# frozen_string_literal: true class PostsController < AuthenticatedController skip_before_action :authenticate_user!, only: [:index, :show] before_action -> { authorize :post }, except: [:show, :edit, :update] def index posts = if policy(:post).edit? Post.all else policy_scope(Post).where(status: :active) end render locals: {posts: posts.order(created_at: :asc)} end def show post = Post.where(public_id: params[:id]).first authorize post render locals: {post: post} end def new render locals: locals_for_post end def create permitted_params = permit_post_params!.tap do |params| roles = Role.where(public_id: params[:role_visibility].compact_blank) params[:role_visibility] = roles.calculated_value end Post.create!(**permitted_params) flash[:success] = "Post created" redirect_to :posts end def edit post = Post.where(public_id: params[:id]).first authorize post render locals: locals_for_post(post:) end def update post = Post.where(public_id: params[:id]).first authorize post permitted_params = permit_post_params!.tap do |sanitized_params| if sanitized_params[:role_visibility] roles = Role.where(public_id: sanitized_params[:role_visibility].compact_blank) sanitized_params[:role_visibility] = roles.pluck(:name) end end post.update!(**permitted_params) if request.xhr? render json: {} else flash[:success] = "Post updated" redirect_to :posts end end def destroy post = Post.where(public_id: params[:id]).first authorize post post.destroy respond_to do |format| format.turbo_stream { render locals: {post: post} } format.html do flash[:success] = "Post deleted" redirect_to :posts end end end private def permit_post_params! params.require(:post).permit(:title, :content, :status, role_visibility: []) end def locals_for_post(post: nil) public_ids = post&.roles&.map(&:public_id) || [] { post:, statuses: [Post.statuses.keys, post&.status || "draft"], roles: Role.all.select(:name, :public_id).map do |role| { value: role.public_id, label: role.name, selected: public_ids.include?(role.public_id) } end } end end