diff --git a/app/controllers/dmails_controller.rb b/app/controllers/dmails_controller.rb index 649fc8a16..960503dbf 100644 --- a/app/controllers/dmails_controller.rb +++ b/app/controllers/dmails_controller.rb @@ -15,7 +15,7 @@ class DmailsController < ApplicationController end def index - @dmails = Dmail.visible.paginated_search(params, count_pages: true) + @dmails = Dmail.visible(CurrentUser.user).paginated_search(params, count_pages: true) @dmails = @dmails.includes(:owner, :to, :from) if request.format.html? respond_with(@dmails) diff --git a/app/controllers/favorite_groups_controller.rb b/app/controllers/favorite_groups_controller.rb index 7f08bae11..ed3f98945 100644 --- a/app/controllers/favorite_groups_controller.rb +++ b/app/controllers/favorite_groups_controller.rb @@ -4,7 +4,7 @@ class FavoriteGroupsController < ApplicationController def index params[:search][:creator_id] ||= params[:user_id] - @favorite_groups = FavoriteGroup.paginated_search(params) + @favorite_groups = FavoriteGroup.visible(CurrentUser.user).paginated_search(params) @favorite_groups = @favorite_groups.includes(:creator) if request.format.html? respond_with(@favorite_groups) diff --git a/app/controllers/forum_post_votes_controller.rb b/app/controllers/forum_post_votes_controller.rb index 12e386b86..d968489ea 100644 --- a/app/controllers/forum_post_votes_controller.rb +++ b/app/controllers/forum_post_votes_controller.rb @@ -3,7 +3,7 @@ class ForumPostVotesController < ApplicationController before_action :member_only, only: [:create, :destroy] def index - @forum_post_votes = ForumPostVote.visible.paginated_search(params, count_pages: true) + @forum_post_votes = ForumPostVote.visible(CurrentUser.user).paginated_search(params, count_pages: true) @forum_post_votes = @forum_post_votes.includes(:creator, forum_post: [:creator, :topic]) if request.format.html? respond_with(@forum_post_votes) diff --git a/app/controllers/forum_posts_controller.rb b/app/controllers/forum_posts_controller.rb index ab6133d7f..c99148783 100644 --- a/app/controllers/forum_posts_controller.rb +++ b/app/controllers/forum_posts_controller.rb @@ -24,7 +24,7 @@ class ForumPostsController < ApplicationController end def index - @forum_posts = ForumPost.paginated_search(params) + @forum_posts = ForumPost.visible(CurrentUser.user).paginated_search(params) @forum_posts = @forum_posts.includes(:topic, :creator) if request.format.html? respond_with(@forum_posts) diff --git a/app/controllers/forum_topics_controller.rb b/app/controllers/forum_topics_controller.rb index 4e7346101..22c095680 100644 --- a/app/controllers/forum_topics_controller.rb +++ b/app/controllers/forum_topics_controller.rb @@ -23,7 +23,7 @@ class ForumTopicsController < ApplicationController params[:search][:order] ||= "sticky" if request.format.html? params[:limit] ||= 40 - @forum_topics = ForumTopic.paginated_search(params) + @forum_topics = ForumTopic.visible(CurrentUser.user).paginated_search(params) if request.format.atom? @forum_topics = @forum_topics.includes(:creator, :original_post) diff --git a/app/controllers/mod_actions_controller.rb b/app/controllers/mod_actions_controller.rb index 8441b2f56..8a87c3d43 100644 --- a/app/controllers/mod_actions_controller.rb +++ b/app/controllers/mod_actions_controller.rb @@ -2,7 +2,7 @@ class ModActionsController < ApplicationController respond_to :html, :xml, :json def index - @mod_actions = ModAction.paginated_search(params) + @mod_actions = ModAction.visible(CurrentUser.user).paginated_search(params) @mod_actions = @mod_actions.includes(:creator) if request.format.html? respond_with(@mod_actions) diff --git a/app/controllers/moderation_reports_controller.rb b/app/controllers/moderation_reports_controller.rb index af872b8fe..21a23b9d3 100644 --- a/app/controllers/moderation_reports_controller.rb +++ b/app/controllers/moderation_reports_controller.rb @@ -10,7 +10,7 @@ class ModerationReportsController < ApplicationController end def index - @moderation_reports = ModerationReport.paginated_search(params, count_pages: true) + @moderation_reports = ModerationReport.visible(CurrentUser.user).paginated_search(params, count_pages: true) @moderation_reports = @moderation_reports.includes(:creator, :model) if request.format.html? respond_with(@moderation_reports) diff --git a/app/controllers/post_votes_controller.rb b/app/controllers/post_votes_controller.rb index 77eee0c9f..1ba8e15e9 100644 --- a/app/controllers/post_votes_controller.rb +++ b/app/controllers/post_votes_controller.rb @@ -5,7 +5,7 @@ class PostVotesController < ApplicationController rescue_with PostVote::Error, status: 422 def index - @post_votes = PostVote.paginated_search(params, count_pages: true) + @post_votes = PostVote.visible(CurrentUser.user).paginated_search(params, count_pages: true) @post_votes = @post_votes.includes(:user, post: :uploader) if request.format.html? respond_with(@post_votes) diff --git a/app/controllers/user_feedbacks_controller.rb b/app/controllers/user_feedbacks_controller.rb index a5626c48d..2ad2c6559 100644 --- a/app/controllers/user_feedbacks_controller.rb +++ b/app/controllers/user_feedbacks_controller.rb @@ -19,7 +19,7 @@ class UserFeedbacksController < ApplicationController end def index - @user_feedbacks = UserFeedback.paginated_search(params, count_pages: true) + @user_feedbacks = UserFeedback.visible(CurrentUser.user).paginated_search(params, count_pages: true) @user_feedbacks = @user_feedbacks.includes(:user, :creator) if request.format.html? respond_with(@user_feedbacks) diff --git a/app/controllers/user_name_change_requests_controller.rb b/app/controllers/user_name_change_requests_controller.rb index 40df71d1b..c1646f66a 100644 --- a/app/controllers/user_name_change_requests_controller.rb +++ b/app/controllers/user_name_change_requests_controller.rb @@ -20,7 +20,7 @@ class UserNameChangeRequestsController < ApplicationController end def index - @change_requests = UserNameChangeRequest.visible.order("id desc").paginate(params[:page], :limit => params[:limit]) + @change_requests = UserNameChangeRequest.visible(CurrentUser.user).order("id desc").paginate(params[:page], :limit => params[:limit]) respond_with(@change_requests) end diff --git a/app/models/application_record.rb b/app/models/application_record.rb index 06926bdf5..8f9f94579 100644 --- a/app/models/application_record.rb +++ b/app/models/application_record.rb @@ -1,6 +1,10 @@ class ApplicationRecord < ActiveRecord::Base self.abstract_class = true + include Mentionable + extend HasBitFlags + extend Searchable + concerning :PaginationMethods do class_methods do def paginate(*args, **options) @@ -16,9 +20,15 @@ class ApplicationRecord < ActiveRecord::Base end end - module ApiMethods - extend ActiveSupport::Concern + concerning :PrivilegeMethods do + class_methods do + def visible(user) + all + end + end + end + concerning :ApiMethods do class_methods do def api_attributes(*attributes, including: []) return @api_attributes if @api_attributes @@ -175,9 +185,4 @@ class ApplicationRecord < ActiveRecord::Base def warnings @warnings ||= ActiveModel::Errors.new(self) end - - include ApiMethods - include Mentionable - extend HasBitFlags - extend Searchable end diff --git a/app/models/comment.rb b/app/models/comment.rb index f60dd0b8d..c98e74372 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -142,6 +142,7 @@ class Comment < ApplicationRecord select { |comment| comment.visibility(user) == :hidden } end + # XXX rename def self.visible(user) select { |comment| comment.visibility(user) == :visible } end diff --git a/app/models/comment_vote.rb b/app/models/comment_vote.rb index b3f18b337..28163cb9c 100644 --- a/app/models/comment_vote.rb +++ b/app/models/comment_vote.rb @@ -10,7 +10,7 @@ class CommentVote < ApplicationRecord validate :validate_comment_can_be_down_voted validates_inclusion_of :score, :in => [-1, 1], :message => "must be 1 or -1" - def self.visible(user = CurrentUser.user) + def self.visible(user) if user.is_admin? all elsif user.is_member? diff --git a/app/models/dmail.rb b/app/models/dmail.rb index f3ab4ea16..882ad7f83 100644 --- a/app/models/dmail.rb +++ b/app/models/dmail.rb @@ -21,7 +21,6 @@ class Dmail < ApplicationRecord scope :deleted, -> { where(is_deleted: true) } scope :read, -> { where(is_read: true) } scope :unread, -> { where(is_read: false) } - scope :visible, -> { where(owner: CurrentUser.user) } scope :sent, -> { where("dmails.owner_id = dmails.from_id") } scope :received, -> { where("dmails.owner_id = dmails.to_id") } @@ -85,6 +84,10 @@ class Dmail < ApplicationRecord end module SearchMethods + def visible(user) + where(owner: user) + end + def sent_by(user) where("dmails.from_id = ? AND dmails.owner_id != ?", user.id, user.id) end diff --git a/app/models/favorite_group.rb b/app/models/favorite_group.rb index a74c136f2..77accc492 100644 --- a/app/models/favorite_group.rb +++ b/app/models/favorite_group.rb @@ -27,7 +27,6 @@ class FavoriteGroup < ApplicationRecord def search(params) q = super - q = q.visible(CurrentUser.user) q = q.search_attributes(params, :name, :is_public, :post_ids, :creator) if params[:name_matches].present? diff --git a/app/models/forum_post.rb b/app/models/forum_post.rb index 9b7f02163..75a51a768 100644 --- a/app/models/forum_post.rb +++ b/app/models/forum_post.rb @@ -40,13 +40,12 @@ class ForumPost < ApplicationRecord where(topic_id: ForumTopic.search(title_matches: title).select(:id)) end - def permitted - where(topic_id: ForumTopic.permitted) + def visible(user) + where(topic_id: ForumTopic.visible(user)) end def search(params) q = super - q = q.permitted q = q.search_attributes(params, :creator, :updater, :topic_id, :is_deleted, :body) q = q.text_attribute_matches(:body, params[:body_matches], index_column: :text_index) diff --git a/app/models/forum_post_vote.rb b/app/models/forum_post_vote.rb index 0540d41ab..fe2bcd77c 100644 --- a/app/models/forum_post_vote.rb +++ b/app/models/forum_post_vote.rb @@ -8,7 +8,10 @@ class ForumPostVote < ApplicationRecord scope :down, -> {where(score: -1)} scope :by, ->(user_id) {where(creator_id: user_id)} scope :excluding_user, ->(user_id) {where("creator_id <> ?", user_id)} - scope :visible, -> { where(forum_post: ForumPost.permitted) } + + def self.visible(user) + where(forum_post: ForumPost.visible(user)) + end def self.forum_post_matches(params) return all if params.blank? diff --git a/app/models/forum_topic.rb b/app/models/forum_topic.rb index 70f0e6fb7..1779f3453 100644 --- a/app/models/forum_topic.rb +++ b/app/models/forum_topic.rb @@ -52,8 +52,8 @@ class ForumTopic < ApplicationRecord end module SearchMethods - def permitted - where("min_level <= ?", CurrentUser.level) + def visible(user) + where("min_level <= ?", user.level) end def read_by_user(user) @@ -79,7 +79,6 @@ class ForumTopic < ApplicationRecord def search(params) q = super - q = q.permitted q = q.search_attributes(params, :creator, :updater, :is_sticky, :is_locked, :is_deleted, :category_id, :title, :response_count) q = q.text_attribute_matches(:title, params[:title_matches], index_column: :text_index) @@ -113,7 +112,7 @@ class ForumTopic < ApplicationRecord ForumTopicVisit.create(:user_id => user.id, :forum_topic_id => id, :last_read_at => updated_at) end - unread_topics = ForumTopic.permitted.active.unread_by_user(user) + unread_topics = ForumTopic.visible(user).active.unread_by_user(user) if !unread_topics.exists? user.update!(last_forum_read_at: Time.zone.now) diff --git a/app/models/mod_action.rb b/app/models/mod_action.rb index 4da9db28d..30f67c945 100644 --- a/app/models/mod_action.rb +++ b/app/models/mod_action.rb @@ -54,7 +54,7 @@ class ModAction < ApplicationRecord other: 2000 } - def self.permitted(user) + def self.visible(user) if user.is_moderator? all else @@ -65,7 +65,6 @@ class ModAction < ApplicationRecord def self.search(params) q = super - q = q.permitted(CurrentUser.user) q = q.search_attributes(params, :creator, :category, :description) q = q.text_attribute_matches(:description, params[:description_matches]) diff --git a/app/models/post_vote.rb b/app/models/post_vote.rb index 7aa63f2ed..0c2aec16a 100644 --- a/app/models/post_vote.rb +++ b/app/models/post_vote.rb @@ -26,14 +26,12 @@ class PostVote < ApplicationRecord positive.where(user_id: user_id).pluck(:post_id) end - def self.visible(user = CurrentUser.user) - return all if user.is_admin? - where(user: user) + def self.visible(user) + user.is_admin? ? all : where(user: user) end def self.search(params) q = super - q = q.visible q = q.search_attributes(params, :post, :user, :score) q.apply_default_order(params) end diff --git a/app/models/user.rb b/app/models/user.rb index a2c56271a..ce7b1e4c1 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -117,7 +117,7 @@ class User < ApplicationRecord has_many :dmails, -> {order("dmails.id desc")}, :foreign_key => "owner_id" has_many :saved_searches has_many :forum_posts, -> {order("forum_posts.created_at, forum_posts.id")}, :foreign_key => "creator_id" - has_many :user_name_change_requests, -> {visible.order("user_name_change_requests.created_at desc")} + has_many :user_name_change_requests, -> {order("user_name_change_requests.created_at desc")} has_many :favorite_groups, -> {order(name: :asc)}, foreign_key: :creator_id has_many :favorites, ->(rec) {where("user_id % 100 = #{rec.id % 100} and user_id = #{rec.id}").order("id desc")} has_many :ip_bans, foreign_key: :creator_id @@ -403,7 +403,7 @@ class User < ApplicationRecord module ForumMethods def has_forum_been_updated? return false unless is_gold? - max_updated_at = ForumTopic.permitted.active.maximum(:updated_at) + max_updated_at = ForumTopic.visible(self).active.maximum(:updated_at) return false if max_updated_at.nil? return true if last_forum_read_at.nil? return max_updated_at > last_forum_read_at diff --git a/app/models/user_feedback.rb b/app/models/user_feedback.rb index 8601975e3..78c3e105f 100644 --- a/app/models/user_feedback.rb +++ b/app/models/user_feedback.rb @@ -21,7 +21,7 @@ class UserFeedback < ApplicationRecord scope :undeleted, -> { where(is_deleted: false) } module SearchMethods - def visible(viewer = CurrentUser.user) + def visible(viewer) viewer.is_moderator? ? all : undeleted end @@ -32,7 +32,6 @@ class UserFeedback < ApplicationRecord def search(params) q = super - q = q.visible q = q.search_attributes(params, :user, :creator, :category, :body, :is_deleted) q = q.text_attribute_matches(:body, params[:body_matches]) diff --git a/app/models/user_name_change_request.rb b/app/models/user_name_change_request.rb index 655d30d14..8db511e03 100644 --- a/app/models/user_name_change_request.rb +++ b/app/models/user_name_change_request.rb @@ -8,10 +8,10 @@ class UserNameChangeRequest < ApplicationRecord after_create :update_name! - def self.visible(viewer = CurrentUser.user) - if viewer.is_admin? + def self.visible(user) + if user.is_admin? all - elsif viewer.is_member? + elsif user.is_member? where(user: User.undeleted) else none diff --git a/app/presenters/user_presenter.rb b/app/presenters/user_presenter.rb index 362364dd5..8513109fb 100644 --- a/app/presenters/user_presenter.rb +++ b/app/presenters/user_presenter.rb @@ -152,6 +152,8 @@ class UserPresenter end def previous_names(template) - user.user_name_change_requests.map { |req| template.link_to req.original_name, req }.join(", ").html_safe + user.user_name_change_requests.visible(CurrentUser.user).map do |req| + template.link_to req.original_name, req }.join(", ").html_safe + end end end