Modified: trunk/app/controllers/comments_controller.rb (3496 => 3497)
--- trunk/app/controllers/comments_controller.rb 2013-04-10 11:08:14 UTC (rev 3496)
+++ trunk/app/controllers/comments_controller.rb 2013-04-10 14:38:02 UTC (rev 3497)
@@ -5,8 +5,8 @@
class CommentsController < ApplicationController
- before_filter :find_resource_context, : [ :create, :index, :timeline ]
- before_filter :find_resource, : [ :destroy ]
+ before_filter :find_context, : [ :create, :index, :timeline ]
+ before_filter :find_comment, : [ :destroy ]
# GET /:context_type/:context_id/comments
def index
@@ -66,25 +66,24 @@
private
- def find_resource
-
- @context = extract_resource_context(params)
+ def find_comment
@comment = Comment.find_by_id(params[:id])
+ @context = @comment.commentable
- return error if @comment.nil? || @context.nil? || @comment.commentable != @context
- return error if Authorization.check('view', @context, current_user) == false
+ if @comment.nil?
+ render_404("Comment not found.")
+ elsif !Authorization.check('view', @context, current_user)
+ render_401("You are not authorized to delete this comment.")
+ end
end
- def find_resource_context
-
+ def find_context
@context = extract_resource_context(params)
- return error if @context.nil?
- return error if Authorization.check('view', @context, current_user) == false
+ if @context.nil?
+ render_404("Comment context not found.")
+ elsif !Authorization.check('view', @context, current_user)
+ render_401("You are not authorized to view this resource's comments.")
+ end
end
-
- def error
- render :text => 'Error.'
- end
end
-