jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

votes: allow Members to vote.

Browse Source 
* Allow Member-level users to vote.
* Don't allow Banned or Restricted users to create favorites any more.

Banned and Restricted users aren't allowed to upvote or favorite any
more to prevent sockpuppet accounts from upvoting even after they're
banned.
This commit is contained in:
evazion
2021-11-16 05:11:04 -06:00
parent 1a27b1d5eb
commit 055e5939b4
5 changed files with 24 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/policies/favorite_policy.rb
View File

@@ -1,6 +1,6 @@
class FavoritePolicy < ApplicationPolicy class FavoritePolicy < ApplicationPolicy
def create? def create?
!user.is_anonymous? unbanned? && user.is_member?
end end
def destroy? def destroy?

2
app/policies/post_vote_policy.rb
View File

@@ -1,6 +1,6 @@
class PostVotePolicy < ApplicationPolicy class PostVotePolicy < ApplicationPolicy
def create? def create?
unbanned? && user.is_gold? unbanned? && user.is_member?
end end
def destroy? def destroy?

1
test/factories/user.rb
View File

@@ -8,6 +8,7 @@ FactoryBot.define do
factory(:banned_user) do factory(:banned_user) do
transient { ban_duration {3} } transient { ban_duration {3} }
is_banned {true} is_banned {true}
active_ban factory: :ban
end end
factory(:restricted_user) do factory(:restricted_user) do

15
test/functional/favorites_controller_test.rb
View File

@@ -48,12 +48,21 @@ class FavoritesControllerTest < ActionDispatch::IntegrationTest
end end
end end
should "allow banned users to create favorites" do should "not allow banned users to create favorites" do
@banned_user = create(:banned_user) @banned_user = create(:banned_user)
assert_difference [-> { @post.favorites.count }, -> { @post.reload.fav_count }, -> { @banned_user.reload.favorite_count }], 1 do assert_difference [-> { @post.favorites.count }, -> { @post.reload.fav_count }, -> { @banned_user.reload.favorite_count }], 0 do
post_auth favorites_path(post_id: @post.id), @banned_user, as: :javascript post_auth favorites_path(post_id: @post.id), @banned_user, as: :javascript
assert_response :redirect assert_response 403
end
end
should "not allow restricted users to create favorites" do
@restricted_user = create(:restricted_user)
assert_difference [-> { @post.favorites.count }, -> { @post.reload.fav_count }, -> { @restricted_user.reload.favorite_count }], 0 do
post_auth favorites_path(post_id: @post.id), @restricted_user, as: :javascript
assert_response 403
end end
end end

11
test/functional/post_votes_controller_test.rb
View File

@@ -185,13 +185,20 @@ class PostVotesControllerTest < ActionDispatch::IntegrationTest
assert_equal(0, @post.reload.score) assert_equal(0, @post.reload.score)
end end
should "not allow members to vote" do should "not allow restricted users to vote" do
post_auth post_post_votes_path(post_id: @post.id), create(:user), params: { score: 1, format: "js" } post_auth post_post_votes_path(post_id: @post.id), create(:restricted_user), params: { score: 1, format: "js"}
assert_response 403 assert_response 403
assert_equal(0, @post.reload.score) assert_equal(0, @post.reload.score)
end end
should "allow members to vote" do
post_auth post_post_votes_path(post_id: @post.id), create(:user), params: { score: 1, format: "js" }
assert_response :success
assert_equal(1, @post.reload.score)
end
should "not allow invalid scores" do should "not allow invalid scores" do
post_auth post_post_votes_path(post_id: @post.id), @user, params: { score: 3, format: "js" } post_auth post_post_votes_path(post_id: @post.id), @user, params: { score: 3, format: "js" }