models: refactor search visibility methods.

Refactor how model visibility works in index actions: * Call `visible` in the controller instead of in model `search` methods. This decouples model visibility from model searching. * Explicitly pass CurrentUser when calling `visible`. This reduces hidden dependencies on the current user inside models. * Standardize on calling the method `visible`. In some places it was called `permitted` instead. * Add a `visible` base method to ApplicationModel.
2020-02-19 16:28:10 -06:00
parent bd6d896ee0
commit 0ad42d23c9
24 changed files with 49 additions and 42 deletions
--- a/app/controllers/dmails_controller.rb
+++ b/app/controllers/dmails_controller.rb
@@ -15,7 +15,7 @@ class DmailsController < ApplicationController
  end

  def index
-    @dmails = Dmail.visible.paginated_search(params, count_pages: true)
+    @dmails = Dmail.visible(CurrentUser.user).paginated_search(params, count_pages: true)
    @dmails = @dmails.includes(:owner, :to, :from) if request.format.html?

    respond_with(@dmails)
--- a/app/controllers/favorite_groups_controller.rb
+++ b/app/controllers/favorite_groups_controller.rb
@@ -4,7 +4,7 @@ class FavoriteGroupsController < ApplicationController

  def index
    params[:search][:creator_id] ||= params[:user_id]
-    @favorite_groups = FavoriteGroup.paginated_search(params)
+    @favorite_groups = FavoriteGroup.visible(CurrentUser.user).paginated_search(params)
    @favorite_groups = @favorite_groups.includes(:creator) if request.format.html?

    respond_with(@favorite_groups)
--- a/app/controllers/forum_post_votes_controller.rb
+++ b/app/controllers/forum_post_votes_controller.rb
@@ -3,7 +3,7 @@ class ForumPostVotesController < ApplicationController
  before_action :member_only, only: [:create, :destroy]

  def index
-    @forum_post_votes = ForumPostVote.visible.paginated_search(params, count_pages: true)
+    @forum_post_votes = ForumPostVote.visible(CurrentUser.user).paginated_search(params, count_pages: true)
    @forum_post_votes = @forum_post_votes.includes(:creator, forum_post: [:creator, :topic]) if request.format.html?

    respond_with(@forum_post_votes)
--- a/app/controllers/forum_posts_controller.rb
+++ b/app/controllers/forum_posts_controller.rb
@@ -24,7 +24,7 @@ class ForumPostsController < ApplicationController
  end

  def index
-    @forum_posts = ForumPost.paginated_search(params)
+    @forum_posts = ForumPost.visible(CurrentUser.user).paginated_search(params)
    @forum_posts = @forum_posts.includes(:topic, :creator) if request.format.html?

    respond_with(@forum_posts)
--- a/app/controllers/forum_topics_controller.rb
+++ b/app/controllers/forum_topics_controller.rb
@@ -23,7 +23,7 @@ class ForumTopicsController < ApplicationController
    params[:search][:order] ||= "sticky" if request.format.html?
    params[:limit] ||= 40

-    @forum_topics = ForumTopic.paginated_search(params)
+    @forum_topics = ForumTopic.visible(CurrentUser.user).paginated_search(params)

    if request.format.atom?
      @forum_topics = @forum_topics.includes(:creator, :original_post)
--- a/app/controllers/mod_actions_controller.rb
+++ b/app/controllers/mod_actions_controller.rb
@@ -2,7 +2,7 @@ class ModActionsController < ApplicationController
  respond_to :html, :xml, :json

  def index
-    @mod_actions = ModAction.paginated_search(params)
+    @mod_actions = ModAction.visible(CurrentUser.user).paginated_search(params)
    @mod_actions = @mod_actions.includes(:creator) if request.format.html?

    respond_with(@mod_actions)
--- a/app/controllers/moderation_reports_controller.rb
+++ b/app/controllers/moderation_reports_controller.rb
@@ -10,7 +10,7 @@ class ModerationReportsController < ApplicationController
  end

  def index
-    @moderation_reports = ModerationReport.paginated_search(params, count_pages: true)
+    @moderation_reports = ModerationReport.visible(CurrentUser.user).paginated_search(params, count_pages: true)
    @moderation_reports = @moderation_reports.includes(:creator, :model) if request.format.html?

    respond_with(@moderation_reports)
--- a/app/controllers/post_votes_controller.rb
+++ b/app/controllers/post_votes_controller.rb
@@ -5,7 +5,7 @@ class PostVotesController < ApplicationController
  rescue_with PostVote::Error, status: 422

  def index
-    @post_votes = PostVote.paginated_search(params, count_pages: true)
+    @post_votes = PostVote.visible(CurrentUser.user).paginated_search(params, count_pages: true)
    @post_votes = @post_votes.includes(:user, post: :uploader) if request.format.html?

    respond_with(@post_votes)
--- a/app/controllers/user_feedbacks_controller.rb
+++ b/app/controllers/user_feedbacks_controller.rb
@@ -19,7 +19,7 @@ class UserFeedbacksController < ApplicationController
  end

  def index
-    @user_feedbacks = UserFeedback.paginated_search(params, count_pages: true)
+    @user_feedbacks = UserFeedback.visible(CurrentUser.user).paginated_search(params, count_pages: true)
    @user_feedbacks = @user_feedbacks.includes(:user, :creator) if request.format.html?

    respond_with(@user_feedbacks)
--- a/app/controllers/user_name_change_requests_controller.rb
+++ b/app/controllers/user_name_change_requests_controller.rb
@@ -20,7 +20,7 @@ class UserNameChangeRequestsController < ApplicationController
  end

  def index
-    @change_requests = UserNameChangeRequest.visible.order("id desc").paginate(params[:page], :limit => params[:limit])
+    @change_requests = UserNameChangeRequest.visible(CurrentUser.user).order("id desc").paginate(params[:page], :limit => params[:limit])
    respond_with(@change_requests)
  end