Skip to content
Extraits de code Groupes Projets
Valider ae106e71 rédigé par Sarah Mei's avatar Sarah Mei
Parcourir les fichiers

Move sort order to a before filter, because this index method is waaaaay too big.

parent 4d0338ef
Aucune branche associée trouvée
Aucune étiquette associée trouvée
Aucune requête de fusion associée trouvée
......@@ -4,6 +4,7 @@
class AspectsController < ApplicationController
before_filter :authenticate_user!
before_filter :save_sort_order, :only => :index
respond_to :html
respond_to :json, :only => [:show, :create]
......@@ -15,33 +16,27 @@ class AspectsController < ApplicationController
else
@aspects = current_user.aspects.includes(:contacts => {:person => :profile})
end
@selected_contacts = @aspects.inject([]){|arr, aspect| arr.concat(aspect.contacts)}
@selected_contacts = @aspects.inject([]) { |arr, aspect| arr.concat(aspect.contacts) }
@selected_contacts.uniq!
# redirect to signup
if (current_user.getting_started == true || @aspects.blank?) && !request.format.mobile? && !request.format.js?
redirect_to getting_started_path
else
if params[:sort_order].blank? and session[:sort_order].blank?
session[:sort_order] = 'updated_at'
elsif not params[:sort_order].blank? and not session[:sort_order] == params[:sort_order]
session[:sort_order] = params[:sort_order] == 'created_at' ? 'created_at' : 'updated_at'
end
sort_order = session[:sort_order] == 'created_at' ? 'created_at' : 'updated_at'
@aspect_ids = @aspects.map{|a| a.id}
@aspect_ids = @aspects.map { |a| a.id }
@posts = StatusMessage.joins(:aspects).where(:pending => false,
:aspects => {:id => @aspect_ids}).includes(:comments, :photos, :likes, :dislikes).select('DISTINCT `posts`.*').paginate(
:page => params[:page], :per_page => 15, :order => sort_order + ' DESC')
:aspects => {:id => @aspect_ids}).includes(:comments, :photos, :likes, :dislikes).select('DISTINCT `posts`.*').paginate(
:page => params[:page], :per_page => 15, :order => session[:sort_order] + ' DESC')
@fakes = PostsFake.new(@posts)
@contact_count = current_user.contacts.count
@aspect = :all unless params[:a_ids]
@aspect ||= @aspects.first #used in mobile
end
end
def create
@aspect = current_user.aspects.create(params[:aspect])
#hack, we don't know why mass assignment is not working
......@@ -61,12 +56,12 @@ class AspectsController < ApplicationController
respond_to do |format|
format.js { render :json => {:html => render_to_string(
:partial => 'aspects/aspect_list_item',
:locals => {:aspect => @aspect,
:person => @person,
:contact => @contact}
), :aspect_id => @aspect.id},:status => 201 }
end
:partial => 'aspects/aspect_list_item',
:locals => {:aspect => @aspect,
:person => @person,
:contact => @contact}
), :aspect_id => @aspect.id}, :status => 201 }
end
else
respond_with @aspect
end
......@@ -85,10 +80,10 @@ class AspectsController < ApplicationController
begin
current_user.drop_aspect @aspect
flash[:notice] = I18n.t 'aspects.destroy.success',:name => @aspect.name
flash[:notice] = I18n.t 'aspects.destroy.success', :name => @aspect.name
redirect_to aspects_path
rescue ActiveRecord::StatementInvalid => e
flash[:error] = I18n.t 'aspects.destroy.failure',:name => @aspect.name
flash[:error] = I18n.t 'aspects.destroy.failure', :name => @aspect.name
redirect_to aspects_path
end
end
......@@ -104,7 +99,7 @@ class AspectsController < ApplicationController
def edit
@aspect = current_user.aspects.where(:id => params[:id]).includes(:contacts => {:person => :profile}).first
@contacts = current_user.contacts.includes(:person => :profile).all.sort!{|x, y| x.person.name <=> y.person.name}.reverse!
@contacts = current_user.contacts.includes(:person => :profile).all.sort! { |x, y| x.person.name <=> y.person.name }.reverse!
unless @aspect
render :file => "#{Rails.root}/public/404.html", :layout => false, :status => 404
else
......@@ -124,13 +119,13 @@ class AspectsController < ApplicationController
def update
@aspect = current_user.aspects.where(:id => params[:id]).first
if @aspect.update_attributes!( params[:aspect] )
if @aspect.update_attributes!(params[:aspect])
#hack, we don't know why mass assignment is not working
@aspect.contacts_visible = params[:aspect][:contacts_visible]
@aspect.save
flash[:notice] = I18n.t 'aspects.update.success',:name => @aspect.name
flash[:notice] = I18n.t 'aspects.update.success', :name => @aspect.name
else
flash[:error] = I18n.t 'aspects.update.failure',:name => @aspect.name
flash[:error] = I18n.t 'aspects.update.failure', :name => @aspect.name
end
respond_with @aspect
......@@ -146,4 +141,16 @@ class AspectsController < ApplicationController
end
@aspect.save
end
protected
def save_sort_order
if params[:sort_order].present?
session[:sort_order] = (params[:sort_order] == 'created_at') ? 'created_at' : 'updated_at'
elsif session[:sort_order].blank?
session[:sort_order] = 'updated_at'
else
session[:sort_order] = (session[:sort_order] == 'created_at') ? 'created_at' : 'updated_at'
end
end
end
......@@ -126,6 +126,13 @@ describe AspectsController do
get :index, :sort_order => "updated_at"
assigns(:posts).should == @posts
end
it "doesn't allow SQL injection" do
get :index, :sort_order => "\"; DROP TABLE users;"
assigns(:posts).should == @posts
get :index, :sort_order => "created_at"
assigns(:posts).should == @posts.reverse
end
end
it "returns all posts by default" do
......
0% Chargement en cours ou .
You are about to add 0 people to the discussion. Proceed with caution.
Terminez d'abord l'édition de ce message.
Veuillez vous inscrire ou vous pour commenter