discourse/app/controllers/posts_controller.rb
Sam f6b850e7a4 allow skipping the validations on creation if its an api call AND skip_validations is specified
this allows wordpress plugin to post very very short titles or titles that would otherwise be disallowed
2013-07-02 12:23:19 +10:00

216 lines
6.1 KiB
Ruby

require_dependency 'post_creator'
require_dependency 'post_destroyer'
class PostsController < ApplicationController
# Need to be logged in for all actions here
before_filter :ensure_logged_in, except: [:show, :replies, :by_number, :short_link, :versions]
skip_before_filter :store_incoming_links, only: [:short_link]
skip_before_filter :check_xhr, only: [:markdown,:short_link]
def markdown
post = Post.where(topic_id: params[:topic_id].to_i, post_number: (params[:post_number] || 1).to_i).first
if post && guardian.can_see?(post)
render text: post.raw, content_type: 'text/plain'
else
raise Discourse::NotFound
end
end
def short_link
post = Post.find(params[:post_id].to_i)
IncomingLink.add(request,current_user)
redirect_to post.url
end
def create
post_creator = PostCreator.new(current_user, create_params)
post = post_creator.create
if post_creator.errors.present?
# If the post was spam, flag all the user's posts as spam
current_user.flag_linked_posts_as_spam if post_creator.spam?
render_json_error(post_creator)
else
post_serializer = PostSerializer.new(post, scope: guardian, root: false)
post_serializer.topic_slug = post.topic.slug if post.topic.present?
post_serializer.draft_sequence = DraftSequence.current(current_user, post.topic.draft_key)
render_json_dump(post_serializer)
end
end
def update
params.require(:post)
post = Post.where(id: params[:id]).first
post.image_sizes = params[:image_sizes] if params[:image_sizes].present?
guardian.ensure_can_edit!(post)
# to stay consistent with the create api,
# we should allow for title changes and category changes here
# we should also move all of this to a post updater.
if post.post_number == 1 && (params[:title] || params[:post][:category])
post.topic.title = params[:title] if params[:title]
Topic.transaction do
post.topic.change_category(params[:post][:category])
post.topic.save
end
if post.topic.errors.present?
render_json_error(post.topic)
return
end
end
revisor = PostRevisor.new(post)
if revisor.revise!(current_user, params[:post][:raw])
TopicLink.extract_from(post)
end
if post.errors.present?
render_json_error(post)
return
end
post_serializer = PostSerializer.new(post, scope: guardian, root: false)
post_serializer.draft_sequence = DraftSequence.current(current_user, post.topic.draft_key)
link_counts = TopicLink.counts_for(guardian,post.topic, [post])
post_serializer.single_post_link_counts = link_counts[post.id] if link_counts.present?
post_serializer.topic_slug = post.topic.slug if post.topic.present?
result = {post: post_serializer.as_json}
if revisor.category_changed.present?
result[:category] = BasicCategorySerializer.new(revisor.category_changed, scope: guardian, root: false).as_json
end
render_json_dump(result)
end
def by_number
@post = Post.where(topic_id: params[:topic_id], post_number: params[:post_number]).first
guardian.ensure_can_see!(@post)
@post.revert_to(params[:version].to_i) if params[:version].present?
post_serializer = PostSerializer.new(@post, scope: guardian, root: false)
post_serializer.add_raw = true
render_json_dump(post_serializer)
end
def show
@post = find_post_from_params
@post.revert_to(params[:version].to_i) if params[:version].present?
post_serializer = PostSerializer.new(@post, scope: guardian, root: false)
post_serializer.add_raw = true
render_json_dump(post_serializer)
end
def destroy
post = find_post_from_params
guardian.ensure_can_delete!(post)
destroyer = PostDestroyer.new(current_user, post)
destroyer.destroy
render nothing: true
end
def recover
post = find_post_from_params
guardian.ensure_can_recover_post!(post)
post.recover!
render nothing: true
end
def destroy_many
params.require(:post_ids)
posts = Post.where(id: params[:post_ids])
raise Discourse::InvalidParameters.new(:post_ids) if posts.blank?
# Make sure we can delete the posts
posts.each {|p| guardian.ensure_can_delete!(p) }
Post.transaction do
topic_id = posts.first.topic_id
posts.each {|p| p.destroy }
Topic.reset_highest(topic_id)
end
render nothing: true
end
# Retrieves a list of versions and who made them for a post
def versions
post = find_post_from_params
render_serialized(post.all_versions, VersionSerializer)
end
# Direct replies to this post
def replies
post = find_post_from_params
render_serialized(post.replies, PostSerializer)
end
# Returns the "you're creating a post education"
def education_text
end
def bookmark
post = find_post_from_params
if current_user
if params[:bookmarked] == "true"
PostAction.act(current_user, post, PostActionType.types[:bookmark])
else
PostAction.remove_act(current_user, post, PostActionType.types[:bookmark])
end
end
render nothing: true
end
protected
def find_post_from_params
finder = Post.where(id: params[:id] || params[:post_id])
# Include deleted posts if the user is staff
finder = finder.with_deleted if current_user.try(:staff?)
post = finder.first
guardian.ensure_can_see!(post)
post
end
private
def create_params
permitted = [
:raw,
:topic_id,
:title,
:archetype,
:category,
:target_usernames,
:reply_to_post_number,
:image_sizes,
:auto_close_days
]
if api_key_valid?
# php seems to be sending this incorrectly, don't fight with it
params[:skip_validations] = params[:skip_validations].to_s == "true"
permitted << :skip_validations
end
params.require(:raw)
params.permit(*permitted).tap do |whitelisted|
# TODO this does not feel right, we should name what meta_data is allowed
whitelisted[:meta_data] = params[:meta_data]
end
end
end