Modified: branches/event_logging/app/helpers/application_helper.rb (1897 => 1898)
--- branches/event_logging/app/helpers/application_helper.rb 2008-10-29 14:06:39 UTC (rev 1897)
+++ branches/event_logging/app/helpers/application_helper.rb 2008-10-29 16:58:52 UTC (rev 1898)
@@ -1604,7 +1604,7 @@
# (get the name and the title if they do; exit otherwise)
user = User.find(user_id)
network = Network.find(network_id)
- network_admin = network.owner
+ network_admin = network.owner # safe to assume that owner still exists, because network can't exist without the owner
# check if viewing is allowed for the current viewer
if ["accept", "destroy"].include? action
@@ -1734,6 +1734,11 @@
end
if write_news_entry
+ # permission object exists, and it would provide at least "view" access for users that are affected by the permission;
+ # so only need to check if this permission is relevant to the current viewer of the news
+ #
+ # NB! This doesn't cover cases, where permission object doesn't allow any access - because it's filtered out
+ # in the previous step -> see above
shared_with_entity, shared_with_entity_path = evaluate_object_instance_and_path(log_entry.referenced_type, log_entry.referenced_id)
case shared_with_entity.class.to_s
when "User"
@@ -1798,8 +1803,8 @@
when "Bookmark"
if action == "create"
begin
- # information from the actual bookmark instance is not used directly, however if that was removed -
- # RecordNotFound exception will be thrown and the news item won't appear
+ # information from the actual bookmark instance is not used directly, however this check is required to ensure that -
+ # RecordNotFound exception will be thrown and the news item won't appear if the bookmark was subsequently removed after creation
bookmark = Bookmark.find(log_entry.activity_loggable_id)
object, object_path = evaluate_object_instance_and_path(log_entry.referenced_type, log_entry.referenced_id)
object_visible_name = contributable_name_from_instance(object)
@@ -1870,6 +1875,9 @@
object, object_path = evaluate_object_instance_and_path(creditation.creditable_type, creditation.creditable_id)
object_visible_name = contributable_name_from_instance(object)
+ # the news item to be displayed if the current viewer is allowed to see the affected contributable
+ authorized = ( my_event || object.authorized?("view", current_viewer) )
+
# wording for credit to the user themself follows a different pattern
if (log_entry.culprit_type == log_entry.referenced_type && log_entry.culprit_id == log_entry.referenced_id)
credited_whom = "themself"
@@ -1887,9 +1895,6 @@
end
end
- # the news item to be displayed if the current viewer is allowed to see the affected contributable
- authorized = ( my_event || object.authorized?("view", current_viewer) )
-
if authorized
rtn << [timestamp, "#{culprit_link} credited #{credited_whom} for #{link_to object_visible_name, object_path} #{model_visible_name(object.class.to_s)}."]
end
@@ -1948,7 +1953,7 @@
# check to see if the citation and the cited item are still present
citation = Citation.find(log_entry.activity_loggable_id)
- # HACK: only workflow can be cited & code is not generic
+ # HACK: only workflow can be cited & code here is not generic
object = Workflow.find(log_entry.referenced_id)
object_path = workflow_path(log_entry.referenced_id)
object_visible_name = contributable_name_from_instance(object)
@@ -2028,7 +2033,8 @@
def evaluate_object_instance_and_path(model_name, id)
- # evaluates the instance object and link to the page of it in the UI
+ # evaluates the instance object and link to the page of it in the UI;
+ # the next line would still throw ActiveRecord::RecordNotFound exception if object can't be found
instance = eval("#{model_name}.find(#{id})")
path = eval("#{model_visible_name(model_name).downcase}_path(#{id})")