Skip to content
Snippets Groups Projects
Select Git revision
  • 325d30ede32383d07549f354f35d54cc2c08fe41
  • eip-develop default
  • 0valt/csrf
  • develop
  • dependabot/bundler/bundler-6d4d941ed1
  • dependabot/npm_and_yarn/npm_and_yarn-a48ea45f8c
  • 0valt/caching
  • art/mod-spam-tools
  • 0valt/keyboard
  • 0valt/1808/unnecessary-ajax
  • 0valt/assorted
  • 0valt/general-fixes
  • 0valt/tour-fixes
  • 0valt/1815/tags-ordering
  • 0valt/voting-improvements
  • 0valt/1459/draft-discard
  • 0valt/1790/preferences
  • 0valt/query-optimizations
  • 0valt/1809/settings-wrap
  • 0valt/1805/sign-in-redirect-fix
  • 0valt/1804/kbd
  • 0valt/1292/flag-modal
  • v0.12.2
  • v0.12.1
  • v0.12.0
  • v0.11.0
  • v0.10.0
  • v0.9.0
  • v0.8.0
  • v0.7.0
  • v0.6.1
  • v0.6.0
  • v0.5.0
  • v0.4.0
  • v0.3.0
  • v1.0
36 results

votes_controller.rb

Blame
    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    votes_controller.rb 1.50 KiB 
    # Web controller. Provides actions for using voting features - essentially a stripped-down and renamed version of the
# standard resource set.
class VotesController < ApplicationController
  before_action :auth_for_voting

  def create
    post = Post.find(params[:post_id])

    if post.user == current_user && !SiteSetting['AllowSelfVotes']
      render(json: { status: 'failed', message: 'You may not vote on your own posts.' }, status: 403) && return
    end

    destroyed = post.votes.where(user: current_user).destroy_all
    vote = post.votes.create(user: current_user, vote_type: params[:vote_type].to_i, recv_user: post.user)

    if vote.errors.any?
      render json: { status: 'failed', message: vote.errors.full_messages.join('. ') }, status: 403
      return
    end

    modified = !destroyed.empty?
    state = { status: (modified ? 'modified' : 'OK'), vote_id: vote.id, post_score: post.score }

    render json: state
  end

  def destroy
    vote = Vote.find params[:id]

    if vote.user != current_user
      render(json: { status: 'failed', message: 'You are not authorized to remove this vote.' }, status: 403) && return
    end

    if vote.destroy
      render json: { status: 'OK', post_score: vote.post.score }
    else
      render json: { status: 'failed', message: vote.errors.full_messages.join('. ') }, status: 403
    end
  end

  private

  def auth_for_voting
    unless user_signed_in?
      render json: { status: 'failed', message: 'You must be logged in to vote.' }, status: 403
    end
  end
end