prevent duplicate actions on a post

app/controllers/post_actions_controller.rb

@@ -4,39 +4,30 @@ class PostActionsController < ApplicationController
 
   before_filter :ensure_logged_in, except: :users
   before_filter :fetch_post_from_params
+  before_filter :fetch_post_action_type_id_from_params
 
   def create
-    id = params[:post_action_type_id].to_i
-    if action = PostActionType.where(id: id).first
-      guardian.ensure_post_can_act!(@post, PostActionType.types[id])
+    guardian.ensure_post_can_act!(@post, PostActionType.types[@post_action_type_id])
 
-      post_action = PostAction.act(current_user, @post, action.id, params[:message])
-
-      if post_action.blank? || post_action.errors.present?
-        render_json_error(post_action)
-      else
-        # We need to reload or otherwise we are showing the old values on the front end
-        @post.reload
-        post_serializer = PostSerializer.new(@post, scope: guardian, root: false)
-        render_json_dump(post_serializer)
-      end
+    post_action = PostAction.act(current_user, @post, @post_action_type_id, params[:message])
 
+    if post_action.blank? || post_action.errors.present?
+      render_json_error(post_action)
     else
-      raise Discourse::InvalidParameters.new(:post_action_type_id)
+      # We need to reload or otherwise we are showing the old values on the front end
+      @post.reload
+      post_serializer = PostSerializer.new(@post, scope: guardian, root: false)
+      render_json_dump(post_serializer)
     end
   end
 
   def users
-    requires_parameter(:post_action_type_id)
-    post_action_type_id = params[:post_action_type_id].to_i
-
-    guardian.ensure_can_see_post_actors!(@post.topic, post_action_type_id)
-
-    users = User.
-              select(['null as post_url','users.id', 'users.username', 'users.username_lower', 'users.email','post_actions.related_post_id']).
-              joins(:post_actions).
-              where(['post_actions.post_id = ? and post_actions.post_action_type_id = ? and post_actions.deleted_at IS NULL', @post.id, post_action_type_id]).all
+    guardian.ensure_can_see_post_actors!(@post.topic, @post_action_type_id)
 
+    users = User.select(['null as post_url','users.id', 'users.username', 'users.username_lower', 'users.email','post_actions.related_post_id'])
+                .joins(:post_actions)
+                .where(['post_actions.post_id = ? and post_actions.post_action_type_id = ? and post_actions.deleted_at IS NULL', @post.id, @post_action_type_id])
+                .all
 
     urls = Post.urls(users.map{|u| u.related_post_id})
     users.each do |u|
@@ -47,21 +38,21 @@ class PostActionsController < ApplicationController
   end
 
   def destroy
-    requires_parameter(:post_action_type_id)
+    post_action = current_user.post_actions.where(post_id: params[:id].to_i, post_action_type_id: @post_action_type_id, deleted_at: nil).first
 
-    post_action = current_user.post_actions.where(post_id: params[:id].to_i, post_action_type_id: params[:post_action_type_id].to_i, deleted_at: nil).first
     raise Discourse::NotFound if post_action.blank?
+
     guardian.ensure_can_delete!(post_action)
+
     PostAction.remove_act(current_user, @post, post_action.post_action_type_id)
 
     render nothing: true
   end
 
   def clear_flags
-    requires_parameter(:post_action_type_id)
     guardian.ensure_can_clear_flags!(@post)
 
-    PostAction.clear_flags!(@post, current_user.id, params[:post_action_type_id].to_i)
+    PostAction.clear_flags!(@post, current_user.id, @post_action_type_id)
     @post.reload
 
     if @post.is_flagged?
@@ -84,4 +75,9 @@ class PostActionsController < ApplicationController
       @post = finder.first
       guardian.ensure_can_see!(@post)
     end
+
+    def fetch_post_action_type_id_from_params
+      requires_parameter(:post_action_type_id)
+      @post_action_type_id = params[:post_action_type_id].to_i
+    end
 end