Files
fizzy/app/controllers/comments_controller.rb
T
Kevin McConnell 49fa8b21a6 Move current user check to controller
This is necessary to a) ensure people can't edit/delete comments they
don't own, and b) make the comment partial cacheable.
2025-03-03 17:04:16 +00:00

44 lines
868 B
Ruby

class CommentsController < ApplicationController
include BubbleScoped, BucketScoped
before_action :set_comment, only: [ :show, :edit, :update, :destroy ]
before_action :require_own_comment, only: [ :edit, :update, :destroy ]
def create
@bubble.capture new_comment
end
def show
end
def edit
end
def update
@comment.update! comment_params
end
def destroy
@comment.destroy
redirect_to @bubble
end
private
def comment_params
params.require(:comment).permit(:body)
end
def new_comment
Comment.new(comment_params)
end
def set_comment
@comment = Comment.joins(:message)
.where(messages: { bubble_id: @bubble.id })
.find(params[:id])
end
def require_own_comment
head :forbidden unless @comment.creator.current?
end
end