discourse/app/controllers/post_action_users_controlle...

require_dependency 'discourse'

class PostActionUsersController < ApplicationController
  def index
    params.require(:post_action_type_id)
    params.require(:id)
    post_action_type_id = params[:post_action_type_id].to_i

    finder = Post.where(id: params[:id].to_i)
    finder = finder.with_deleted if guardian.is_staff?

    post = finder.first
    guardian.ensure_can_see!(post)

    post_actions = post.post_actions.where(post_action_type_id: post_action_type_id)
      .includes(:user)
      .order('post_actions.created_at asc')

    if !guardian.can_see_post_actors?(post.topic, post_action_type_id)
      if !current_user
        raise Discourse::InvalidAccess
      end
      post_actions = post_actions.where(user_id: current_user.id)
    end

    render_serialized(post_actions.to_a, PostActionUserSerializer, root: 'post_action_users')
  end
end
FIX: You can click to see your own PMs from flags Also refactors post action users to be a new object type since they can have `post_url` which is not a field of a `User` 2015-09-30 12:28:13 -04:00			`require_dependency 'discourse'`

			`class PostActionUsersController < ApplicationController`
			`def index`
			`params.require(:post_action_type_id)`
			`params.require(:id)`
			`post_action_type_id = params[:post_action_type_id].to_i`

			`finder = Post.where(id: params[:id].to_i)`
			`finder = finder.with_deleted if guardian.is_staff?`

			`post = finder.first`
			`guardian.ensure_can_see!(post)`
FIX: you should always be allowed to see actions you created 2017-06-02 14:23:56 -04:00
FIX: You can click to see your own PMs from flags Also refactors post action users to be a new object type since they can have `post_url` which is not a field of a `User` 2015-09-30 12:28:13 -04:00			`post_actions = post.post_actions.where(post_action_type_id: post_action_type_id)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`.includes(:user)`
			`.order('post_actions.created_at asc')`
FIX: You can click to see your own PMs from flags Also refactors post action users to be a new object type since they can have `post_url` which is not a field of a `User` 2015-09-30 12:28:13 -04:00
FIX: you should always be allowed to see actions you created 2017-06-02 14:23:56 -04:00			`if !guardian.can_see_post_actors?(post.topic, post_action_type_id)`
			`if !current_user`
			`raise Discourse::InvalidAccess`
			`end`
			`post_actions = post_actions.where(user_id: current_user.id)`
			`end`

FIX: You can click to see your own PMs from flags Also refactors post action users to be a new object type since they can have `post_url` which is not a field of a `User` 2015-09-30 12:28:13 -04:00			`render_serialized(post_actions.to_a, PostActionUserSerializer, root: 'post_action_users')`
			`end`
			`end`