jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

mod actions: hide ip bans from non-mods.

Browse Source 
Hide IP ban creation and deletion actions from non-mods in the
/mod_actions listing.

The previous approach of just filtering out the IP from the description
was hacky and didn't work with the `only` param (/mod_actions.json?only=id
still included the description field).
This commit is contained in:
evazion
2019-12-16 12:20:41 -06:00
parent 84ba1d417f
commit 3d03de1c52
3 changed files with 15 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/models/mod_action.rb
View File

@@ -54,31 +54,28 @@ class ModAction < ApplicationRecord
other: 2000 other: 2000
} }
def self.permitted(user)
if user.is_moderator?
all
else
where.not(category: [:ip_ban_create, :ip_ban_delete])
end
end
def self.search(params) def self.search(params)
q = super q = super
q = q.permitted(CurrentUser.user)
q = q.search_attributes(params, :creator, :category, :description) q = q.search_attributes(params, :creator, :category, :description)
q = q.text_attribute_matches(:description, params[:description_matches]) q = q.text_attribute_matches(:description, params[:description_matches])
q.apply_default_order(params) q.apply_default_order(params)
end end
def filtered_description
if (ip_ban_create? || ip_ban_delete?) && !CurrentUser.user.is_moderator?
description.gsub(/(created|deleted) ip ban for .*/, "\\1 ip ban")
else
description
end
end
def category_id def category_id
self.class.categories[category] self.class.categories[category]
end end
def serializable_hash(*args)
super(*args).merge("description" => filtered_description)
end
def self.log(desc, cat = :other) def self.log(desc, cat = :other)
create(:description => desc,:category => categories[cat]) create(:description => desc,:category => categories[cat])
end end

2
app/views/mod_actions/index.html.erb
View File

@@ -20,7 +20,7 @@
</td> </td>
<td class="col-expand"> <td class="col-expand">
<div class="prose"> <div class="prose">
<%= format_text(mod_action.filtered_description) %> <%= format_text(mod_action.description) %>
</div> </div>
</td> </td>
<td> <td>

12
test/unit/mod_action_test.rb
View File

@@ -3,17 +3,15 @@ require 'test_helper'
class ModActionTest < ActiveSupport::TestCase class ModActionTest < ActiveSupport::TestCase
context "A mod action" do context "A mod action" do
setup do setup do
@user = FactoryBot.create(:user) @user = create(:user)
CurrentUser.user = @user @mod = create(:moderator_user)
CurrentUser.ip_addr = "127.0.0.1"
end end
should "hide ip addresses from non-moderators in ip ban modactions" do should "hide ip addresses from non-moderators in ip ban modactions" do
FactoryBot.create(:ip_ban, ip_addr: "1.1.1.1", reason: "test") as(@mod) { create(:ip_ban, ip_addr: "1.1.1.1", reason: "test") }
assert_equal(1, ModAction.count) as(@user) { assert_equal(0, ModAction.search({}).count) }
assert_equal("#{@user.name} created ip ban", ModAction.last.filtered_description) as(@mod) { assert_equal(1, ModAction.search({}).count) }
assert_equal("#{@user.name} created ip ban", ModAction.last.as_json["description"])
end end
end end
end end