Sign upLogin

mysociety/alaveteli

View on GitHub
Star
app/controllers/public_tokens_controller.rb

Summary

Maintainability
A
0 mins
Test Coverage
##
# Controller responsible for creating, destroying public tokens and rendering
# any InfoRequest by its public token
#
class PublicTokensController < ApplicationController
  include PublicTokenable

  before_action :find_info_request, only: %i[create destroy]
  before_action :can_share_info_request, only: %i[create destroy]

  before_action :find_info_request_by_public_token, only: :show
  before_action :can_view_info_request, only: :show
  before_action :assign_variables_for_show_template, only: :show

  def show
    render template: 'request/show'
  end

  def create
    @info_request.enable_public_token!

    public_url = public_token_url(@info_request.public_token, locale: false)
    anchor = helpers.link_to(public_url, public_url, target: '_blank')

    flash.notice = {
      inline: _('This request is now publicly accessible via {{public_url}}',
                public_url: anchor)
    }

    redirect_to show_request_path(@info_request.url_title)
  end

  def destroy
    @info_request.disable_public_token!

    flash.notice = _('The publicly accessible link for this request has now ' \
                     'been disabled')

    redirect_to show_request_path(@info_request.url_title)
  end

  private

  def find_info_request
    @info_request = InfoRequest.find_by!(url_title: params[:url_title])
  end

  def can_share_info_request
    authorize! :share, @info_request
  end

  def find_info_request_by_public_token
    @info_request = InfoRequest.find_by!(public_token: public_token)
  end

  def can_view_info_request
    if Ability.guest.can?(:read, @info_request)
      redirect_to show_request_path(@info_request.url_title)
    elsif cannot?(:read, @info_request)
      render_hidden
    end
  end

  # rubocop:disable all
  def assign_variables_for_show_template
    # taken from RequestController#assign_variables_for_show_template

    @show_profile_photo = !!(
      !@info_request.is_external? &&
      @info_request.user.show_profile_photo? &&
      !@render_to_file
    )

    @old_unclassified =
      @info_request.is_old_unclassified? && !authenticated_user.nil?
    @is_owning_user = @info_request.is_owning_user?(authenticated_user)
    @new_responses_count =
      @info_request.
      events_needing_description.
      select { |event| event.event_type == 'response' }.
      size
  end
  # rubocop:enable all
end