diff options
author | rhenium <re4k@re4k.info> | 2013-05-30 00:54:47 +0900 |
---|---|---|
committer | rhenium <re4k@re4k.info> | 2013-05-30 00:54:47 +0900 |
commit | 75e30f750533af57057fd5a9b7f725218f4be7d0 (patch) | |
tree | 9f6f379530d75aeb12b705edbb00c98d03ac8271 /app/controllers/application_controller.rb | |
parent | 8d0657441ad76b23684d13f8790df2a3c0cb84ff (diff) | |
download | aclog-75e30f750533af57057fd5a9b7f725218f4be7d0.tar.gz |
add private account (!= protected Twitter account) feature
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r-- | app/controllers/application_controller.rb | 50 |
1 files changed, 35 insertions, 15 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 70d2075..bd7112a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,7 +5,7 @@ class ApplicationController < ActionController::Base protect_from_forgery before_filter :check_format, :check_session after_filter :xhtml - helper_method :authorized_to_show? + helper_method :authorized_to_show_user?, :authorized_to_show_best? protected def _get_user(id, screen_name) @@ -16,25 +16,45 @@ class ApplicationController < ActionController::Base end end - def authorized_to_show?(user) - return true unless user.protected? - - if session[:user_id] - return session[:user_id] == user.id || session[:account].following?(user.id) - elsif request.headers["X-Verify-Credentials-Authorization"] - # OAuth Echo - user_id = authenticate_with_twitter_oauth_echo - account = Account.find_by(user_id: user_id) - if account - return account.user_id == user.id || account.following?(user.id) + def authorized_to_show_user?(user) + @authorized_to_show_user ||= {} + @authorized_to_show_user[user.id] ||= begin + if !user.protected? + true + elsif session[:user_id] == user.id + true + elsif session[:account] && session[:account].following?(user.id) + true + elsif request.headers["X-Verify-Credentials-Authorization"] + # OAuth Echo + user_id = authenticate_with_twitter_oauth_echo + account = Account.find_by(user_id: user_id) + if account && (account.user_id == user.id || account.following?(user.id)) + true + else + false + end else - return false + false end - else - return false end end + def authorized_to_show_best?(user) + authorized_to_show_user?(user) && user.registered? && (!user.account.private? || user.id == session[:user_id]) + end + + def authorize_to_show_user!(user) + authorized_to_show_user?(user) or raise Aclog::Exceptions::UserProtected + end + + def authorize_to_show_best!(user) + authorize_to_show_user!(user) + raise Aclog::Exceptions::UserNotRegistered unless user.registered? + raise Aclog::Exceptions::AccountPrivate if user.account.private? && user.id != session[:user_id] + true + end + private def check_format unless request.format == :html || request.format == :json || request.format == :rss |