jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

favorites: convert user.hide_favorites? to pundit.

Browse Source
This commit is contained in:
evazion
2020-03-21 22:12:23 -05:00
parent 5bc82bf07b
commit 2445e8b82f
7 changed files with 25 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/logical/post_query_builder.rb
View File

@@ -852,31 +852,30 @@ class PostQueryBuilder
when "-fav"
favuser = User.find_by_name(g2)
if favuser.hide_favorites?
raise User::PrivilegeError.new
if favuser.nil? || !Pundit.policy!([CurrentUser.user, nil], favuser).can_see_favorites?
raise User::PrivilegeError
end
q[:tags][:exclude] << "fav:#{User.name_to_id(g2)}"
q[:tags][:exclude] << "fav:#{favuser.id}"
when "fav"
favuser = User.find_by_name(g2)
if favuser.hide_favorites?
raise User::PrivilegeError.new
if favuser.nil? || !Pundit.policy!([CurrentUser.user, nil], favuser).can_see_favorites?
raise User::PrivilegeError
end
q[:tags][:related] << "fav:#{User.name_to_id(g2)}"
q[:tags][:related] << "fav:#{favuser.id}"
when "ordfav"
user_id = User.name_to_id(g2)
favuser = User.find(user_id)
favuser = User.find_by_name(g2)
if favuser.hide_favorites?
if favuser.nil? || !Pundit.policy!([CurrentUser.user, nil], favuser).can_see_favorites?
raise User::PrivilegeError.new
end
q[:tags][:related] << "fav:#{user_id}"
q[:ordfav] = user_id
q[:tags][:related] << "fav:#{favuser.id}"
q[:ordfav] = favuser.id
when "search"
q[:saved_searches] ||= []

2
app/logical/recommender_service.rb
View File

@@ -54,7 +54,7 @@ module RecommenderService
end
if user.present?
raise User::PrivilegeError if user.hide_favorites?
raise User::PrivilegeError unless Pundit.policy!([CurrentUser.user, nil], user).can_see_favorites?
max_recommendations = params.fetch(:max_recommendations, user.favorite_count + 500).to_i.clamp(0, 50000)
recs = RecommenderService.recommend_for_user(user, tags: params[:post_tags_match], limit: max_recommendations)
elsif post.present?

4
app/models/post.rb
View File

@@ -956,7 +956,9 @@ class Post < ApplicationRecord
# users who favorited this post, ordered by users who favorited it first
def favorited_users
favorited_user_ids = fav_string.scan(/\d+/).map(&:to_i)
visible_users = User.find(favorited_user_ids).reject(&:hide_favorites?)
visible_users = User.find(favorited_user_ids).select do |user|
Pundit.policy!([CurrentUser.user, nil], user).can_see_favorites?
end
ordered_users = visible_users.index_by(&:id).slice(*favorited_user_ids).values
ordered_users
end

4
app/models/user.rb
View File

@@ -673,10 +673,6 @@ class User < ApplicationRecord
include CountMethods
extend SearchMethods
def hide_favorites?
!CurrentUser.is_admin? && enable_private_favorites? && CurrentUser.user.id != id
end
def initialize_attributes
self.enable_post_navigation = true
self.new_post_navigation_layout = true

4
app/policies/user_policy.rb
View File

@@ -23,6 +23,10 @@ class UserPolicy < ApplicationPolicy
user.is_member?
end
def can_see_favorites?
user.is_admin? || record.id == user.id || !record.enable_private_favorites?
end
def permitted_attributes_for_create
[:name, :password, :password_confirmation, { email_address_attributes: [:address] }]
end

2
app/views/users/_post_summary.html.erb
View File

@@ -11,7 +11,7 @@
</div>
<% end %>
<% if presenter.has_favorites? && !user.hide_favorites? %>
<% if presenter.has_favorites? && policy(user).can_see_favorites? %>
<div class="box user-favorites">
<h2>
<%= link_to "Favorites", posts_path(tags: "ordfav:#{user.name}") %>

6
test/functional/recommended_posts_controller_test.rb
View File

@@ -36,6 +36,12 @@ class RecommendedPostsControllerTest < ActionDispatch::IntegrationTest
assert_select ".recommended-posts"
assert_select ".recommended-posts #post_#{@post.id}"
end
should "not show recommendations for users with private favorites to other users" do
@other_user = create(:user, enable_private_favorites: true)
get_auth recommended_posts_path(search: { user_id: @other_user.id }), @user
assert_response 403
end
end
end
end