From ee8353334dbdd888f2d6257eed7ebacc044be4b4 Mon Sep 17 00:00:00 2001
From: Ady <ady@ecomail.io>
Date: Mon, 21 Mar 2022 22:27:50 -0400
Subject: [PATCH] fix: see ratings is must be allowed for anonymous users

---
 public/assets/js/modules/arc-line-handler.mjs | 34 ++++++++++---------
 src/Controller/Ajax/RateAjax.php              |  4 ---
 2 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/public/assets/js/modules/arc-line-handler.mjs b/public/assets/js/modules/arc-line-handler.mjs
index ea3b1b30..28345d51 100644
--- a/public/assets/js/modules/arc-line-handler.mjs
+++ b/public/assets/js/modules/arc-line-handler.mjs
@@ -86,25 +86,27 @@ const ArcLineHandler = {
 
       // todo: use event
       const userRating = line.querySelector('.rating-container .rating');
-      const userRate = ODL.user.rates.find(rate => rate.arc === arc.id);
-      if (userRate) {
-        userRating.dataset.rating = userRate.value;
+      if (userRating) {
+        const userRate = ODL.user.rates.find(rate => rate.arc === arc.id);
+        if (userRate) {
+          userRating.dataset.rating = userRate.value;
+          userRating.dataset.arcId = arc.id;
+          unrateButton.style.display = 'inline';
+        }
+        $(userRating).rating({maxRating: 5});
         userRating.dataset.arcId = arc.id;
-        unrateButton.style.display = 'inline';
-      }
-      $(userRating).rating({maxRating: 5});
-      userRating.dataset.arcId = arc.id;
-      if (!ODL.user.readings.includes(arc.id)) {
-        userRating.classList.add('disabled');
-        userRating.title = ODL.translation.readingOrder.disabledRating;
-      }
-      const stars = userRating.childNodes;
-      for (const i in stars) {
-        if (stars[i] instanceof Element && ODL.user.readings.includes(arc.id)) {
-          stars[i].title = ODL.translation.readingOrder.starsTitles[i];
+        if (!ODL.user.readings.includes(arc.id)) {
+          userRating.classList.add('disabled');
+          userRating.title = ODL.translation.readingOrder.disabledRating;
+        }
+        const stars = userRating.childNodes;
+        for (const i in stars) {
+          if (stars[i] instanceof Element && ODL.user.readings.includes(arc.id)) {
+            stars[i].title = ODL.translation.readingOrder.starsTitles[i];
+          }
         }
+        userRating.addEventListener('click', ratingListener);
       }
-      userRating.addEventListener('click', ratingListener);
 
       line.querySelector('.arc-position').addEventListener('click', anchorListener);
 
diff --git a/src/Controller/Ajax/RateAjax.php b/src/Controller/Ajax/RateAjax.php
index 55509fbe..afea920e 100644
--- a/src/Controller/Ajax/RateAjax.php
+++ b/src/Controller/Ajax/RateAjax.php
@@ -100,10 +100,6 @@ class RateAjax extends AbstractController
      */
     public function getAllRatesInEra(Era $era, RateRepository $repository): JsonResponse
     {
-        $user = $this->getUser();
-        if (null === $user) {
-            throw new UnauthorizedHttpException('You need to be authenticated.');
-        }
         $rates = $repository->findByEra($era);
 
         return new JsonResponse($rates, Response::HTTP_OK);
-- 
GitLab