jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

policies: remove current request from context.

Browse Source 
This refactors Pundit policies to only rely on the current user, not on
the current user and the current HTTP request. In retrospect, it was a
bad idea to include the current request in the Pundit context. It bleeds
out everywhere and there are many contexts (in tests and models) where
we only have the current user, not the current request. The previous
commit got rid of the only two places where we used it.
This commit is contained in:
evazion
2021-01-17 00:41:09 -06:00
parent 6671711784
commit 054ac51d47
13 changed files with 24 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/models/post.rb
View File

@@ -668,12 +668,12 @@ class Post < ApplicationRecord
when /^-favgroup:(.+)$/i
favgroup = FavoriteGroup.find_by_name_or_id!($1, CurrentUser.user)
raise User::PrivilegeError unless Pundit.policy!([CurrentUser.user, nil], favgroup).update?
raise User::PrivilegeError unless Pundit.policy!(CurrentUser.user, favgroup).update?
favgroup&.remove!(self)
when /^favgroup:(.+)$/i
favgroup = FavoriteGroup.find_by_name_or_id!($1, CurrentUser.user)
raise User::PrivilegeError unless Pundit.policy!([CurrentUser.user, nil], favgroup).update?
raise User::PrivilegeError unless Pundit.policy!(CurrentUser.user, favgroup).update?
favgroup&.add!(self)
end
@@ -779,7 +779,7 @@ class Post < ApplicationRecord
def add_favorite!(user)
Favorite.add(post: self, user: user)
vote!("up", user) if Pundit.policy!([user, nil], PostVote).create?
vote!("up", user) if Pundit.policy!(user, PostVote).create?
rescue PostVote::Error
end
@@ -789,7 +789,7 @@ class Post < ApplicationRecord
def remove_favorite!(user)
Favorite.remove(post: self, user: user)
unvote!(user) if Pundit.policy!([user, nil], PostVote).create?
unvote!(user) if Pundit.policy!(user, PostVote).create?
rescue PostVote::Error
end
@@ -803,7 +803,7 @@ class Post < ApplicationRecord
# Users who publicly favorited this post, ordered by time of favorite.
def visible_favorited_users(viewer)
favorited_users.order("favorites.id DESC").select do |fav_user|
Pundit.policy!([viewer, nil], fav_user).can_see_favorites?
Pundit.policy!(viewer, fav_user).can_see_favorites?
end
end
@@ -876,7 +876,7 @@ class Post < ApplicationRecord
end
def vote!(vote, voter = CurrentUser.user)
unless Pundit.policy!([voter, nil], PostVote).create?
unless Pundit.policy!(voter, PostVote).create?
raise PostVote::Error.new("You do not have permission to vote")
end