Merge branch 'master' of https://github.com/r888888888/danbooru

app/controllers/sessions_controller.rb

@@ -4,7 +4,7 @@ class SessionsController < ApplicationController
   end
 
   def create
-    session_creator = SessionCreator.new(session, cookies, params[:name], params[:password], params[:remember])
+    session_creator = SessionCreator.new(session, cookies, params[:name], params[:password], params[:remember], request.ssl?)
 
     if session_creator.authenticate
       url = params[:url] if params[:url] && params[:url].start_with?("/")

app/controllers/tag_alias_corrections_controller.rb

@@ -1,5 +1,5 @@
 class TagAliasCorrectionsController < ApplicationController
-  before_filter :moderator_only
+  before_filter :janitor_only
 
   def create
     @correction = TagAliasCorrection.new(params[:tag_alias_id])

app/controllers/tag_aliases_controller.rb

@@ -1,5 +1,5 @@
 class TagAliasesController < ApplicationController
-  before_filter :admin_only, :only => [:approve, :destroy, :new, :create]
+  before_filter :admin_only, :only => [:approve, :new, :create]
   respond_to :html, :xml, :json, :js
 
   def new
@@ -32,10 +32,14 @@ class TagAliasesController < ApplicationController
 
   def destroy
     @tag_alias = TagAlias.find(params[:id])
-    @tag_alias.update_column(:status, "deleted")
+    if @tag_alias.deletable_by?(CurrentUser.user)
-    @tag_alias.clear_all_cache
+      @tag_alias.update_column(:status, "deleted")
-    @tag_alias.destroy
+      @tag_alias.clear_all_cache
-    respond_with(@tag_alias, :location => tag_aliases_path)
+      @tag_alias.destroy
+      respond_with(@tag_alias, :location => tag_aliases_path)
+    else
+      access_denied
+    end
   end
 
   def approve

app/controllers/tag_implications_controller.rb

@@ -1,5 +1,5 @@
 class TagImplicationsController < ApplicationController
-  before_filter :admin_only, :only => [:new, :create, :approve, :destroy]
+  before_filter :admin_only, :only => [:new, :create, :approve]
   respond_to :html, :xml, :json, :js
 
   def new
@@ -24,12 +24,16 @@ class TagImplicationsController < ApplicationController
 
   def destroy
     @tag_implication = TagImplication.find(params[:id])
-    @tag_implication.destroy
+    if @tag_implication.deletable_by?(CurrentUser.user)
-    respond_with(@tag_implication) do |format|
+      @tag_implication.destroy
-      format.html do
+      respond_with(@tag_implication) do |format|
-        flash[:notice] = "Tag implication was deleted"
+        format.html do
-        redirect_to(tag_implications_path)
+          flash[:notice] = "Tag implication was deleted"
+          redirect_to(tag_implications_path)
+        end
       end
+    else
+      access_denied
     end
   end
 

app/logical/post_query_builder.rb

@@ -276,8 +276,6 @@ class PostQueryBuilder
 
     if q[:order] == "rank"
       relation = relation.where("posts.score > 0 and posts.created_at >= ?", 2.days.ago)
-    elsif q[:order] == "rank2"
-      relation = relation.where("posts.fav_count > 0 and posts.created_at >= ?", 2.days.ago)
     elsif q[:order] == "landscape" || q[:order] == "portrait"
       relation = relation.where("posts.image_width IS NOT NULL and posts.image_height IS NOT NULL")
     end
@@ -336,9 +334,6 @@ class PostQueryBuilder
     when "rank"
       relation = relation.order("log(3, posts.score) + (extract(epoch from posts.created_at) - extract(epoch from timestamp '2005-05-24')) / 45000 DESC")
 
-    when "rank2"
-      relation = relation.order("log(3, posts.fav_count) + (extract(epoch from posts.created_at) - extract(epoch from timestamp '2005-05-24')) / 45000 DESC")
-
     else
       relation = relation.order("posts.id DESC")
     end

app/logical/session_creator.rb

@@ -1,12 +1,13 @@
 class SessionCreator
-  attr_reader :session, :cookies, :name, :password, :remember
+  attr_reader :session, :cookies, :name, :password, :remember, :secure
 
-  def initialize(session, cookies, name, password, remember)
+  def initialize(session, cookies, name, password, remember = false, secure = false)
     @session = session
     @cookies = cookies
     @name = name
     @password = password
     @remember = remember
+    @secure = secure
   end
 
   def authenticate
@@ -15,8 +16,15 @@ class SessionCreator
       user.update_column(:last_logged_in_at, Time.now)
 
       if remember.present?
-        cookies.permanent.signed[:user_name] = user.name
+        cookies.permanent.signed[:user_name] = {
-        cookies.permanent[:password_hash] = user.bcrypt_cookie_password_hash
+          :value => user.name,
+          :secure => secure
+        }
+        cookies.permanent[:password_hash] = {
+          :value => user.bcrypt_cookie_password_hash,
+          :secure => secure,
+          :httponly => true
+        }
       end
 
       session[:user_id] = user.id

app/logical/user_deletion.rb

@@ -3,10 +3,12 @@ class UserDeletion
 
   attr_reader :user, :password
 
-  def self.remove_favorites_for(user_name, user_id)
+  def self.remove_favorites_for(user_id)
     user = User.find(user_id)
-    Post.raw_tag_match("fav:#{user_id}").find_each do |post|
+    Post.without_timeout do
-      Favorite.remove(post, user)
+      Post.raw_tag_match("fav:#{user_id}").find_each do |post|
+        Favorite.remove(post, user)
+      end
     end
   end
 
@@ -56,7 +58,7 @@ private
   end
 
   def remove_favorites
-    UserDeletion.delay(:queue => "default").remove_favorites_for(user.name, user.id)
+    UserDeletion.delay(:queue => "default").remove_favorites_for(user.id)
   end
 
   def rename

app/models/tag_alias.rb

@@ -163,4 +163,11 @@ class TagAlias < ActiveRecord::Base
       end
     end
   end
+
+  def deletable_by?(user)
+    return true if user.is_admin?
+    return true if is_pending? && user.is_janitor?
+    return true if is_pending? && user.id == creator_id
+    return false
+  end
 end

app/models/tag_implication.rb

@@ -164,4 +164,11 @@ class TagImplication < ActiveRecord::Base
     clear_parent_cache
     clear_descendants_cache
   end
+
+  def deletable_by?(user)
+    return true if user.is_admin?
+    return true if is_pending? && user.is_janitor?
+    return true if is_pending? && user.id == creator_id
+    return false
+  end
 end

app/views/artist_versions/_secondary_links.html.erb

@@ -1,6 +1,6 @@
 <% content_for(:secondary_links) do %>
   <menu>
-    <li><%= link_to "Artists", artists_path %></li>
+    <li><%= link_to "Listing", artists_path %></li>
     <li><%= link_to "New", new_artist_path %></li>
     <li><%= link_to "Search", search_artist_versions_path %></li>
   </menu>

app/views/post_versions/_secondary_links.html.erb

@@ -1,6 +1,6 @@
 <% content_for(:secondary_links) do %>
   <menu>
-    <li><%= link_to "Posts", posts_path %></li>
+    <li><%= link_to "Listing", posts_path %></li>
     <li><%= link_to "Upload", new_upload_path %></li>
     <li><%= link_to "Search", search_post_versions_path %></li>
     <li><%= link_to "Changes", post_versions_path %></li>

app/views/tag_aliases/index.html.erb

@@ -32,16 +32,16 @@
               <%= tag_alias.status %>
             </td>
             <td>
-              <% if CurrentUser.is_admin? %>
+              <% if tag_alias.deletable_by?(CurrentUser.user) %>
                 <%= link_to "Delete", tag_alias_path(tag_alias), :remote => true, :method => :delete, :confirm => "Are you sure you want to delete this alias?" %>
+              <% end %>
 
-                <% if tag_alias.is_pending? %>
+              <% if CurrentUser.is_admin? && tag_alias.is_pending? %>
-                  | <%= link_to "Approve", approve_tag_alias_path(tag_alias), :remote => true, :method => :post %>
+                | <%= link_to "Approve", approve_tag_alias_path(tag_alias), :remote => true, :method => :post %>
-                <% end %>
+              <% end %>
 
-                <% if CurrentUser.is_moderator? %>
+              <% if CurrentUser.is_janitor? %>
-                  | <%= link_to "Fix", tag_alias_correction_path(:tag_alias_id => tag_alias.id) %>
+                | <%= link_to "Fix", tag_alias_correction_path(:tag_alias_id => tag_alias.id) %>
-                <% end %>
               <% end %>
             </td>
           </tr>

app/views/tag_implications/index.html.erb

@@ -30,11 +30,11 @@
             </td>
             <td id="tag-implication-status-for-<%= tag_implication.id %>"><%= tag_implication.status %></td>
             <td>
-              <% if CurrentUser.is_admin? %>
+              <% if tag_implication.deletable_by?(CurrentUser.user) %>
                 <%= link_to "Delete", tag_implication_path(tag_implication), :remote => true, :method => :delete, :confirm => "Are you sure you want to delete this implication?" %>
-                <% if tag_implication.is_pending? %>
+              <% end %>
-                  | <%= link_to "Approve", approve_tag_implication_path(tag_implication), :remote => true, :method => :post %>
+              <% if CurrentUser.user.is_admin? && tag_implication.is_pending? %>
-                <% end %>
+                | <%= link_to "Approve", approve_tag_implication_path(tag_implication), :remote => true, :method => :post %>
               <% end %>
             </td>
           </tr>