jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tags: fix /tags/1234/edit not enforcing correct category change restrictions.

Browse Source
This commit is contained in:
evazion
2017-12-23 13:16:31 -06:00
parent 19bda2056c
commit 2385933e56
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/models/tag.rb
View File

@@ -202,7 +202,7 @@ class Tag < ApplicationRecord
names.map {|x| find_or_create_by_name(x).name} names.map {|x| find_or_create_by_name(x).name}
end end
def find_or_create_by_name(name, options = {}) def find_or_create_by_name(name, creator: CurrentUser.user)
name = normalize_name(name) name = normalize_name(name)
category = nil category = nil
@@ -222,8 +222,8 @@ class Tag < ApplicationRecord
# next few lines if the category is changed. # next few lines if the category is changed.
tag.update_category_cache tag.update_category_cache
if category_id != tag.category && !tag.is_locked? && ((CurrentUser.is_builder? && tag.post_count < 10_000) || tag.post_count <= 50) if tag.editable_by?(creator)
tag.update_attribute(:category, category_id) tag.update(category: category_id)
end end
end end
@@ -949,7 +949,9 @@ class Tag < ApplicationRecord
end end
def editable_by?(user) def editable_by?(user)
user.is_builder? || (user.is_member? && post_count <= 50) return true if !is_locked? && user.is_builder? && post_count < 10_000
return true if !is_locked? && user.is_member? && post_count < 50
return false
end end
include ApiMethods include ApiMethods