add private account (!= protected Twitter account) feature

author: rhenium <re4k@re4k.info> 2013-05-30 00:54:47 +0900
committer: rhenium <re4k@re4k.info> 2013-05-30 00:54:47 +0900
commit: 75e30f750533af57057fd5a9b7f725218f4be7d0 (patch)
tree: 9f6f379530d75aeb12b705edbb00c98d03ac8271 /app
parent: 8d0657441ad76b23684d13f8790df2a3c0cb84ff (diff)
download: aclog-75e30f750533af57057fd5a9b7f725218f4be7d0.tar.gz
9 files changed, 93 insertions, 55 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 70d2075..bd7112a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -5,7 +5,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery
   before_filter :check_format, :check_session
   after_filter :xhtml
-  helper_method :authorized_to_show?
+  helper_method :authorized_to_show_user?, :authorized_to_show_best?
 
   protected
   def _get_user(id, screen_name)
@@ -16,25 +16,45 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  def authorized_to_show?(user)
-    return true unless user.protected?
-
-    if session[:user_id]
-      return session[:user_id] == user.id || session[:account].following?(user.id)
-    elsif request.headers["X-Verify-Credentials-Authorization"]
-      # OAuth Echo
-      user_id = authenticate_with_twitter_oauth_echo
-      account = Account.find_by(user_id: user_id)
-      if account
-        return account.user_id == user.id || account.following?(user.id)
+  def authorized_to_show_user?(user)
+    @authorized_to_show_user ||= {}
+    @authorized_to_show_user[user.id] ||= begin
+      if !user.protected?
+        true
+      elsif session[:user_id] == user.id
+        true
+      elsif session[:account] && session[:account].following?(user.id)
+        true
+      elsif request.headers["X-Verify-Credentials-Authorization"]
+        # OAuth Echo
+        user_id = authenticate_with_twitter_oauth_echo
+        account = Account.find_by(user_id: user_id)
+        if account && (account.user_id == user.id || account.following?(user.id))
+          true
+        else
+          false
+        end
       else
-        return false
+        false
       end
-    else
-      return false
     end
   end
 
+  def authorized_to_show_best?(user)
+    authorized_to_show_user?(user) && user.registered? && (!user.account.private? || user.id == session[:user_id])
+  end
+
+  def authorize_to_show_user!(user)
+    authorized_to_show_user?(user) or raise Aclog::Exceptions::UserProtected
+  end
+
+  def authorize_to_show_best!(user)
+    authorize_to_show_user!(user)
+    raise Aclog::Exceptions::UserNotRegistered unless user.registered?
+    raise Aclog::Exceptions::AccountPrivate if user.account.private? && user.id != session[:user_id]
+    true
+  end
+
   private
   def check_format
     unless request.format == :html || request.format == :json || request.format == :rss
diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb
index 5ea964d..1a7eed9 100644
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@@ -31,6 +31,9 @@ class ErrorsController < ApplicationController
     when Aclog::Exceptions::OAuthEchoUnauthorized
       @status = 401
       @message = "OAuth Echo 認証に失敗しました。"
+    when Aclog::Exceptions::AccountPrivate
+      @status = 403
+      @message = "ユーザーの best は非公開です"
     when ActionController::RoutingError
       @status = 404
       @message = "このページは存在しません。"
diff --git a/app/controllers/tweets_controller.rb b/app/controllers/tweets_controller.rb
index dc46d8a..b252406 100644
--- a/app/controllers/tweets_controller.rb
+++ b/app/controllers/tweets_controller.rb
@@ -1,32 +1,42 @@
 # -*- encoding: utf-8 -*-
 class TweetsController < ApplicationController
   before_filter :set_user_limit
+  helper_method :account_private?
 
   def show
     tweet_required
     @caption = "#{@user.screen_name}'s Tweet"
   end
 
+  def index
+    user_required
+    best rescue timeline
+  end
+
   def best
     user_required
+    check_public!
     @caption = "#{@user.screen_name}'s Best"
     @tweets = @user.tweets.reacted.order_by_reactions.list(params, force_page: true, cache: 3.minutes)
   end
 
   def favorited
     user_required
+    check_public!
     @caption = "#{@user.screen_name}'s Most Favorited"
     @tweets = @user.tweets.reacted.order_by_favorites.list(params, force_page: true, cache: 3.minutes)
   end
 
   def retweeted
     user_required
+    check_public!
     @caption = "#{@user.screen_name}'s Most Retweeted"
     @tweets = @user.tweets.reacted.order_by_retweets.list(params, force_page: true, cache: 3.minutes)
   end
 
   def recent
     user_required
+    check_public!
     @caption = "#{@user.screen_name}'s Recent Best"
     @tweets = @user.tweets.recent.reacted.order_by_reactions.list(params, force_page: true, cache: 3.minutes)
   end
@@ -78,14 +88,6 @@ class TweetsController < ApplicationController
   end
 
   private
-  def render(*args)
-    if lookup_context.exists?(params[:action], params[:controller])
-      super(*args)
-    else
-      super("_tweets")
-    end
-  end
-
   def user_required
     @user = _require_user(params[:user_id], params[:screen_name])
   end
@@ -97,8 +99,7 @@ class TweetsController < ApplicationController
   def tweet_required
     @tweet = Tweet.find_by(id: params[:id])
     raise Aclog::Exceptions::TweetNotFound unless @tweet
-    @user = @tweet.user
-    raise Aclog::Exceptions::UserProtected unless authorized_to_show?(@user)
+    @user = _require_user(@tweet.user_id, nil)
   end
 
   def set_user_limit
@@ -121,10 +122,22 @@ class TweetsController < ApplicationController
     end
   end
 
+  def check_public!
+    authorize_to_show_best!(@user)
+  end
+
+  def render(*args)
+    if lookup_context.exists?(params[:action], params[:controller])
+      super(*args)
+    else
+      super("_tweets")
+    end
+  end
+
   def _require_user(user_id, screen_name)
     user = _get_user(user_id, screen_name)
     raise Aclog::Exceptions::UserNotFound unless user
-    raise Aclog::Exceptions::UserProtected unless authorized_to_show?(user)
+    raise Aclog::Exceptions::UserProtected unless authorized_to_show_user?(user)
     user
   end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 98a28aa..7cdba1d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -8,6 +8,7 @@ class UsersController < ApplicationController
 
   def discovered_by
     user_required
+    authorize_to_show_best!(@user)
     @result = @user.count_discovered_by.take(Settings.user_ranking.count)
     @caption = "Discovered By"
     render "_user_ranking"
@@ -15,6 +16,7 @@ class UsersController < ApplicationController
 
   def discovered_users
     user_required
+    authorize_to_show_best!(@user)
     @result = @user.count_discovered_users.take(Settings.user_ranking.count)
     @caption = "Discovered Users"
     render "_user_ranking"
@@ -31,6 +33,5 @@ class UsersController < ApplicationController
   def user_required
     @user = _get_user(params[:id] || params[:user_id], params[:screen_name])
     raise Aclog::Exceptions::UserNotFound unless @user
-    raise Aclog::Exceptions::UserProtected unless authorized_to_show?(@user)
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 7009b59..ac35061 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -71,14 +71,8 @@ class User < ActiveRecord::Base
       ret.retweeted_count = retweeted_counts.sum
       ret.average_favorited_count = favorited_counts.inject(:+).to_f / ret.tweets_count
       ret.average_retweeted_count = retweeted_counts.inject(:+).to_f / ret.tweets_count
-
-      _conv = lambda do |i|
-        g = 10 ** (i.to_s.size - 4)
-        m = (i / g * g).to_i
-        "#{m}#{(m == i) ? "" : "+"}"
-      end
-      ret.retweeted_count_str = _conv.call(ret.retweeted_count)
-      ret.favorited_count_str = _conv.call(ret.favorited_count)
+      ret.retweeted_count_str = ret.retweeted_count.to_s
+      ret.favorited_count_str = ret.favorited_count.to_s
 
       ret
     end
diff --git a/app/views/layouts/_base.html.haml b/app/views/layouts/_base.html.haml
index 907bd45..7494f89 100644
--- a/app/views/layouts/_base.html.haml
+++ b/app/views/layouts/_base.html.haml
@@ -15,9 +15,9 @@
             %li
               = link_to "about", about_path
             - if logged_in?
-              %li= link_to "logout", logout_path
               %li= link_to "settings", settings_path
-              %li= link_to session[:account].user.screen_name, user_best_path(session[:account].user.screen_name)
+              %li= link_to "logout", logout_path
+              %li= link_to session[:account].user.screen_name, user_path(session[:account].user.screen_name)
             - else
               %li= link_to "login", "/i/login"
     .container
diff --git a/app/views/shared/sidebar/_users.html.haml b/app/views/shared/sidebar/_users.html.haml
index a23445a..dba837e 100644
--- a/app/views/shared/sidebar/_users.html.haml
+++ b/app/views/shared/sidebar/_users.html.haml
@@ -1,6 +1,6 @@
 .sidebar
   .avatar
-    = link_to user_best_path(@user.screen_name) do
+    = link_to user_path(@user.screen_name) do
       = image_tag @user.profile_image_url_original, alt: @user.screen_name, width: 64, height: 64, class: "icon img-rounded"
   .screen_name= link_to @user.screen_name, twitter_user_url(@user.screen_name)
   - if @user.registered?
@@ -22,16 +22,23 @@
       = "@#{@user.screen_name} has never signed in to aclog"
   .user_nav
     %ul.nav.nav-tabs.nav-stacked
-      - if @user.registered?
+      - if authorized_to_show_best?(@user)
+        %li
+          = link_to "best", user_path(@user.screen_name)
+        %li
+          = link_to "timeline", user_timeline_path(@user.screen_name)
+        %li
+          = link_to "discoveries", user_discoveries_path(@user.screen_name)
+        %li
+          = link_to "discovered by", user_discovered_by_path(@user.screen_name)
+        %li
+          = link_to "discovered users", user_discovered_users_path(@user.screen_name)
+        %li
+          = link_to "stats", user_stats_path(@user.screen_name)
+      - else
+        %li
+          = link_to "timeline", user_path(@user.screen_name)
+        %li
+          = link_to "discoveries", user_discoveries_path(@user.screen_name)
         %li
           = link_to "stats", user_stats_path(@user.screen_name)
-      %li
-        = link_to "best", user_best_path(@user.screen_name)
-      %li
-        = link_to "timeline", user_timeline_path(@user.screen_name)
-      %li
-        = link_to "discoveries", user_discoveries_path(@user.screen_name)
-      %li
-        = link_to "discovered by", user_discovered_by_path(@user.screen_name)
-      %li
-        = link_to "discovered users", user_discovered_users_path(@user.screen_name)
diff --git a/app/views/tweets/_tweet.html.haml b/app/views/tweets/_tweet.html.haml
index 8f6f4e8..b624080 100644
--- a/app/views/tweets/_tweet.html.haml
+++ b/app/views/tweets/_tweet.html.haml
@@ -2,7 +2,7 @@
   .tweet
     .left
       .avatar
-        = link_to user_best_path(tweet.user.screen_name) do
+        = link_to user_path(tweet.user.screen_name) do
           = image_tag tweet.user.profile_image_url, alt: tweet.user.screen_name, title: tweet.user.name
       %ul.inline.actions
         %li.twitter
@@ -12,10 +12,10 @@
     .tweet_content_fix
     .tweet_content
       .user
-        %span.nam= link_to tweet.user.name, user_best_path(tweet.user.screen_name)
-        %span.screen_name= link_to tweet.user.screen_name, user_best_path(tweet.user.screen_name)
+        %span.nam= link_to tweet.user.name, user_path(tweet.user.screen_name)
+        %span.screen_name= link_to tweet.user.screen_name, user_path(tweet.user.screen_name)
       .text
-        - if authorized_to_show?(tweet.user)
+        - if authorized_to_show_user?(tweet.user)
           = simple_format(format_tweet_text(tweet.text))
         - else
           %span.quiet
@@ -41,5 +41,5 @@
             %ul.inline
               - users.limit(@user_limit).each do |m|
                 %li
-                  = link_to user_best_path(m.screen_name) do
+                  = link_to user_path(m.screen_name) do
                     = image_tag m.profile_image_url, alt: m.screen_name, title: m.name
diff --git a/app/views/users/_user_ranking.html.haml b/app/views/users/_user_ranking.html.haml
index 0e57f2c..7ee34cc 100644
--- a/app/views/users/_user_ranking.html.haml
+++ b/app/views/users/_user_ranking.html.haml
@@ -4,7 +4,7 @@
       - target = User.find(user_id)
       %li
         .avatar
-          = link_to user_best_path(target.screen_name) do
+          = link_to user_path(target.screen_name) do
             = image_tag target.profile_image_url, alt: target.screen_name, title: target.name
         .data
           .count
author	rhenium <re4k@re4k.info>	2013-05-30 00:54:47 +0900
committer	rhenium <re4k@re4k.info>	2013-05-30 00:54:47 +0900
commit	75e30f750533af57057fd5a9b7f725218f4be7d0 (patch)
tree	9f6f379530d75aeb12b705edbb00c98d03ac8271 /app
parent	8d0657441ad76b23684d13f8790df2a3c0cb84ff (diff)
download	aclog-75e30f750533af57057fd5a9b7f725218f4be7d0.tar.gz