From 055e5939b4abd52d3b110d0fb85a34daf264e44e Mon Sep 17 00:00:00 2001 From: evazion Date: Tue, 16 Nov 2021 05:11:04 -0600 Subject: [PATCH] votes: allow Members to vote. * Allow Member-level users to vote. * Don't allow Banned or Restricted users to create favorites any more. Banned and Restricted users aren't allowed to upvote or favorite any more to prevent sockpuppet accounts from upvoting even after they're banned. --- app/policies/favorite_policy.rb | 2 +- app/policies/post_vote_policy.rb | 2 +- test/factories/user.rb | 1 + test/functional/favorites_controller_test.rb | 15 ++++++++++++--- test/functional/post_votes_controller_test.rb | 11 +++++++++-- 5 files changed, 24 insertions(+), 7 deletions(-) diff --git a/app/policies/favorite_policy.rb b/app/policies/favorite_policy.rb index b604f1ea1..29784ceb7 100644 --- a/app/policies/favorite_policy.rb +++ b/app/policies/favorite_policy.rb @@ -1,6 +1,6 @@ class FavoritePolicy < ApplicationPolicy def create? - !user.is_anonymous? + unbanned? && user.is_member? end def destroy? diff --git a/app/policies/post_vote_policy.rb b/app/policies/post_vote_policy.rb index 279e10d5c..730cbe46c 100644 --- a/app/policies/post_vote_policy.rb +++ b/app/policies/post_vote_policy.rb @@ -1,6 +1,6 @@ class PostVotePolicy < ApplicationPolicy def create? - unbanned? && user.is_gold? + unbanned? && user.is_member? end def destroy? diff --git a/test/factories/user.rb b/test/factories/user.rb index dc6cf0942..a9bbe1c77 100644 --- a/test/factories/user.rb +++ b/test/factories/user.rb @@ -8,6 +8,7 @@ FactoryBot.define do factory(:banned_user) do transient { ban_duration {3} } is_banned {true} + active_ban factory: :ban end factory(:restricted_user) do diff --git a/test/functional/favorites_controller_test.rb b/test/functional/favorites_controller_test.rb index 61e94cffe..f714e8393 100644 --- a/test/functional/favorites_controller_test.rb +++ b/test/functional/favorites_controller_test.rb @@ -48,12 +48,21 @@ class FavoritesControllerTest < ActionDispatch::IntegrationTest end end - should "allow banned users to create favorites" do + should "not allow banned users to create favorites" do @banned_user = create(:banned_user) - assert_difference [-> { @post.favorites.count }, -> { @post.reload.fav_count }, -> { @banned_user.reload.favorite_count }], 1 do + assert_difference [-> { @post.favorites.count }, -> { @post.reload.fav_count }, -> { @banned_user.reload.favorite_count }], 0 do post_auth favorites_path(post_id: @post.id), @banned_user, as: :javascript - assert_response :redirect + assert_response 403 + end + end + + should "not allow restricted users to create favorites" do + @restricted_user = create(:restricted_user) + + assert_difference [-> { @post.favorites.count }, -> { @post.reload.fav_count }, -> { @restricted_user.reload.favorite_count }], 0 do + post_auth favorites_path(post_id: @post.id), @restricted_user, as: :javascript + assert_response 403 end end diff --git a/test/functional/post_votes_controller_test.rb b/test/functional/post_votes_controller_test.rb index 43687de23..d329cda62 100644 --- a/test/functional/post_votes_controller_test.rb +++ b/test/functional/post_votes_controller_test.rb @@ -185,13 +185,20 @@ class PostVotesControllerTest < ActionDispatch::IntegrationTest assert_equal(0, @post.reload.score) end - should "not allow members to vote" do - post_auth post_post_votes_path(post_id: @post.id), create(:user), params: { score: 1, format: "js" } + should "not allow restricted users to vote" do + post_auth post_post_votes_path(post_id: @post.id), create(:restricted_user), params: { score: 1, format: "js"} assert_response 403 assert_equal(0, @post.reload.score) end + should "allow members to vote" do + post_auth post_post_votes_path(post_id: @post.id), create(:user), params: { score: 1, format: "js" } + + assert_response :success + assert_equal(1, @post.reload.score) + end + should "not allow invalid scores" do post_auth post_post_votes_path(post_id: @post.id), @user, params: { score: 3, format: "js" }