qpixel/app/controllers/votes_controller.rb at 3453a96f826af07d95de9e62eb480586590a30c2 · codidact/qpixel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
class VotesController < ApplicationController
  before_action :auth_for_voting
  before_action :check_if_target_post_locked, only: [:create]
  before_action :check_if_parent_post_locked, only: [:destroy]

  def create
    post = Post.find(params[:post_id])

    if post.user == current_user && !SiteSetting['AllowSelfVotes']
      render(json: { status: 'failed', message: 'You may not vote on your own posts.' }, status: :forbidden)
      return
    end

    recent_votes = current_user.recent_votes_count
    max_votes_per_day = current_user.max_votes_per_day

    if !post.parent&.user_id == current_user.id && recent_votes >= max_votes_per_day
      vote_limit_msg = "You have used your daily vote limit of #{recent_votes} votes. " \
                       'Come back tomorrow to continue voting. Votes on answers to own posts ' \
                       'are exempt.'

      AuditLog.rate_limit_log(event_type: 'vote', related: post, user: current_user,
                              comment: "limit: #{max_votes_per_day}\n\nvote:\n#{params[:vote_type].to_i}")

      render json: { status: 'failed', message: vote_limit_msg }, status: :forbidden
      return
    end

    destroyed = post.votes.where(user: current_user).destroy_all
    vote = post.votes.create(user: current_user, vote_type: params[:vote_type].to_i, recv_user: post.user)

    if vote.errors.any?
      render json: { status: 'failed', message: vote.errors.full_messages.join('. ') }, status: :forbidden
      return
    end

    Rails.cache.delete "community_user/#{current_user.community_user.id}/metric/V"
    ['s', 'v'].each do |key|
      Rails.cache.delete "community_user/#{post.user.community_user.id}/metric/#{key}"
    end

    AbilityQueue.add(post.user, "Vote Change on ##{post.id}")

    modified = !destroyed.empty?
    state = { status: (modified ? 'modified' : 'success'),
              vote_id: vote.id,
              upvotes: post.upvote_count,
              downvotes: post.downvote_count,
              score: post.score }

    render json: state
  end

  def destroy
    vote = Vote.find params[:id]
    post = vote.post

    if vote.user != current_user
      render json: { status: 'failed', message: 'You are not authorized to remove this vote.' }, status: :forbidden
      return
    end

    if vote.destroy
      AbilityQueue.add(post.user, "Vote Change on ##{post.id}")
      render json: { status: 'success',
                     upvotes: post.upvote_count,
                     downvotes: post.downvote_count,
                     score: post.score }
    else
      render json: { status: 'failed', message: vote.errors.full_messages.join('. ') }, status: :forbidden
    end
  end

  private

  def auth_for_voting
    unless user_signed_in?
      render json: { status: 'failed', message: 'You must be logged in to vote.' }, status: :forbidden
    end
  end

  def check_if_target_post_locked
    check_if_locked(Post.find(params[:post_id]))
  end

  def check_if_parent_post_locked
    check_if_locked(Vote.find(params[:id]).post)
  end
end