Implement rudimentary visibility of teams
* Adds checks to Party model * Hides parties from collection views depending on visibility * Disallows viewing private parties if you're not the owner
This commit is contained in:
parent
c9a2a5e27a
commit
b20698dfad
2 changed files with 31 additions and 6 deletions
|
|
@ -32,6 +32,9 @@ module Api
|
||||||
end
|
end
|
||||||
|
|
||||||
def show
|
def show
|
||||||
|
# If a party is private, check that the user is the owner
|
||||||
|
return render_unauthorized_response if @party.private? && @party.user != current_user
|
||||||
|
|
||||||
return render json: PartyBlueprint.render(@party, view: :full, root: :party) if @party
|
return render json: PartyBlueprint.render(@party, view: :full, root: :party) if @party
|
||||||
|
|
||||||
render_not_found_response('project')
|
render_not_found_response('project')
|
||||||
|
|
@ -152,11 +155,12 @@ module Api
|
||||||
value.to_i unless value.blank? || value.to_i == -1
|
value.to_i unless value.blank? || value.to_i == -1
|
||||||
end
|
end
|
||||||
|
|
||||||
def build_query(conditions, favorites = false)
|
def build_query(conditions, favorites: false)
|
||||||
query = Party.distinct
|
query = Party.distinct
|
||||||
.joins(weapons: [:object], summons: [:object], characters: [:object])
|
.joins(weapons: [:object], summons: [:object], characters: [:object])
|
||||||
.group('parties.id')
|
.group('parties.id')
|
||||||
.where(conditions)
|
.where(conditions)
|
||||||
|
.where(privacy(favorites))
|
||||||
.where(name_quality)
|
.where(name_quality)
|
||||||
.where(user_quality)
|
.where(user_quality)
|
||||||
.where(original)
|
.where(original)
|
||||||
|
|
@ -242,6 +246,14 @@ module Api
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def privacy(favorites: false)
|
||||||
|
if favorites
|
||||||
|
'visibility < 3'
|
||||||
|
else
|
||||||
|
'visibility == 1'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def user_quality
|
def user_quality
|
||||||
'user_id IS NOT NULL' unless request.params[:user_quality].blank? || request.params[:user_quality] == 'false'
|
'user_id IS NOT NULL' unless request.params[:user_quality].blank? || request.params[:user_quality] == 'false'
|
||||||
end
|
end
|
||||||
|
|
@ -329,6 +341,7 @@ module Api
|
||||||
:description,
|
:description,
|
||||||
:raid_id,
|
:raid_id,
|
||||||
:job_id,
|
:job_id,
|
||||||
|
:visibility,
|
||||||
:accessory_id,
|
:accessory_id,
|
||||||
:skill0_id,
|
:skill0_id,
|
||||||
:skill1_id,
|
:skill1_id,
|
||||||
|
|
|
||||||
|
|
@ -105,17 +105,29 @@ class Party < ApplicationRecord
|
||||||
end
|
end
|
||||||
|
|
||||||
def is_remix
|
def is_remix
|
||||||
self.source_party != nil
|
!source_party.nil?
|
||||||
end
|
end
|
||||||
|
|
||||||
def remixes
|
def remixes
|
||||||
Party.where(source_party_id: self.id)
|
Party.where(source_party_id: id)
|
||||||
end
|
end
|
||||||
|
|
||||||
def blueprint
|
def blueprint
|
||||||
PartyBlueprint
|
PartyBlueprint
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def public?
|
||||||
|
visibility == 1
|
||||||
|
end
|
||||||
|
|
||||||
|
def unlisted?
|
||||||
|
visibility == 2
|
||||||
|
end
|
||||||
|
|
||||||
|
def private?
|
||||||
|
visibility == 3
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def set_shortcode
|
def set_shortcode
|
||||||
|
|
@ -123,9 +135,9 @@ class Party < ApplicationRecord
|
||||||
end
|
end
|
||||||
|
|
||||||
def set_edit_key
|
def set_edit_key
|
||||||
if !self.user
|
return if user
|
||||||
self.edit_key = Digest::SHA1.hexdigest([Time.now, rand].join)
|
|
||||||
end
|
self.edit_key = Digest::SHA1.hexdigest([Time.now, rand].join)
|
||||||
end
|
end
|
||||||
|
|
||||||
def random_string
|
def random_string
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue