additionals/app/controllers/additionals_journals_controller.rb

# frozen_string_literal: true

class AdditionalsJournalsController < ApplicationController
  before_action :find_journal, only: %i[edit update diff]
  before_action :authorize, only: %i[edit update]

  helper :custom_fields
  helper :journals
  helper :additionals_journals

  def diff
    @entry = @journal.journalized
    @detail =
      if params[:detail_id].present?
        @journal.details.find_by id: params[:detail_id]
      else
        @journal.details.detect { |d| d.property == 'attr' && d.prop_key == 'description' }
      end
    unless @entry && @detail
      render_404
      return false
    end

    raise ::Unauthorized if @detail.property == 'cf' && !@detail.custom_field&.visible_by?(@entry.project, User.current)

    @diff = Redmine::Helpers::Diff.new @detail.value, @detail.old_value
  end

  def edit
    return render_403 unless @journal.editable_by? User.current

    respond_to do |format|
      # TODO: implement non-JS journal update
      format.js
    end
  end

  def update
    return render_403 unless @journal.editable_by? User.current

    @journal.safe_attributes = params[:journal]
    @journal.save
    @journal.destroy if @journal.details.empty? && @journal.notes.blank?
    respond_to do |format|
      format.html { redirect_after_update }
      format.js
    end
  end

  private

  def redirect_after_update
    raise 'overwrite it'
  end

  def find_journal
    raise 'overwrite it'
  end
end
mermaid update and journal controller 2021-07-30 19:51:33 +03:00			`# frozen_string_literal: true`

			`class AdditionalsJournalsController < ApplicationController`
			`before_action :find_journal, only: %i[edit update diff]`
			`before_action :authorize, only: %i[edit update]`

			`helper :custom_fields`
			`helper :journals`
			`helper :additionals_journals`

			`def diff`
			`@entry = @journal.journalized`
			`@detail =`
			`if params[:detail_id].present?`
			`@journal.details.find_by id: params[:detail_id]`
			`else`
			`@journal.details.detect { \|d\| d.property == 'attr' && d.prop_key == 'description' }`
			`end`
			`unless @entry && @detail`
			`render_404`
			`return false`
			`end`

			`raise ::Unauthorized if @detail.property == 'cf' && !@detail.custom_field&.visible_by?(@entry.project, User.current)`

			`@diff = Redmine::Helpers::Diff.new @detail.value, @detail.old_value`
			`end`

			`def edit`
			`return render_403 unless @journal.editable_by? User.current`

			`respond_to do \|format\|`
			`# TODO: implement non-JS journal update`
			`format.js`
			`end`
			`end`

			`def update`
			`return render_403 unless @journal.editable_by? User.current`

			`@journal.safe_attributes = params[:journal]`
			`@journal.save`
			`@journal.destroy if @journal.details.empty? && @journal.notes.blank?`
			`respond_to do \|format\|`
			`format.html { redirect_after_update }`
			`format.js`
			`end`
			`end`

			`private`

			`def redirect_after_update`
			`raise 'overwrite it'`
			`end`

			`def find_journal`
			`raise 'overwrite it'`
			`end`
			`end`