engine/app/controllers/locomotive/public/content_entries_controller.rb

58 lines
1.7 KiB
Ruby
Raw Permalink Normal View History

module Locomotive
module Public
class ContentEntriesController < BaseController
before_filter :set_content_type
before_filter :sanitize_entry_params, :only => :create
skip_load_and_authorize_resource
self.responder = Locomotive::ActionController::PublicResponder # custom responder
respond_to :html, :json
def create
@entry = @content_type.entries.create(params[:entry] || params[:content])
flash[@content_type.slug.singularize] = @entry.to_presenter(:include_errors => true).as_json
respond_with @entry, :location => self.callback_url
end
protected
def set_content_type
@content_type = current_site.content_types.where(:slug => params[:slug]).first
# check if ability to receive public submissions
unless @content_type.public_submission_enabled?
respond_to do |format|
format.json { render :json => { :error => 'Public submissions not accepted' }, :status => :forbidden }
format.html { render :text => 'Public submissions not accepted', :status => :forbidden }
end
return false
end
end
def callback_url
(@entry.errors.empty? ? params[:success_callback] : params[:error_callback]) || main_app.root_path
end
def sanitize_entry_params
entry_params = params[:entry] || params[:content] || {}
entry_params.each do |key, value|
next unless value.is_a?(String)
entry_params[key] = Sanitize.clean(value, Sanitize::Config::BASIC)
end
end
def handle_unverified_request
if Locomotive.config.csrf_protection
reset_session
redirect_to '/', :status => 302
end
end
end
end
end