From 47e3b72937b43b7e53ccb4e74bab45832fb84883 Mon Sep 17 00:00:00 2001 From: Matchu Date: Fri, 15 Jul 2011 16:15:57 -0400 Subject: [PATCH] restructure backend of closet hanger quantity updates --- app/controllers/application_controller.rb | 8 +++ app/controllers/closet_hangers_controller.rb | 61 +++++++++----------- app/views/items/show.html.haml | 2 +- config/routes.rb | 6 +- public/403.html | 28 +++++++++ 5 files changed, 69 insertions(+), 36 deletions(-) create mode 100644 public/403.html diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4543f7c7..6c9a3e5e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,5 +10,13 @@ class ApplicationController < ActionController::Base def can_use_image_mode? user_signed_in? && current_user.image_mode_tester? end + + class AccessDenied < StandardError;end + + rescue_from AccessDenied, :with => :on_access_denied + + def on_access_denied + render :file => 'public/403.html', :layout => false, :status => :forbidden + end end diff --git a/app/controllers/closet_hangers_controller.rb b/app/controllers/closet_hangers_controller.rb index cc9e1a76..eb059dda 100644 --- a/app/controllers/closet_hangers_controller.rb +++ b/app/controllers/closet_hangers_controller.rb @@ -1,50 +1,45 @@ class ClosetHangersController < ApplicationController - before_filter :find_item, :only => [:create, :update] - - def create - @closet_hanger = new_hanger - save_hanger! - end - - def update - begin - @closet_hanger = @item.closet_hangers.find(params[:id]) - @closet_hanger.attributes = params[:closet_hanger] - rescue ActiveRecord::RecordNotFound - # Since updating a hanger is really just changing an item quantity, if - # for some reason this hanger doesn't exist (like if user left a tab - # open), we can still create a new hanger and do the job the user wants - @closet_hanger = new_hanger - end - save_hanger! - end + before_filter :authorize_user!, :only => [:set_quantity] def index @user = User.find params[:user_id] @closet_hangers = @user.closet_hangers.alphabetical_by_item_name.includes(:item) end - protected - - def find_item + # Since the user does not care about the idea of a hanger, but rather the + # quantity of an item they own, the user would expect a create form to work + # even after the record already exists, and an update form to work even after + # the record is deleted. So, create and update are aliased, and both find + # the record if it exists or create a new one if it does not. + # + # This is kinda a violation of REST. It's not worth breaking user + # expectations, though, and I can't really think of a genuinely RESTful way + # to pull this off. + def update @item = Item.find params[:item_id] - end + @closet_hanger = current_user.closet_hangers.find_or_initialize_by_item_id(@item.id) + @closet_hanger.attributes = params[:closet_hanger] - def new_hanger - current_user.closet_hangers.find_or_initialize_by_item_id(@item.id, params[:closet_hanger]) - end - - def save_hanger! - if @closet_hanger.quantity == 0 + unless @closet_hanger.quantity == 0 # save the hanger, new record or not + if @closet_hanger.save + flash[:success] = "Success! You own #{@closet_hanger.quantity} #{@item.name.pluralize}." + else + flash[:alert] = "We couldn't save how many of this item you own: #{@closet_hanger.errors.full_messages.to_sentence}" + end + else # delete the hanger since the user doesn't want it @closet_hanger.destroy flash[:success] = "Success! You do not own #{@item.name}." - elsif @closet_hanger.save - flash[:success] = "Success! You own #{@closet_hanger.quantity} #{@item.name.pluralize}." - else - flash[:alert] = "We couldn't save how many of this item you own: #{@closet_hanger.errors.full_messages.to_sentence}" end redirect_to @item end + + alias_method :create, :update + + protected + + def authorize_user! + raise AccessDenied unless user_signed_in? && current_user.id == params[:user_id].to_i + end end diff --git a/app/views/items/show.html.haml b/app/views/items/show.html.haml index a9589995..81c99120 100644 --- a/app/views/items/show.html.haml +++ b/app/views/items/show.html.haml @@ -13,7 +13,7 @@ = link_to 'NeoItems', neoitems_url_for(@item), :class => 'button' - if @hanger - = form_for([@item, @hanger], :html => {:id => 'closet-hanger-form'}) do |f| + = form_for(@hanger, :url => user_item_closet_hanger_path(current_user, @item), :html => {:id => 'closet-hanger-form'}) do |f| = f.label :quantity, "How many of these do you own?" = f.number_field :quantity, :min => 0, :required => true = f.submit "Save" diff --git a/config/routes.rb b/config/routes.rb index 9189fe2a..6dbb1921 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -19,8 +19,6 @@ OpenneoImpressItems::Application.routes.draw do |map| collection do get :needed end - - resources :closet_hangers, :only => [:create, :update] end resources :outfits, :only => [:show, :create, :update, :destroy] resources :pet_attributes, :only => [:index] @@ -40,6 +38,10 @@ OpenneoImpressItems::Application.routes.draw do |map| resources :user, :only => [] do resources :contributions, :only => [:index] resources :closet_hangers, :only => [:index], :path => 'closet' + + resources :items, :only => [] do + resource :closet_hanger, :only => [:create, :update] + end end match 'users/top-contributors' => 'users#top_contributors', :as => :top_contributors diff --git a/public/403.html b/public/403.html new file mode 100644 index 00000000..0ccf5383 --- /dev/null +++ b/public/403.html @@ -0,0 +1,28 @@ + + + + You do not have permission to access this page (403) + + + + + +
+

You do not have permission to access this page.

+

This resource might belong to another user, or your session may have expired.

+

Try logging in again.

+
+ + +