From 3d03de1c5276aee205e22093ae9a57fb15f8b47b Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Mon, 16 Dec 2019 12:20:41 -0600
Subject: [PATCH] mod actions: hide ip bans from non-mods.

Hide IP ban creation and deletion actions from non-mods in the
/mod_actions listing.

The previous approach of just filtering out the IP from the description
was hacky and didn't work with the `only` param (/mod_actions.json?only=id
still included the description field).
---
 app/models/mod_action.rb             | 21 +++++++++------------
 app/views/mod_actions/index.html.erb |  2 +-
 test/unit/mod_action_test.rb         | 12 +++++-------
 3 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/app/models/mod_action.rb b/app/models/mod_action.rb
index 3d5fa8d5e..325e69384 100644
--- a/app/models/mod_action.rb
+++ b/app/models/mod_action.rb
@@ -54,31 +54,28 @@ class ModAction < ApplicationRecord
     other: 2000
   }
 
+  def self.permitted(user)
+    if user.is_moderator?
+      all
+    else
+      where.not(category: [:ip_ban_create, :ip_ban_delete])
+    end
+  end
+
   def self.search(params)
     q = super
 
+    q = q.permitted(CurrentUser.user)
     q = q.search_attributes(params, :creator, :category, :description)
     q = q.text_attribute_matches(:description, params[:description_matches])
 
     q.apply_default_order(params)
   end
 
-  def filtered_description
-    if (ip_ban_create? || ip_ban_delete?) && !CurrentUser.user.is_moderator?
-      description.gsub(/(created|deleted) ip ban for .*/, "\\1 ip ban")
-    else
-      description
-    end
-  end
-
   def category_id
     self.class.categories[category]
   end
 
-  def serializable_hash(*args)
-    super(*args).merge("description" => filtered_description)
-  end
-
   def self.log(desc, cat = :other)
     create(:description => desc,:category => categories[cat])
   end
diff --git a/app/views/mod_actions/index.html.erb b/app/views/mod_actions/index.html.erb
index 50d5489d0..a3722e7da 100644
--- a/app/views/mod_actions/index.html.erb
+++ b/app/views/mod_actions/index.html.erb
@@ -20,7 +20,7 @@
             </td>
             <td class="col-expand">
               <div class="prose">
-                <%= format_text(mod_action.filtered_description) %>
+                <%= format_text(mod_action.description) %>
               </div>
             </td>
             <td>
diff --git a/test/unit/mod_action_test.rb b/test/unit/mod_action_test.rb
index 5bc7c3066..54c386dd2 100644
--- a/test/unit/mod_action_test.rb
+++ b/test/unit/mod_action_test.rb
@@ -3,17 +3,15 @@ require 'test_helper'
 class ModActionTest < ActiveSupport::TestCase
   context "A mod action" do
     setup do
-      @user = FactoryBot.create(:user)
-      CurrentUser.user = @user
-      CurrentUser.ip_addr = "127.0.0.1"
+      @user = create(:user)
+      @mod = create(:moderator_user)
     end
 
     should "hide ip addresses from non-moderators in ip ban modactions" do
-      FactoryBot.create(:ip_ban, ip_addr: "1.1.1.1", reason: "test")
+      as(@mod) { create(:ip_ban, ip_addr: "1.1.1.1", reason: "test") }
 
-      assert_equal(1, ModAction.count)
-      assert_equal("#{@user.name} created ip ban", ModAction.last.filtered_description)
-      assert_equal("#{@user.name} created ip ban", ModAction.last.as_json["description"])
+      as(@user) { assert_equal(0, ModAction.search({}).count) }
+      as(@mod) { assert_equal(1, ModAction.search({}).count) }
     end
   end
 end