Diff
Modified: trunk/app/controllers/user_reports_controller.rb (3509 => 3510)
--- trunk/app/controllers/user_reports_controller.rb 2013-04-12 13:36:00 UTC (rev 3509)
+++ trunk/app/controllers/user_reports_controller.rb 2013-04-12 13:40:19 UTC (rev 3510)
@@ -9,34 +9,23 @@
def create
UserReport.create(:user => current_user, :subject => @object)
- render(:text => '[ reported ]')
+ render(:text => '[ reported ]', :status => 200)
end
private
def find_object
-
- # ensure that user is logged in and that params[:user_id] matches
- return error if (current_user == 0 || (current_user.id.to_s != params[:user_id]))
-
# ensure that the object type is valid
- return error unless ["Comment", "Message"].include?(params[:subject_type])
+ unless ["Comment", "Message"].include?(params[:subject_type])
+ render(:nothing => true, :status => 400)
+ else
+ @object = Object.const_get(params[:subject_type]).find_by_id(params[:subject_id])
- object = Object.const_get(params[:subject_type]).find(params[:subject_id])
-
- # ensure that the object exists
- return error if object.nil?
-
- # ensure that the object is visible to the user
- return error unless Authorization.check('view', object, current_user)
-
- @object = object
-
- true
+ if @object.nil?
+ render(:text => "Report failed. #{params[:subject_type]} not found.", :status => 404)
+ elsif !Authorization.check('view', @object, current_user)
+ render(:text => "Report failed. You are not authorized to view this #{params[:subject_type]}.", :status => 401)
+ end
+ end
end
-
- def error
- render(:text => '400 Bad Request', :status => "400 Bad Request")
- end
end
-
Modified: trunk/app/views/comments/_comment.rhtml (3509 => 3510)
--- trunk/app/views/comments/_comment.rhtml 2013-04-12 13:36:00 UTC (rev 3509)
+++ trunk/app/views/comments/_comment.rhtml 2013-04-12 13:40:19 UTC (rev 3510)
@@ -16,7 +16,7 @@
</tr>
<tr>
<td style="text-align: right; padding-right: 1em;">
- <%= render(:partial => 'contributions/user_report', :locals => { :subject => comment, :user => current_user }) -%>
+ <%= render(:partial => 'contributions/user_report', :locals => { :subject => comment }) -%>
<% if Authorization.check('destroy', comment, current_user) %>
<small>
[
Modified: trunk/app/views/contributions/_user_report.rhtml (3509 => 3510)
--- trunk/app/views/contributions/_user_report.rhtml 2013-04-12 13:36:00 UTC (rev 3509)
+++ trunk/app/views/contributions/_user_report.rhtml 2013-04-12 13:40:19 UTC (rev 3510)
@@ -1,6 +1,6 @@
-<% if user != 0 %>
+<% if current_user %>
<% div_name = "report#{subject.class.name}#{subject.id}" %>
- <% if UserReport.find_by_user_id_and_subject_type_and_subject_id(user.id, subject.class.name, subject.id) %>
+ <% if UserReport.find_by_user_id_and_subject_type_and_subject_id(current_user.id, subject.class.name, subject.id) %>
<small>
[ reported ]
</small>
@@ -9,7 +9,7 @@
[
<%= link_to_remote('report',
:update => div_name,
- :url ="" "/users/#{user.id}/reports?subject_type=#{subject.class.name}&subject_id=#{subject.id}",
+ :url ="" "/users/#{current_user.id}/reports?subject_type=#{subject.class.name}&subject_id=#{subject.id}",
:method => :post,
:complete => "new Effect.Highlight('#{div_name}', { duration: 1.5 }); $('comment').value = '';",
:confirm => "Are you sure you want to report this?" ) %>
Modified: trunk/app/views/messages/show.rhtml (3509 => 3510)
--- trunk/app/views/messages/show.rhtml 2013-04-12 13:36:00 UTC (rev 3509)
+++ trunk/app/views/messages/show.rhtml 2013-04-12 13:40:19 UTC (rev 3510)
@@ -61,7 +61,7 @@
</div>
<div style="margin: 6px; text-align: right">
- <%= render(:partial => 'contributions/user_report', :locals => { :subject => @message, :user => current_user }) -%>
+ <%= render(:partial => 'contributions/user_report', :locals => { :subject => @message }) -%>
</div>
</div>