54 lines
1.7 KiB
Ruby
54 lines
1.7 KiB
Ruby
module Locomotive
|
|
module Public
|
|
class ContentEntriesController < BaseController
|
|
|
|
before_filter :set_content_type
|
|
|
|
before_filter :sanitize_entry_params, :only => :create
|
|
|
|
skip_before_filter :verify_authenticity_token
|
|
|
|
skip_load_and_authorize_resource
|
|
|
|
self.responder = Locomotive::ActionController::PublicResponder # custom responder
|
|
|
|
respond_to :html, :json
|
|
|
|
def create
|
|
@entry = @content_type.entries.create(params[:entry] || params[:content])
|
|
flash[@content_type.slug.singularize] = @entry.to_presenter(:include_errors => true).as_json
|
|
Rails.logger.debug @entry.to_presenter(:include_errors => true).as_json
|
|
respond_with @entry, :location => self.callback_url
|
|
end
|
|
|
|
protected
|
|
|
|
def set_content_type
|
|
@content_type = current_site.content_types.where(:slug => params[:slug]).first
|
|
|
|
# check if ability to receive public submissions
|
|
unless @content_type.public_submission_enabled?
|
|
respond_to do |format|
|
|
format.json { render :json => { :error => 'Public submissions not accepted' }, :status => :forbidden }
|
|
format.html { render :text => 'Public submissions not accepted', :status => :forbidden }
|
|
end
|
|
return false
|
|
end
|
|
end
|
|
|
|
def callback_url
|
|
(@entry.errors.empty? ? params[:success_callback] : params[:error_callback]) || main_app.root_path
|
|
end
|
|
|
|
def sanitize_entry_params
|
|
entry_params = params[:entry] || params[:content] || {}
|
|
entry_params.each do |key, value|
|
|
next unless value.is_a?(String)
|
|
entry_params[key] = Sanitize.clean(value, Sanitize::Config::BASIC)
|
|
end
|
|
end
|
|
|
|
end
|
|
end
|
|
end
|