jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

forum posts: raise privilege error when viewing restricted topics.

Browse Source 
Raise a privilege error when trying to view a restricted topic instead
of handling it in the controller. This way error handling is standardized.
This commit is contained in:
evazion
2019-09-08 15:32:31 -05:00
parent 31c7386b9e
commit 32343303d2
4 changed files with 18 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/controllers/forum_posts_controller.rb
View File

@@ -76,24 +76,7 @@ private
end end
def check_min_level def check_min_level
if CurrentUser.user.level < @forum_topic.min_level raise User::PrivilegeError if CurrentUser.user.level < @forum_topic.min_level
respond_with(@forum_topic) do |fmt|
fmt.html do
flash[:notice] = "Access denied"
redirect_to forum_topics_path
end
fmt.json do
render json: nil, :status => 403
end
fmt.xml do
render xml: nil, :status => 403
end
end
return false
end
end end
def check_privilege(forum_post) def check_privilege(forum_post)

19
app/controllers/forum_topics_controller.rb
View File

@@ -140,24 +140,7 @@ private
end end
def check_min_level def check_min_level
if CurrentUser.user.level < @forum_topic.min_level raise User::PrivilegeError if CurrentUser.user.level < @forum_topic.min_level
respond_with(@forum_topic) do |fmt|
fmt.html do
flash[:notice] = "Access denied"
redirect_to forum_topics_path
end
fmt.json do
render json: nil, :status => 403
end
fmt.xml do
render xml: nil, :status => 403
end
end
return false
end
end end
def forum_topic_params(context) def forum_topic_params(context)

9
test/functional/forum_posts_controller_test.rb
View File

@@ -103,6 +103,15 @@ class ForumPostsControllerTest < ActionDispatch::IntegrationTest
end end
end end
context "show action" do
should "raise an error if the user doesn't have permission to view the topic" do
as(@user) { @forum_post.topic.update(min_level: User::Levels::ADMIN) }
get_auth forum_post_path(@forum_post), @user
assert_response 403
end
end
context "edit action" do context "edit action" do
should "render if the editor is the creator of the topic" do should "render if the editor is the creator of the topic" do
get_auth edit_forum_post_path(@forum_post), @user get_auth edit_forum_post_path(@forum_post), @user

7
test/functional/forum_topics_controller_test.rb
View File

@@ -79,6 +79,13 @@ class ForumTopicsControllerTest < ActionDispatch::IntegrationTest
get forum_topic_path(@forum_topic), params: {:format => :atom} get forum_topic_path(@forum_topic), params: {:format => :atom}
assert_response :success assert_response :success
end end
should "raise an error if the user doesn't have permission to view the topic" do
as(@user) { @forum_topic.update(min_level: User::Levels::ADMIN) }
get_auth forum_topic_path(@forum_topic), @user
assert_response 403
end
end end
context "index action" do context "index action" do