Skip to content
Snippets Groups Projects
Select Git revision
  • 3febd5773dade65b00087b0644d9d3ab7128f1b8
  • eip-develop default
  • 0valt/tour-fixes
  • 0valt/1815/tags-ordering
  • develop
  • 0valt/voting-improvements
  • art/mod-spam-tools
  • 0valt/1459/draft-discard
  • 0valt/1790/preferences
  • 0valt/query-optimizations
  • 0valt/1809/settings-wrap
  • 0valt/1805/sign-in-redirect-fix
  • 0valt/1804/kbd
  • 0valt/1292/flag-modal
  • MoshiKoi/1025/remove-special-case-notifying-author-of-threads
  • 0valt/1783/collection-caching
  • 0valt/notifications-fix
  • 0valt/1040/in-page-follow
  • trichoplax/1567/associate-checkboxes-with-their-labels
  • trichoplax/simplify-post-followed-by-user-method
  • trichoplax/correctly-name-system-test-as-plural
  • 0valt/1787/new-thread-validation
  • v0.12.2
  • v0.12.1
  • v0.12.0
  • v0.11.0
  • v0.10.0
  • v0.9.0
  • v0.8.0
  • v0.7.0
  • v0.6.1
  • v0.6.0
  • v0.5.0
  • v0.4.0
  • v0.3.0
  • v1.0
36 results

api_import.rb

Blame
    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    votes_controller.rb 2.34 KiB 
    # Web controller. Provides actions for using voting features - essentially a stripped-down and renamed version of the
# standard resource set.
class VotesController < ApplicationController
  before_action :auth_for_voting

  def create
    post = Post.find(params[:post_id])

    if post.user == current_user && !SiteSetting['AllowSelfVotes']
      render(json: { status: 'failed', message: 'You may not vote on your own posts.' }, status: 403) && return
    end

    recent_votes = Vote.where(created_at: 24.hours.ago..Time.now, user: current_user).count
    max_votes_per_day = SiteSetting['FreeVotes'] + (@current_user.reputation - SiteSetting['NewUserInitialRep'])

    unless post.parent&.user_id == current_user.id
      if recent_votes >= max_votes_per_day
        vote_limit_msg = 'You have used your daily vote limit of ' + recent_votes.to_s + 'votes. Gain more reputation' \
                         ' or come back tomorrow to continue voting.'

        if max_votes_per_day <= 0
          vote_limit_msg = 'You need to gain some reputation on this site before you can start voting.'
        end

        render json: { status: 'failed', message: vote_limit_msg }, status: 403
        return
      end
    end

    destroyed = post.votes.where(user: current_user).destroy_all
    vote = post.votes.create(user: current_user, vote_type: params[:vote_type].to_i, recv_user: post.user)

    if vote.errors.any?
      render json: { status: 'failed', message: vote.errors.full_messages.join('. ') }, status: 403
      return
    end

    modified = !destroyed.empty?
    state = { status: (modified ? 'modified' : 'OK'), vote_id: vote.id, upvotes: post.upvote_count,
              downvotes: post.downvote_count }

    render json: state
  end

  def destroy
    vote = Vote.find params[:id]
    post = vote.post

    if vote.user != current_user
      render(json: { status: 'failed', message: 'You are not authorized to remove this vote.' }, status: 403) && return
    end

    if vote.destroy
      render json: { status: 'OK', upvotes: post.upvote_count, downvotes: post.downvote_count }
    else
      render json: { status: 'failed', message: vote.errors.full_messages.join('. ') }, status: 403
    end
  end

  private

  def auth_for_voting
    unless user_signed_in?
      render json: { status: 'failed', message: 'You must be logged in to vote.' }, status: 403
    end
  end
end