app/controllers/posts_controller.rb

class PostsController < ApplicationController
  before_action :authenticate_user!, only: [:update, :destroy]
  before_action :authenticate_moderator, only: [:moderation]
  before_action :authenticate_moderator_if_post_not_approved, only: [:show]
  before_action :check_tenant_subscription, only: [:create, :update, :destroy]

  def index
    start_date = params[:start_date] ? Date.parse(params[:start_date]) : Date.parse('1970-01-01')
    end_date = params[:end_date] ? Date.parse(params[:end_date]) : Date.today

    posts = Post
      .select(
        :id,
        :title,
        :slug,
        :description,
        :post_status_id,
        'COUNT(DISTINCT likes.id) AS likes_count',
        'COUNT(DISTINCT comments.id) AS comments_count',
        '((LOG(COUNT(DISTINCT likes.id) + 1) + LOG(COUNT(DISTINCT comments.id) + 1)) + (EXTRACT(EPOCH FROM posts.created_at) / 45000)) AS hotness',
        "(SELECT COUNT(*) AS liked FROM likes WHERE likes.user_id=#{current_user ? current_user.id : -1} AND likes.post_id=posts.id)"
      )
      .left_outer_joins(:likes)
      .left_outer_joins(:comments)
      .group('posts.id')
      .where(board_id: params[:board_id] || Board.first.id)
      .where(created_at: start_date.beginning_of_day..end_date.end_of_day)
      .where(approval_status: "approved")
      .search_by_name_or_description(params[:search])
      .order_by(params[:sort_by])
      .page(params[:page])

    # apply post status filter if present
    posts = posts.where(post_status_id: params[:post_status_ids].map { |id| id == "0" ? nil : id }) if params[:post_status_ids].present?
    
    render json: posts
  end

  def create
    if anti_spam_checks || invalid_anonymous_submission
      render json: {
        error: t('errors.unknown')
      }, status: :unprocessable_entity
      return
    end

    # handle anonymous feedback
    approval_status = "pending"
    is_anonymous = params[:post][:is_anonymous]

    if Current.tenant.tenant_setting.feedback_approval_policy == "never_require_approval" ||
      (Current.tenant.tenant_setting.feedback_approval_policy == "anonymous_require_approval" && !is_anonymous) ||
      (user_signed_in? && current_user.moderator?)
      approval_status = "approved"
    end

    @post = Post.new(approval_status: approval_status)
    @post.assign_attributes(post_create_params(is_anonymous: is_anonymous))

    # handle attachments
    if Current.tenant.tenant_setting.allow_attachment_upload && params[:post][:attachments].present? && !is_anonymous
      @post.attachments.attach(params[:post][:attachments])
    end

    if @post.save
      Follow.create(post_id: @post.id, user_id: current_user.id) unless is_anonymous
      
      render json: @post, status: :created
    else
      render json: {
        error: @post.errors.full_messages
      }, status: :unprocessable_entity
    end
  end

  def show
    @post = Post
      .friendly
      .select(
        :id,
        :title,
        :slug,
        :description,
        :approval_status,
        :board_id,
        :user_id,
        :post_status_id,
        :created_at,
        :updated_at,
        'users.email as user_email',
        'users.full_name as user_full_name'
      )
      .eager_load(:user) # left outer join
      .find(params[:id])

    @post_statuses = PostStatus.select(:id, :name, :color).order(order: :asc)
    @board = @post.board

    @page_title = @post.title.length > 60 ? @post.title.slice(0, 60) + "..." : @post.title

    respond_to do |format|
      format.html

      format.json { render json: @post.as_json.merge(attachment_urls: @post.attachments.order(:created_at).map { |attachment| attachment.blob.url }) }
    end
  end

  def update
    @post = Post.find(params[:id])
    authorize @post
    
    @post.assign_attributes(post_update_params)

    # handle attachment deletion
    if params[:post][:attachments_to_delete].present? && @post.attachments.attached?
      @post.attachments.order(:created_at).each_with_index do |attachment, index|
        attachment.purge if params[:post][:attachments_to_delete].include?(index.to_s)
      end
    end

    # handle attachments
    if Current.tenant.tenant_setting.allow_attachment_upload && params[:post][:attachments].present?
      @post.attachments.attach(params[:post][:attachments])
    end

    if @post.save
      if @post.post_status_id_previously_changed?
        ExecutePostStatusChangeLogicWorkflow.new(
          user_id: current_user.id,
          post: @post,
          post_status_id: @post.post_status_id
        ).run
      end

      render json: @post.as_json.merge(attachment_urls: @post.attachments.order(:created_at).map { |attachment| attachment.blob.url })
    else
      render json: {
        error: @post.errors.full_messages
      }, status: :unprocessable_entity
    end
  end

  def destroy
    @post = Post.find(params[:id])
    authorize @post

    if @post.destroy
      render json: {
        id: @post.id,
      }, status: :accepted
    else
      render json: {
        error: @post.errors.full_messages
      }, status: :unprocessable_entity
    end
  end

  # Returns a list of posts for moderation in JSON
  def moderation
    posts = Post
      .select(
        :id,
        :title,
        :description,
        :slug,
        :approval_status,
        :user_id,
        :board_id,
        :created_at,
        'users.id as user_id', # required for avatar_url
        'users.email as user_email',
        'users.full_name as user_full_name'
      )
      .eager_load(:user)
      .where(approval_status: ["pending", "rejected"])
      .order_by(created_at: :desc)
      .limit(100)
      .includes(user: { avatar_attachment: :blob }) # Preload avatars

      posts = posts.map do |post|
      user_avatar_url = post.user.avatar.attached? ? post.user.avatar.blob.url : nil
      post.attributes.merge(user_avatar: user_avatar_url)
    end

    render json: posts
  end

  private

    def authenticate_moderator_if_post_not_approved
      post = Post.friendly.find(params[:id])
      authenticate_moderator unless post.approval_status == "approved"
    end

    def anti_spam_checks
      params[:post][:dnf1] != "" || params[:post][:dnf2] != "" || Time.now.to_i - params[:post][:form_rendered_at] < 2
    end

    def invalid_anonymous_submission
      (params[:post][:is_anonymous] == false && !user_signed_in?) || (params[:post][:is_anonymous] == true && Current.tenant.tenant_setting.allow_anonymous_feedback == false)
    end
    
    def post_create_params(is_anonymous: false)
      params
        .require(:post)
        .permit(policy(@post).permitted_attributes_for_create)
        .merge(user_id: is_anonymous ? nil : current_user.id)
    end

    def post_update_params
      params
        .require(:post)
        .permit(
          policy(@post)
            .permitted_attributes_for_update
            .concat([{ additional_params: [:attachments_to_delete] }])
        )
    end
end
Add new post form 2019-09-02 14:32:57 +02:00			`class PostsController < ApplicationController`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`before_action :authenticate_user!, only: [:update, :destroy]`
			`before_action :authenticate_moderator, only: [:moderation]`
			`before_action :authenticate_moderator_if_post_not_approved, only: [:show]`
Add billing (#329) 2024-05-03 18:11:07 +02:00			`before_action :check_tenant_subscription, only: [:create, :update, :destroy]`
Add post list 2019-09-02 19:26:34 +02:00
Add tests of controllers 2019-09-04 17:37:08 +02:00			`def index`
Add date filter to post list (#285) 2024-02-15 22:30:41 +01:00			`start_date = params[:start_date] ? Date.parse(params[:start_date]) : Date.parse('1970-01-01')`
			`end_date = params[:end_date] ? Date.parse(params[:end_date]) : Date.today`

Add post list 2019-09-02 19:26:34 +02:00			`posts = Post`
Implement hotness algorithm 2019-09-27 15:48:21 +02:00			`.select(`
			`:id,`
			`:title,`
Add slugs for Posts, Boards and OAuths (#321) 2024-04-05 18:23:31 +02:00			`:slug,`
Implement hotness algorithm 2019-09-27 15:48:21 +02:00			`:description,`
			`:post_status_id,`
			`'COUNT(DISTINCT likes.id) AS likes_count',`
			`'COUNT(DISTINCT comments.id) AS comments_count',`
			`'((LOG(COUNT(DISTINCT likes.id) + 1) + LOG(COUNT(DISTINCT comments.id) + 1)) + (EXTRACT(EPOCH FROM posts.created_at) / 45000)) AS hotness',`
			`"(SELECT COUNT(*) AS liked FROM likes WHERE likes.user_id=#{current_user ? current_user.id : -1} AND likes.post_id=posts.id)"`
			`)`
			`.left_outer_joins(:likes)`
General improvements to postlist and post 2019-09-21 11:17:58 +02:00			`.left_outer_joins(:comments)`
			`.group('posts.id')`
Improve post list filter by status (#267) 2024-01-25 14:50:39 +01:00			`.where(board_id: params[:board_id] \|\| Board.first.id)`
Add date filter to post list (#285) 2024-02-15 22:30:41 +01:00			`.where(created_at: start_date.beginning_of_day..end_date.end_of_day)`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`.where(approval_status: "approved")`
Models and controllers looks more like Rails 2019-09-09 16:50:33 +02:00			`.search_by_name_or_description(params[:search])`
Add sort by filter to post list (#271) 2024-01-26 17:43:24 +01:00			`.order_by(params[:sort_by])`
Add infinite scroll to post list 2019-09-04 21:12:07 +02:00			`.page(params[:page])`
Improve post list filter by status (#267) 2024-01-25 14:50:39 +01:00
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`# apply post status filter if present`
			`posts = posts.where(post_status_id: params[:post_status_ids].map { \|id\| id == "0" ? nil : id }) if params[:post_status_ids].present?`
Add post list 2019-09-02 19:26:34 +02:00
Refactor controllers and uncomment an authorization check 2019-09-04 15:24:15 +02:00			`render json: posts`
Add post list 2019-09-02 19:26:34 +02:00			`end`
Add new post form 2019-09-02 14:32:57 +02:00
			`def create`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`if anti_spam_checks \|\| invalid_anonymous_submission`
			`render json: {`
			`error: t('errors.unknown')`
			`}, status: :unprocessable_entity`
			`return`
			`end`

			`# handle anonymous feedback`
			`approval_status = "pending"`
			`is_anonymous = params[:post][:is_anonymous]`

			`if Current.tenant.tenant_setting.feedback_approval_policy == "never_require_approval" \|\|`
			`(Current.tenant.tenant_setting.feedback_approval_policy == "anonymous_require_approval" && !is_anonymous) \|\|`
			`(user_signed_in? && current_user.moderator?)`
			`approval_status = "approved"`
			`end`

			`@post = Post.new(approval_status: approval_status)`
			`@post.assign_attributes(post_create_params(is_anonymous: is_anonymous))`
Add new post form 2019-09-02 14:32:57 +02:00
add image upload to posts 2025-01-28 16:55:48 +01:00			`# handle attachments`
disable image upload for anonymous feedback 2025-02-05 15:51:37 +01:00			`if Current.tenant.tenant_setting.allow_attachment_upload && params[:post][:attachments].present? && !is_anonymous`
add image upload to posts 2025-01-28 16:55:48 +01:00			`@post.attachments.attach(params[:post][:attachments])`
			`end`

Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`if @post.save`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`Follow.create(post_id: @post.id, user_id: current_user.id) unless is_anonymous`
Post follow and updates notifications V1 (#111) * It is now possible to follow a post in order to receive updates about it * Notifications are now sent when updates are published * Post status changes are now tracked * Update sidebar now shows the post status history * Mark a comment as a post update using the comment form * ... more ... 2022-05-28 11:03:36 +02:00
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`render json: @post, status: :created`
Add new post form 2019-09-02 14:32:57 +02:00			`else`
Refactor controllers and uncomment an authorization check 2019-09-04 15:24:15 +02:00			`render json: {`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`error: @post.errors.full_messages`
Refactor controllers and uncomment an authorization check 2019-09-04 15:24:15 +02:00			`}, status: :unprocessable_entity`
Add new post form 2019-09-02 14:32:57 +02:00			`end`
			`end`

Add basic version of post show page 2019-09-12 15:51:45 +02:00			`def show`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`@post = Post`
Add slugs for Posts, Boards and OAuths (#321) 2024-04-05 18:23:31 +02:00			`.friendly`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`.select(`
			`:id,`
			`:title,`
Add slugs for Posts, Boards and OAuths (#321) 2024-04-05 18:23:31 +02:00			`:slug,`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`:description,`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`:approval_status,`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`:board_id,`
			`:user_id,`
			`:post_status_id,`
			`:created_at,`
			`:updated_at,`
			`'users.email as user_email',`
			`'users.full_name as user_full_name'`
			`)`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`.eager_load(:user) # left outer join`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`.find(params[:id])`
add image upload to posts 2025-01-28 16:55:48 +01:00
Fix bug in post status edit 2019-09-19 14:00:34 +02:00			`@post_statuses = PostStatus.select(:id, :name, :color).order(order: :asc)`
Improve style consistency 2019-09-27 11:40:33 +02:00			`@board = @post.board`
Add basic version of post show page 2019-09-12 15:51:45 +02:00
Change page title based on current page (#269) 2024-01-26 17:35:00 +01:00			`@page_title = @post.title.length > 60 ? @post.title.slice(0, 60) + "..." : @post.title`

Add basic version of post show page 2019-09-12 15:51:45 +02:00			`respond_to do \|format\|`
			`format.html`

enable deletion of post attachments 2025-02-04 14:29:33 +01:00			`format.json { render json: @post.as_json.merge(attachment_urls: @post.attachments.order(:created_at).map { \|attachment\| attachment.blob.url }) }`
Add basic version of post show page 2019-09-12 15:51:45 +02:00			`end`
			`end`

			`def update`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`@post = Post.find(params[:id])`
			`authorize @post`
Post follow and updates notifications V1 (#111) * It is now possible to follow a post in order to receive updates about it * Notifications are now sent when updates are published * Post status changes are now tracked * Update sidebar now shows the post status history * Mark a comment as a post update using the comment form * ... more ... 2022-05-28 11:03:36 +02:00
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`@post.assign_attributes(post_update_params)`
Add basic version of post show page 2019-09-12 15:51:45 +02:00
enable deletion of post attachments 2025-02-04 14:29:33 +01:00			`# handle attachment deletion`
			`if params[:post][:attachments_to_delete].present? && @post.attachments.attached?`
			`@post.attachments.order(:created_at).each_with_index do \|attachment, index\|`
add possibility to upload attachments from post edit form 2025-02-04 14:54:59 +01:00			`attachment.purge if params[:post][:attachments_to_delete].include?(index.to_s)`
enable deletion of post attachments 2025-02-04 14:29:33 +01:00			`end`
			`end`

add possibility to upload attachments from post edit form 2025-02-04 14:54:59 +01:00			`# handle attachments`
			`if Current.tenant.tenant_setting.allow_attachment_upload && params[:post][:attachments].present?`
			`@post.attachments.attach(params[:post][:attachments])`
			`end`

Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`if @post.save`
			`if @post.post_status_id_previously_changed?`
Add API (#427) 2024-11-08 16:40:53 +01:00			`ExecutePostStatusChangeLogicWorkflow.new(`
Post follow and updates notifications V1 (#111) * It is now possible to follow a post in order to receive updates about it * Notifications are now sent when updates are published * Post status changes are now tracked * Update sidebar now shows the post status history * Mark a comment as a post update using the comment form * ... more ... 2022-05-28 11:03:36 +02:00			`user_id: current_user.id,`
Add API (#427) 2024-11-08 16:40:53 +01:00			`post: @post,`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`post_status_id: @post.post_status_id`
Add API (#427) 2024-11-08 16:40:53 +01:00			`).run`
Post follow and updates notifications V1 (#111) * It is now possible to follow a post in order to receive updates about it * Notifications are now sent when updates are published * Post status changes are now tracked * Update sidebar now shows the post status history * Mark a comment as a post update using the comment form * ... more ... 2022-05-28 11:03:36 +02:00			`end`

enable deletion of post attachments 2025-02-04 14:29:33 +01:00			`render json: @post.as_json.merge(attachment_urls: @post.attachments.order(:created_at).map { \|attachment\| attachment.blob.url })`
Add basic version of post show page 2019-09-12 15:51:45 +02:00			`else`
			`render json: {`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`error: @post.errors.full_messages`
			`}, status: :unprocessable_entity`
			`end`
			`end`

			`def destroy`
			`@post = Post.find(params[:id])`
			`authorize @post`

			`if @post.destroy`
			`render json: {`
			`id: @post.id,`
			`}, status: :accepted`
			`else`
			`render json: {`
			`error: @post.errors.full_messages`
Add basic version of post show page 2019-09-12 15:51:45 +02:00			`}, status: :unprocessable_entity`
			`end`
			`end`

Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`# Returns a list of posts for moderation in JSON`
			`def moderation`
			`posts = Post`
			`.select(`
			`:id,`
			`:title,`
			`:description,`
			`:slug,`
			`:approval_status,`
			`:user_id,`
			`:board_id,`
			`:created_at,`
Show avatar if present, otherwise fallback to gravatar 2025-01-09 10:55:44 +01:00			`'users.id as user_id', # required for avatar_url`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`'users.email as user_email',`
			`'users.full_name as user_full_name'`
			`)`
			`.eager_load(:user)`
			`.where(approval_status: ["pending", "rejected"])`
			`.order_by(created_at: :desc)`
			`.limit(100)`
Show avatar if present, otherwise fallback to gravatar 2025-01-09 10:55:44 +01:00			`.includes(user: { avatar_attachment: :blob }) # Preload avatars`

			`posts = posts.map do \|post\|`
switch from url_for to blob.url 2025-01-23 12:47:35 +01:00			`user_avatar_url = post.user.avatar.attached? ? post.user.avatar.blob.url : nil`
Show avatar if present, otherwise fallback to gravatar 2025-01-09 10:55:44 +01:00			`post.attributes.merge(user_avatar: user_avatar_url)`
			`end`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00
			`render json: posts`
			`end`

Add new post form 2019-09-02 14:32:57 +02:00			`private`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00
			`def authenticate_moderator_if_post_not_approved`
			`post = Post.friendly.find(params[:id])`
			`authenticate_moderator unless post.approval_status == "approved"`
			`end`

			`def anti_spam_checks`
Various improvements (#383) * Improve moderation page style * Increase ban period of anti-spam measures to 1 hour * Fix i18n fallbacks in production * Add EMAIL_MAIL_REPLY_TO env variable support 2024-07-16 17:30:23 +02:00			`params[:post][:dnf1] != "" \|\| params[:post][:dnf2] != "" \|\| Time.now.to_i - params[:post][:form_rendered_at] < 2`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`end`

			`def invalid_anonymous_submission`
			`(params[:post][:is_anonymous] == false && !user_signed_in?) \|\| (params[:post][:is_anonymous] == true && Current.tenant.tenant_setting.allow_anonymous_feedback == false)`
			`end`
Add filter by post status 2019-09-03 12:58:44 +02:00
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`def post_create_params(is_anonymous: false)`
Refactor controllers and uncomment an authorization check 2019-09-04 15:24:15 +02:00			`params`
			`.require(:post)`
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`.permit(policy(@post).permitted_attributes_for_create)`
Add anonymous feedback (#380) 2024-07-12 20:38:46 +02:00			`.merge(user_id: is_anonymous ? nil : current_user.id)`
Add new post form 2019-09-02 14:32:57 +02:00			`end`
Post follow and updates notifications V1 (#111) * It is now possible to follow a post in order to receive updates about it * Notifications are now sent when updates are published * Post status changes are now tracked * Update sidebar now shows the post status history * Mark a comment as a post update using the comment form * ... more ... 2022-05-28 11:03:36 +02:00
Add edit and delete actions to posts and comments (#125) 2022-06-22 10:17:42 +02:00			`def post_update_params`
			`params`
			`.require(:post)`
enable deletion of post attachments 2025-02-04 14:29:33 +01:00			`.permit(`
			`policy(@post)`
			`.permitted_attributes_for_update`
			`.concat([{ additional_params: [:attachments_to_delete] }])`
			`)`
Post follow and updates notifications V1 (#111) * It is now possible to follow a post in order to receive updates about it * Notifications are now sent when updates are published * Post status changes are now tracked * Update sidebar now shows the post status history * Mark a comment as a post update using the comment form * ... more ... 2022-05-28 11:03:36 +02:00			`end`
Add new post form 2019-09-02 14:32:57 +02:00			`end`