mod actions: hide ip bans from non-mods.

Hide IP ban creation and deletion actions from non-mods in the /mod_actions listing. The previous approach of just filtering out the IP from the description was hacky and didn't work with the `only` param (/mod_actions.json?only=id still included the description field).
2019-12-16 12:20:41 -06:00
parent 84ba1d417f
commit 3d03de1c52
3 changed files with 15 additions and 20 deletions
--- a/app/models/mod_action.rb
+++ b/app/models/mod_action.rb
@@ -54,31 +54,28 @@ class ModAction < ApplicationRecord
    other: 2000
  }

+  def self.permitted(user)
+    if user.is_moderator?
+      all
+    else
+      where.not(category: [:ip_ban_create, :ip_ban_delete])
+    end
+  end
+
  def self.search(params)
    q = super

+    q = q.permitted(CurrentUser.user)
    q = q.search_attributes(params, :creator, :category, :description)
    q = q.text_attribute_matches(:description, params[:description_matches])

    q.apply_default_order(params)
  end

-  def filtered_description
-    if (ip_ban_create? || ip_ban_delete?) && !CurrentUser.user.is_moderator?
-      description.gsub(/(created|deleted) ip ban for .*/, "\\1 ip ban")
-    else
-      description
-    end
-  end
-
  def category_id
    self.class.categories[category]
  end

-  def serializable_hash(*args)
-    super(*args).merge("description" => filtered_description)
-  end
-
  def self.log(desc, cat = :other)
    create(:description => desc,:category => categories[cat])
  end
--- a/app/views/mod_actions/index.html.erb
+++ b/app/views/mod_actions/index.html.erb
@@ -20,7 +20,7 @@
            </td>
            <td class="col-expand">
              <div class="prose">
-                <%= format_text(mod_action.filtered_description) %>
+                <%= format_text(mod_action.description) %>
              </div>
            </td>
            <td>
--- a/test/unit/mod_action_test.rb
+++ b/test/unit/mod_action_test.rb
@@ -3,17 +3,15 @@ require 'test_helper'
 class ModActionTest < ActiveSupport::TestCase
  context "A mod action" do
    setup do
-      @user = FactoryBot.create(:user)
-      CurrentUser.user = @user
-      CurrentUser.ip_addr = "127.0.0.1"
+      @user = create(:user)
+      @mod = create(:moderator_user)
    end

    should "hide ip addresses from non-moderators in ip ban modactions" do
-      FactoryBot.create(:ip_ban, ip_addr: "1.1.1.1", reason: "test")
+      as(@mod) { create(:ip_ban, ip_addr: "1.1.1.1", reason: "test") }

-      assert_equal(1, ModAction.count)
-      assert_equal("#{@user.name} created ip ban", ModAction.last.filtered_description)
-      assert_equal("#{@user.name} created ip ban", ModAction.last.as_json["description"])
+      as(@user) { assert_equal(0, ModAction.search({}).count) }
+      as(@mod) { assert_equal(1, ModAction.search({}).count) }
    end
  end
 end