diff options
| author | re4k <re4k@re4k.info> | 2013-05-06 13:34:09 +0900 |
|---|---|---|
| committer | re4k <re4k@re4k.info> | 2013-05-06 13:34:09 +0900 |
| commit | af3990115b393efed9bf1c90fdb6648e3a1e1ef0 (patch) | |
| tree | 87cc8cf10091bc094b68fe75ea7202615848acca /app | |
| parent | f5cb96795352731404ce4ea15e707ebcb55053a9 (diff) | |
| download | aclog-af3990115b393efed9bf1c90fdb6648e3a1e1ef0.tar.gz | |
add protected user support (temp)
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/application_controller.rb | 23 | ||||
| -rw-r--r-- | app/controllers/tweets_controller.rb | 5 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 1 | ||||
| -rw-r--r-- | app/models/account.rb | 5 |
4 files changed, 32 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 912bbdd..0ed7cf0 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- class ApplicationController < ActionController::Base protect_from_forgery - before_filter :set_format + before_filter :set_format, :check_session after_filter :xhtml protected @@ -13,6 +13,21 @@ class ApplicationController < ActionController::Base end end + def authorized_to_show?(user) + case + when (not user.protected?) + true + when (not session[:user_id]) + false + when user.id == session[:user_id] + true + when session[:account].following?(user) + true + else + false + end + end + private def set_format unless [:json, :html].include?(request.format.to_sym) @@ -20,6 +35,12 @@ class ApplicationController < ActionController::Base end end + def check_session + if (session[:user_id] || session[:account]) and not (session[:user_id] && session[:account]) + reset_session + end + end + def xhtml if request.format == :html response.content_type = "application/xhtml+xml" diff --git a/app/controllers/tweets_controller.rb b/app/controllers/tweets_controller.rb index 10facaa..ec18157 100644 --- a/app/controllers/tweets_controller.rb +++ b/app/controllers/tweets_controller.rb @@ -6,7 +6,6 @@ class TweetsController < ApplicationController # GET /api/tweets/show def show tweet_required - @user = @tweet.user @caption = "#{@user.screen_name}'s Tweet" text = ApplicationController.helpers.format_tweet_text(@tweet.text) @@ -99,6 +98,7 @@ class TweetsController < ApplicationController def user_optional @user = _get_user(params[:user_id], params[:screen_name]) + raise Aclog::Exceptions::UserProtected unless authorized_to_show?(@user) end def user_required @@ -109,11 +109,14 @@ class TweetsController < ApplicationController def user_b_required @user_b = _get_user(params[:user_id_b], params[:screen_name_b]) raise Aclog::Exceptions::UserNotFound unless @user_b + raise Aclog::Exceptions::UserProtected unless authorized_to_show?(@user) end def tweet_required @tweet = Tweet.find_by(id: params[:id]) raise Aclog::Exceptions::TweetNotFound unless @tweet + @user = @tweet.user + raise Aclog::Exceptions::UserProtected unless authorized_to_show?(@user) end def set_user_limit diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 4910294..52eecdc 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -31,5 +31,6 @@ class UsersController < ApplicationController def user_required @user = _get_user(params[:id] || params[:user_id], params[:screen_name]) raise Aclog::Exceptions::UserNotFound unless @user + raise Aclog::Exceptions::UserProtected unless authorized_to_show?(@user) end end diff --git a/app/models/account.rb b/app/models/account.rb index 2b988bf..7eab2e8 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -47,4 +47,9 @@ class Account < ActiveRecord::Base Retweet.from_tweet_object(status) end end + + def following?(target_user) + client.friendship?(user_id, target_user.id) + end end + |