jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added privilege check for seeing flagger usernames

Browse Source 
Also reworked all places dealing with flagger names to use said privilege
This commit is contained in:
Type-kun
2017-06-14 20:43:25 +05:00
parent 5d4592e0e0
commit 1375cc5307
8 changed files with 42 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/logical/post_query_builder.rb
View File

@@ -238,7 +238,9 @@ class PostQueryBuilder
if q[:flagger_ids_neg]
q[:flagger_ids_neg].each do |flagger_id|
relation = relation.where("posts.id NOT IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct)
if CurrentUser.can_view_flagger?(flagger_id)
relation = relation.where("posts.id NOT IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct)
end
end
end
@@ -248,8 +250,8 @@ class PostQueryBuilder
relation = relation.where('EXISTS (' + PostFlag.unscoped.search({:category => "normal"}).where('post_id = posts.id').reorder('').select('1').to_sql + ')')
elsif flagger_id == "none"
relation = relation.where('NOT EXISTS (' + PostFlag.unscoped.search({:category => "normal"}).where('post_id = posts.id').reorder('').select('1').to_sql + ')')
else
relation = relation.where("posts.id IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct)
elsif CurrentUser.can_view_flagger?(flagger_id)
relation = relation.where("posts.id IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct)
end
end
has_constraints!