jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

votes: allow Members to vote.

Browse Source 
* Allow Member-level users to vote.
* Don't allow Banned or Restricted users to create favorites any more.

Banned and Restricted users aren't allowed to upvote or favorite any
more to prevent sockpuppet accounts from upvoting even after they're
banned.
This commit is contained in:
evazion
2021-11-16 05:11:04 -06:00
parent 1a27b1d5eb
commit 055e5939b4
5 changed files with 24 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
test/functional/favorites_controller_test.rb
View File

@@ -48,12 +48,21 @@ class FavoritesControllerTest < ActionDispatch::IntegrationTest
end
end
should "allow banned users to create favorites" do
should "not allow banned users to create favorites" do
@banned_user = create(:banned_user)
assert_difference [-> { @post.favorites.count }, -> { @post.reload.fav_count }, -> { @banned_user.reload.favorite_count }], 1 do
assert_difference [-> { @post.favorites.count }, -> { @post.reload.fav_count }, -> { @banned_user.reload.favorite_count }], 0 do
post_auth favorites_path(post_id: @post.id), @banned_user, as: :javascript
assert_response :redirect
assert_response 403
end
end
should "not allow restricted users to create favorites" do
@restricted_user = create(:restricted_user)
assert_difference [-> { @post.favorites.count }, -> { @post.reload.fav_count }, -> { @restricted_user.reload.favorite_count }], 0 do
post_auth favorites_path(post_id: @post.id), @restricted_user, as: :javascript
assert_response 403
end
end

11
test/functional/post_votes_controller_test.rb
View File

@@ -185,13 +185,20 @@ class PostVotesControllerTest < ActionDispatch::IntegrationTest
assert_equal(0, @post.reload.score)
end
should "not allow members to vote" do
post_auth post_post_votes_path(post_id: @post.id), create(:user), params: { score: 1, format: "js" }
should "not allow restricted users to vote" do
post_auth post_post_votes_path(post_id: @post.id), create(:restricted_user), params: { score: 1, format: "js"}
assert_response 403
assert_equal(0, @post.reload.score)
end
should "allow members to vote" do
post_auth post_post_votes_path(post_id: @post.id), create(:user), params: { score: 1, format: "js" }
assert_response :success
assert_equal(1, @post.reload.score)
end
should "not allow invalid scores" do
post_auth post_post_votes_path(post_id: @post.id), @user, params: { score: 3, format: "js" }