Merge pull request #1636 from hennevogel/feature/admin-comment-index

Admin comment index
SUSE · Sep 10, 2024 · ec2eec4 · ec2eec4
2 parents 1e03a3a + a9ef269
commit ec2eec4
Show file tree

Hide file tree

Showing 5 changed files with 85 additions and 11 deletions.
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
@@ -1,9 +1,14 @@
 class CommentsController < ApplicationController
   include MarkdownHelper
-  before_action :get_parent, except: :reply_modal
-  load_and_authorize_resource
+  before_action :get_parent, only: %i[create update]
+  load_and_authorize_resource except: :index
+  authorize_resource only: :index
   skip_before_action :verify_authenticity_token, only: [:reply_modal]
 
+  def index
+    @comments = Comment.accessible_by(current_ability).order('id DESC').page(params[:page])
+  end
+
   def create
     @comment = @parent.comments.build(comment_params)
     @comment.commenter = current_user
@@ -28,6 +33,14 @@ def update
     end
   end
 
+  def destroy
+    @comment.destroy
+
+    respond_to do |format|
+      format.html { redirect_to comments_path, notice: 'Comment was successfully deleted.' }
+    end
+  end
+
   def comment_params
     params.require(:comment).permit(:commentable_id, :commentable_type, :commenter_id, :text, :commenter)
   end

diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -30,12 +30,12 @@ def initialize(user)
       can %i[join leave like dislike create], Project
       can %i[originated likes opportunities], User
       can [:enroll], Announcement
-      # ...manage things they own
-      can :manage, User, id: user.id
+      # ...change things they own
+      can %i[update add_keyword delete_keyword], User, id: user.id
       can :read, Update, author_id: user.id
       can :manage, Project, originator_id: user.id
-      can :manage, Comment, commenter_id: user.id
-      can [:edit, :update, :add_keyword, :delete_keyword, :advance, :recess, :add_episode, :delete_episode],
+      can %i[create update], Comment, commenter_id: user.id
+      can %i[update add_keyword delete_keyword advance recess add_episode delete_episode],
           Project do |project|
         project.users.include? user
       end

diff --git a/app/views/comments/index.html.haml b/app/views/comments/index.html.haml
@@ -0,0 +1,43 @@
+- content_for :title do
+  Comments
+
+.row
+  .col-sm-12
+    - if @comments.any?
+      .row
+        .col-sm-12
+          %table.table.table-hover
+            %thead
+              %th Date
+              %th User
+              %th Comment
+              %th Project
+              %th Actions
+            - @comments.each do |comment|
+              %tr
+                %td
+                  = comment.updated_at
+                %td
+                  - if comment.commenter
+                    = link_to user_path(comment.commenter) do
+                      = comment.commenter.name
+                  - else
+                    Deleted User
+                %td
+                  = comment.text
+                %td
+                  - if comment.commentable
+                    = link_to project_path(comment.commentable) do
+                      = comment.project.title
+                  - else
+                    Deleted Project/Comment
+                %td
+                  .btn-group
+                    = link_to comment_path(comment), method: :delete, data: { confirm: 'Are you sure you want to delete this comment?' }, class: 'btn btn-danger' do
+                      Delete Comment
+          .row
+            .col-sm-12
+              .text-center
+                = paginate @comments
+    - else
+      No comments yet.
diff --git a/config/routes.rb b/config/routes.rb
@@ -54,7 +54,7 @@
     resources :comments, only: %i[create update]
   end
 
-  resources :comments, only: [] do
+  resources :comments, only: %i[index destroy] do
     resources :comments, only: %i[create update]
     collection do
       get '/reply/:id', to: 'comments#reply_modal', as: 'reply_modal'

diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb
@@ -14,12 +14,30 @@
     let(:foreign_comment) { create(:comment, commenter: other_user) }
     let(:collaborated_project) { create(:project, originator: other_user, users: [user]) }
 
-    it { is_expected.to be_able_to(:manage, user) }
-    it { is_expected.not_to be_able_to(:manage, other_user) }
+    # Myself
+    it { is_expected.not_to be_able_to(:create, user) }
+    it { is_expected.to be_able_to(:update, user) }
+    it { is_expected.not_to be_able_to(:destroy, user) }
+    it { is_expected.to be_able_to(:add_keyword, user) }
+    it { is_expected.to be_able_to(:delete_keyword, user) }
+
+    # Others
+    it { is_expected.not_to be_able_to(:create, other_user) }
+    it { is_expected.not_to be_able_to(:update, other_user) }
+    it { is_expected.not_to be_able_to(:destroy, other_user) }
+    it { is_expected.not_to be_able_to(:add_keyword, other_user) }
+    it { is_expected.not_to be_able_to(:delete_keyword, other_user) }
+
     it { is_expected.to be_able_to(:manage, own_project) }
     it { is_expected.not_to be_able_to(:manage, foreign_project) }
-    it { is_expected.to be_able_to(:manage, own_comment) }
-    it { is_expected.not_to be_able_to(:manage, foreign_comment) }
+
+    it { is_expected.to be_able_to(:create, own_comment) }
+    it { is_expected.to be_able_to(:update, own_comment) }
+    it { is_expected.not_to be_able_to(:destroy, own_comment) }
+
+    it { is_expected.not_to be_able_to(:create, foreign_comment) }
+    it { is_expected.not_to be_able_to(:update, foreign_comment) }
+    it { is_expected.not_to be_able_to(:destroy, foreign_comment) }
 
     %i[edit update add_keyword delete_keyword advance recess add_episode delete_episode].each do |action|
       it { is_expected.to be_able_to(action, collaborated_project) }