rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
- actionpack-page_caching (1.1.0)
+ actionpack-page_caching (1.1.1)
actionpack (>= 4.0.0, < 6)
actionview (5.2.0)
activesupport (= 5.2.0)
bootsnap (1.3.2)
msgpack (~> 1.0)
builder (3.2.3)
+ cancancan (2.1.3)
canonical-rails (0.2.4)
rails (>= 4.1, < 5.3)
capybara (2.18.0)
crack (0.4.3)
safe_yaml (~> 1.0.0)
crass (1.0.4)
- dalli (2.7.8)
+ dalli (2.7.9)
debug_inspector (0.0.3)
+ delayed_job (4.1.5)
+ activesupport (>= 3.0, < 5.3)
+ delayed_job_active_record (4.1.3)
+ activerecord (>= 3.0, < 5.3)
+ delayed_job (>= 3.0, < 5)
docile (1.3.1)
dynamic_form (1.1.4)
erubi (1.7.1)
factory_bot_rails (4.11.1)
factory_bot (~> 4.11.1)
railties (>= 3.0.0)
- faraday (0.12.2)
+ faraday (0.15.3)
multipart-post (>= 1.2, < 3)
ffi (1.9.25)
fspath (3.1.0)
http_accept_language (2.0.5)
i18n (0.9.5)
concurrent-ruby (~> 1.0)
- i18n-js (3.0.11)
+ i18n-js (3.1.0)
i18n (>= 0.6.6, < 2)
- image_optim (0.26.2)
+ image_optim (0.26.3)
exifr (~> 1.2, >= 1.2.2)
fspath (~> 3.0)
image_size (>= 1.5, < 3)
rb-inotify (~> 0.9, >= 0.9.7)
ruby_dep (~> 1.2)
logstash-event (1.2.02)
- logstasher (1.2.2)
+ logstasher (1.3.0)
activesupport (>= 4.0)
logstash-event (~> 1.2.0)
request_store
- loofah (2.2.2)
+ loofah (2.2.3)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
- mail (2.7.0)
+ mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (0.3.3)
mimemagic (~> 0.3.2)
multi_xml (0.6.0)
multipart-post (2.0.0)
nio4r (2.3.1)
- nokogiri (1.8.4)
+ nokogiri (1.8.5)
mini_portile2 (~> 2.3.0)
- nokogumbo (1.5.0)
- nokogiri
+ nokogumbo (2.0.0)
+ nokogiri (~> 1.8, >= 1.8.4)
oauth (0.4.7)
oauth-plugin (0.5.1)
multi_json
oauth (~> 0.4.4)
oauth2 (>= 0.5.0)
rack
- oauth2 (1.4.0)
- faraday (>= 0.8, < 0.13)
- jwt (~> 1.0)
+ oauth2 (1.4.1)
+ faraday (>= 0.8, < 0.16.0)
+ jwt (>= 1.0, < 3.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
mimemagic (~> 0.3.0)
terrapin (~> 0.6.0)
parallel (1.12.1)
- parser (2.5.1.2)
+ parser (2.5.3.0)
ast (~> 2.4.0)
pg (0.21.0)
poltergeist (1.18.1)
cliver (~> 0.3.1)
websocket-driver (>= 0.2.0)
powerpack (0.1.2)
- progress (3.4.0)
- psych (3.0.2)
+ progress (3.5.0)
+ psych (3.0.3)
public_suffix (3.0.3)
puma (3.12.0)
quad_tile (1.0.1)
request_store (1.4.1)
rack (>= 1.4)
rinku (2.0.4)
- rotp (3.3.1)
- rubocop (0.59.1)
+ rotp (4.0.2)
+ addressable (~> 2.5)
+ rubocop (0.60.0)
jaro_winkler (~> 1.5.1)
parallel (~> 1.10)
parser (>= 2.5, != 2.5.1.1)
powerpack (~> 0.1)
rainbow (>= 2.2.2, < 4.0)
ruby-progressbar (~> 1.7)
- unicode-display_width (~> 1.0, >= 1.0.1)
+ unicode-display_width (~> 1.4.0)
ruby-openid (2.7.0)
ruby-progressbar (1.10.0)
ruby_dep (1.5.0)
safe_yaml (1.0.4)
- sanitize (4.6.6)
+ sanitize (5.0.0)
crass (~> 1.0.2)
- nokogiri (>= 1.4.4)
- nokogumbo (~> 1.4)
- sass (3.6.0)
- sass-listen (~> 4.0.0)
- sass-listen (4.0.0)
- rb-fsevent (~> 0.9, >= 0.9.4)
- rb-inotify (~> 0.9, >= 0.9.7)
- sassc (1.12.1)
+ nokogiri (>= 1.8.0)
+ nokogumbo (~> 2.0)
+ sassc (2.0.0)
ffi (~> 1.9.6)
- sass (>= 3.3.0)
- sassc-rails (1.3.0)
+ rake
+ sassc-rails (2.0.0)
railties (>= 4.0.0)
- sass
- sassc (~> 1.9)
- sprockets (> 2.11)
+ sassc (>= 2.0)
+ sprockets (> 3.0)
sprockets-rails
tilt
secure_headers (6.0.0)
thor (0.19.4)
thread_safe (0.3.6)
tilt (2.0.8)
- tins (1.16.3)
+ tins (1.17.0)
tzinfo (1.2.5)
thread_safe (~> 0.1)
uglifier (4.1.19)
unicode-display_width (1.4.0)
validates_email_format_of (1.6.3)
i18n
- vendorer (0.1.16)
+ vendorer (0.2.0)
webmock (3.4.2)
addressable (>= 2.3.6)
crack (>= 0.3.2)
websocket-driver (0.7.0)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.3)
- xpath (3.1.0)
+ xpath (3.2.0)
nokogiri (~> 1.8)
PLATFORMS
bigdecimal (~> 1.1.0)
binding_of_caller
bootsnap (>= 1.1.0)
+ cancancan
canonical-rails
capybara (~> 2.13)
coffee-rails (~> 4.2)
composite_primary_keys (~> 11.0.0)
coveralls
dalli
+ delayed_job_active_record
dynamic_form
factory_bot_rails
faraday
before_action :authorize_web
before_action :set_locale
- before_action :require_user, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
+
+ authorize_resource
+
before_action :lookup_user, :only => [:show, :comments]
before_action :check_database_readable
before_action :check_database_writable, :only => [:new, :edit, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
- before_action :require_administrator, :only => [:hide, :hidecomment]
before_action :allow_thirdparty_images, :only => [:new, :edit, :index, :show, :comments]
def new
# Notify current subscribers of the new comment
@entry.subscribers.visible.each do |user|
- Notifier.diary_comment_notification(@diary_comment, user).deliver_now if current_user != user
+ Notifier.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user
end
# Add the commenter to the subscribers if necessary
private
+ # This is required because, being a default-deny system, cancancan
+ # _cannot_ tell you the reason you were denied access; and so
+ # the "nice" feedback presenting next steps can't be gleaned from
+ # the exception
+ ##
+ # for the hide actions, require that the user is a administrator, or fill out
+ # a helpful error message and return them to the user page.
+ def deny_access(exception)
+ if current_user && exception.action.in?([:hide, :hidecomment])
+ flash[:error] = t("users.filter.not_an_administrator")
+ redirect_to :action => "show"
+ else
+ super
+ end
+ end
+
##
# return permitted diary entry parameters
def entry_params
params.require(:diary_comment).permit(:body)
end
- ##
- # require that the user is a administrator, or fill out a helpful error message
- # and return them to the user page.
- def require_administrator
- unless current_user.administrator?
- flash[:error] = t("users.filter.not_an_administrator")
- redirect_to :action => "show"
- end
- end
-
##
# decide on a location for the diary entry map
def set_map_location
projects / rails.git / commitdiff