# frozen_string_literal: true
class PostsController < AuthenticatedController
skip_before_action :authenticate_user!, only: [:index, :show]
before_action -> { authorize :post }, except: [:show, :edit, :update]
def index
posts =
if policy(:post).edit?
Post.all
else
policy_scope(Post).where(status: :active)
end
render locals: {posts: posts.order(created_at: :asc)}
end
def show
post = Post.where(public_id: params[:id]).first
authorize post
render locals: {post: post}
end
def new
render locals: locals_for_post
end
def create
permitted_params = permit_post_params!.tap do |params|
roles = Role.where(public_id: params[:role_visibility].compact_blank)
params[:role_visibility] = roles.calculated_value
end
Post.create!(**permitted_params)
flash[:success] = "Post created"
redirect_to :posts
end
def edit
post = Post.where(public_id: params[:id]).first
authorize post
render locals: locals_for_post(post:)
end
def update
post = Post.where(public_id: params[:id]).first
authorize post
permitted_params = permit_post_params!.tap do |sanitized_params|
if sanitized_params[:role_visibility]
roles = Role.where(public_id: sanitized_params[:role_visibility].compact_blank)
sanitized_params[:role_visibility] = roles.pluck(:name)
end
end
post.update!(**permitted_params)
if request.xhr?
render json: {}
else
flash[:success] = "Post updated"
redirect_to :posts
end
end
def destroy
post = Post.where(public_id: params[:id]).first
authorize post
post.destroy
respond_to do |format|
format.turbo_stream { render locals: {post: post} }
format.html do
flash[:success] = "Post deleted"
redirect_to :posts
end
end
end
private
def permit_post_params!
params.require(:post).permit(:title, :content, :status, role_visibility: [])
end
def locals_for_post(post: nil)
public_ids = post&.roles&.map(&:public_id) || []
{
post:,
statuses: [Post.statuses.keys, post&.status || "draft"],
roles: Role.all.select(:name, :public_id).map do |role|
{
value: role.public_id,
label: role.name,
selected: public_ids.include?(role.public_id)
}
end
}
end
end