x,y|
|
|
|
|
"#{x}:#{y}"
|
|
|
|
end)
|
|
|
|
end
|
|
|
|
|
2014-02-18 11:19:38 -05:00
|
|
|
def too_late_to(action, post)
|
|
|
|
!guardian.send("can_#{action}?", post) && post.user_id == current_user.id && post.edit_time_limit_expired?
|
|
|
|
end
|
|
|
|
|
2014-02-21 11:12:43 -05:00
|
|
|
def display_post(post)
|
|
|
|
post.revert_to(params[:version].to_i) if params[:version].present?
|
|
|
|
render_post_json(post)
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_post_from_params
|
|
|
|
by_id_finder = Post.where(id: params[:id] || params[:post_id])
|
|
|
|
find_post_using(by_id_finder)
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_post_from_params_by_number
|
|
|
|
by_number_finder = Post.where(topic_id: params[:topic_id], post_number: params[:post_number])
|
|
|
|
find_post_using(by_number_finder)
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_post_using(finder)
|
|
|
|
# Include deleted posts if the user is staff
|
|
|
|
finder = finder.with_deleted if current_user.try(:staff?)
|
|
|
|
post = finder.first
|
2014-09-10 21:10:27 -04:00
|
|
|
raise Discourse::NotFound unless post
|
2014-05-12 10:30:10 -04:00
|
|
|
# load deleted topic
|
|
|
|
post.topic = Topic.with_deleted.find(post.topic_id) if current_user.try(:staff?)
|
2014-02-21 11:12:43 -05:00
|
|
|
guardian.ensure_can_see!(post)
|
|
|
|
post
|
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|