Merge branch 'master' of https://github.com/r888888888/danbooru

2013-07-27 12:25:45 -04:00
parent f4864b42c6 29e8feb287
commit 20f0ade4e0
13 changed files with 66 additions and 39 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -4,7 +4,7 @@ class SessionsController < ApplicationController
  end

  def create
-    session_creator = SessionCreator.new(session, cookies, params[:name], params[:password], params[:remember])
+    session_creator = SessionCreator.new(session, cookies, params[:name], params[:password], params[:remember], request.ssl?)

    if session_creator.authenticate
      url = params[:url] if params[:url] && params[:url].start_with?("/")
--- a/app/controllers/tag_alias_corrections_controller.rb
+++ b/app/controllers/tag_alias_corrections_controller.rb
@@ -1,5 +1,5 @@
 class TagAliasCorrectionsController < ApplicationController
-  before_filter :moderator_only
+  before_filter :janitor_only

  def create
    @correction = TagAliasCorrection.new(params[:tag_alias_id])
--- a/app/controllers/tag_aliases_controller.rb
+++ b/app/controllers/tag_aliases_controller.rb
@@ -1,5 +1,5 @@
 class TagAliasesController < ApplicationController
-  before_filter :admin_only, :only => [:approve, :destroy, :new, :create]
+  before_filter :admin_only, :only => [:approve, :new, :create]
  respond_to :html, :xml, :json, :js

  def new
@@ -32,10 +32,14 @@ class TagAliasesController < ApplicationController

  def destroy
    @tag_alias = TagAlias.find(params[:id])
-    @tag_alias.update_column(:status, "deleted")
-    @tag_alias.clear_all_cache
-    @tag_alias.destroy
-    respond_with(@tag_alias, :location => tag_aliases_path)
+    if @tag_alias.deletable_by?(CurrentUser.user)
+      @tag_alias.update_column(:status, "deleted")
+      @tag_alias.clear_all_cache
+      @tag_alias.destroy
+      respond_with(@tag_alias, :location => tag_aliases_path)
+    else
+      access_denied
+    end
  end

  def approve
--- a/app/controllers/tag_implications_controller.rb
+++ b/app/controllers/tag_implications_controller.rb
@@ -1,5 +1,5 @@
 class TagImplicationsController < ApplicationController
-  before_filter :admin_only, :only => [:new, :create, :approve, :destroy]
+  before_filter :admin_only, :only => [:new, :create, :approve]
  respond_to :html, :xml, :json, :js

  def new
@@ -24,12 +24,16 @@ class TagImplicationsController < ApplicationController

  def destroy
    @tag_implication = TagImplication.find(params[:id])
-    @tag_implication.destroy
-    respond_with(@tag_implication) do |format|
-      format.html do
-        flash[:notice] = "Tag implication was deleted"
-        redirect_to(tag_implications_path)
+    if @tag_implication.deletable_by?(CurrentUser.user)
+      @tag_implication.destroy
+      respond_with(@tag_implication) do |format|
+        format.html do
+          flash[:notice] = "Tag implication was deleted"
+          redirect_to(tag_implications_path)
+        end
      end
+    else
+      access_denied
    end
  end

--- a/app/logical/post_query_builder.rb
+++ b/app/logical/post_query_builder.rb
@@ -276,8 +276,6 @@ class PostQueryBuilder

    if q[:order] == "rank"
      relation = relation.where("posts.score > 0 and posts.created_at >= ?", 2.days.ago)
-    elsif q[:order] == "rank2"
-      relation = relation.where("posts.fav_count > 0 and posts.created_at >= ?", 2.days.ago)
    elsif q[:order] == "landscape" || q[:order] == "portrait"
      relation = relation.where("posts.image_width IS NOT NULL and posts.image_height IS NOT NULL")
    end
@@ -336,9 +334,6 @@ class PostQueryBuilder
    when "rank"
      relation = relation.order("log(3, posts.score) + (extract(epoch from posts.created_at) - extract(epoch from timestamp '2005-05-24')) / 45000 DESC")

-    when "rank2"
-      relation = relation.order("log(3, posts.fav_count) + (extract(epoch from posts.created_at) - extract(epoch from timestamp '2005-05-24')) / 45000 DESC")
-
    else
      relation = relation.order("posts.id DESC")
    end
--- a/app/logical/session_creator.rb
+++ b/app/logical/session_creator.rb
@@ -1,12 +1,13 @@
 class SessionCreator
-  attr_reader :session, :cookies, :name, :password, :remember
+  attr_reader :session, :cookies, :name, :password, :remember, :secure

-  def initialize(session, cookies, name, password, remember)
+  def initialize(session, cookies, name, password, remember = false, secure = false)
    @session = session
    @cookies = cookies
    @name = name
    @password = password
    @remember = remember
+    @secure = secure
  end

  def authenticate
@@ -15,8 +16,15 @@ class SessionCreator
      user.update_column(:last_logged_in_at, Time.now)

      if remember.present?
-        cookies.permanent.signed[:user_name] = user.name
-        cookies.permanent[:password_hash] = user.bcrypt_cookie_password_hash
+        cookies.permanent.signed[:user_name] = {
+          :value => user.name,
+          :secure => secure
+        }
+        cookies.permanent[:password_hash] = {
+          :value => user.bcrypt_cookie_password_hash,
+          :secure => secure,
+          :httponly => true
+        }
      end

      session[:user_id] = user.id
--- a/app/logical/user_deletion.rb
+++ b/app/logical/user_deletion.rb
@@ -3,10 +3,12 @@ class UserDeletion

  attr_reader :user, :password

-  def self.remove_favorites_for(user_name, user_id)
+  def self.remove_favorites_for(user_id)
    user = User.find(user_id)
-    Post.raw_tag_match("fav:#{user_id}").find_each do |post|
-      Favorite.remove(post, user)
+    Post.without_timeout do
+      Post.raw_tag_match("fav:#{user_id}").find_each do |post|
+        Favorite.remove(post, user)
+      end
    end
  end

@@ -56,7 +58,7 @@ private
  end

  def remove_favorites
-    UserDeletion.delay(:queue => "default").remove_favorites_for(user.name, user.id)
+    UserDeletion.delay(:queue => "default").remove_favorites_for(user.id)
  end

  def rename
--- a/app/models/tag_alias.rb
+++ b/app/models/tag_alias.rb
@@ -163,4 +163,11 @@ class TagAlias < ActiveRecord::Base
      end
    end
  end
+
+  def deletable_by?(user)
+    return true if user.is_admin?
+    return true if is_pending? && user.is_janitor?
+    return true if is_pending? && user.id == creator_id
+    return false
+  end
 end
--- a/app/models/tag_implication.rb
+++ b/app/models/tag_implication.rb
@@ -164,4 +164,11 @@ class TagImplication < ActiveRecord::Base
    clear_parent_cache
    clear_descendants_cache
  end
+
+  def deletable_by?(user)
+    return true if user.is_admin?
+    return true if is_pending? && user.is_janitor?
+    return true if is_pending? && user.id == creator_id
+    return false
+  end
 end
--- a/app/views/artist_versions/_secondary_links.html.erb
+++ b/app/views/artist_versions/_secondary_links.html.erb
@@ -1,6 +1,6 @@
 <% content_for(:secondary_links) do %>
  <menu>
-    <li><%= link_to "Artists", artists_path %></li>
+    <li><%= link_to "Listing", artists_path %></li>
    <li><%= link_to "New", new_artist_path %></li>
    <li><%= link_to "Search", search_artist_versions_path %></li>
  </menu>
--- a/app/views/post_versions/_secondary_links.html.erb
+++ b/app/views/post_versions/_secondary_links.html.erb
@@ -1,6 +1,6 @@
 <% content_for(:secondary_links) do %>
  <menu>
-    <li><%= link_to "Posts", posts_path %></li>
+    <li><%= link_to "Listing", posts_path %></li>
    <li><%= link_to "Upload", new_upload_path %></li>
    <li><%= link_to "Search", search_post_versions_path %></li>
    <li><%= link_to "Changes", post_versions_path %></li>
--- a/app/views/tag_aliases/index.html.erb
+++ b/app/views/tag_aliases/index.html.erb
@@ -32,16 +32,16 @@
              <%= tag_alias.status %>
            </td>
            <td>
-              <% if CurrentUser.is_admin? %>
+              <% if tag_alias.deletable_by?(CurrentUser.user) %>
                <%= link_to "Delete", tag_alias_path(tag_alias), :remote => true, :method => :delete, :confirm => "Are you sure you want to delete this alias?" %>
+              <% end %>

-                <% if tag_alias.is_pending? %>
-                  | <%= link_to "Approve", approve_tag_alias_path(tag_alias), :remote => true, :method => :post %>
-                <% end %>
+              <% if CurrentUser.is_admin? && tag_alias.is_pending? %>
+                | <%= link_to "Approve", approve_tag_alias_path(tag_alias), :remote => true, :method => :post %>
+              <% end %>

-                <% if CurrentUser.is_moderator? %>
-                  | <%= link_to "Fix", tag_alias_correction_path(:tag_alias_id => tag_alias.id) %>
-                <% end %>
+              <% if CurrentUser.is_janitor? %>
+                | <%= link_to "Fix", tag_alias_correction_path(:tag_alias_id => tag_alias.id) %>
              <% end %>
            </td>
          </tr>
--- a/app/views/tag_implications/index.html.erb
+++ b/app/views/tag_implications/index.html.erb
@@ -30,11 +30,11 @@
            </td>
            <td id="tag-implication-status-for-<%= tag_implication.id %>"><%= tag_implication.status %></td>
            <td>
-              <% if CurrentUser.is_admin? %>
+              <% if tag_implication.deletable_by?(CurrentUser.user) %>
                <%= link_to "Delete", tag_implication_path(tag_implication), :remote => true, :method => :delete, :confirm => "Are you sure you want to delete this implication?" %>
-                <% if tag_implication.is_pending? %>
-                  | <%= link_to "Approve", approve_tag_implication_path(tag_implication), :remote => true, :method => :post %>
-                <% end %>
+              <% end %>
+              <% if CurrentUser.user.is_admin? && tag_implication.is_pending? %>
+                | <%= link_to "Approve", approve_tag_implication_path(tag_implication), :remote => true, :method => :post %>
              <% end %>
            </td>
          </tr>