From 3dafca9aec0f58fc27b76ecbea8ada0d1b18ea2b Mon Sep 17 00:00:00 2001 From: evazion Date: Sat, 25 Aug 2018 13:52:50 -0500 Subject: [PATCH] Fix #3842: Mods can demote other mods or admins. --- .../moderator/invitations_controller.rb | 17 ----------- app/helpers/application_helper.rb | 2 +- app/helpers/moderator/invitations_helper.rb | 10 ------- app/models/user.rb | 17 ----------- .../moderator/invitations/index.html.erb | 17 ----------- app/views/moderator/invitations/new.html.erb | 28 ------------------- test/unit/user_test.rb | 21 -------------- 7 files changed, 1 insertion(+), 111 deletions(-) delete mode 100644 app/controllers/moderator/invitations_controller.rb delete mode 100644 app/helpers/moderator/invitations_helper.rb delete mode 100644 app/views/moderator/invitations/index.html.erb delete mode 100644 app/views/moderator/invitations/new.html.erb diff --git a/app/controllers/moderator/invitations_controller.rb b/app/controllers/moderator/invitations_controller.rb deleted file mode 100644 index e76af41d5..000000000 --- a/app/controllers/moderator/invitations_controller.rb +++ /dev/null @@ -1,17 +0,0 @@ -module Moderator - class InvitationsController < ApplicationController - before_action :moderator_only - - def new - end - - def create - User.find(params[:invitation][:user_id]).invite!(params[:invitation][:level], params[:invitation][:can_upload_free]) - redirect_to moderator_invitations_path - end - - def index - @users = User.where("inviter_id = ?", CurrentUser.id).paginate(params[:page]) - end - end -end diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 6511eb377..909258809 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -150,7 +150,7 @@ module ApplicationHelper html << " [" + link_to("+", new_user_feedback_path(:user_feedback => {:category => "positive", :user_id => user.id})) + "]" unless user.is_gold? - html << " [" + link_to("invite", new_moderator_invitation_path(:invitation => {:name => user.name, :can_upload_free => "1"})) + "]" + html << " [" + link_to("promote", edit_admin_user_path(user)) + "]" end else html << " [" + link_to("–".html_safe, new_user_feedback_path(:user_feedback => {:category => "negative", :user_id => user.id})) + "]" diff --git a/app/helpers/moderator/invitations_helper.rb b/app/helpers/moderator/invitations_helper.rb deleted file mode 100644 index 14f1cd60a..000000000 --- a/app/helpers/moderator/invitations_helper.rb +++ /dev/null @@ -1,10 +0,0 @@ -module Moderator - module InvitationsHelper - def level_select - choices = [] - choices << ["Gold", User::Levels::GOLD] - choices << ["Platinum", User::Levels::PLATINUM] - select(:invitation, :level, choices) - end - end -end diff --git a/app/models/user.rb b/app/models/user.rb index 1a7117d16..f0cefa6c6 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -135,22 +135,6 @@ class User < ApplicationRecord end end - module InvitationMethods - def invite!(level, can_upload_free) - if can_upload_free - self.can_upload_free = true - else - self.can_upload_free = false - end - - if level.to_i <= Levels::BUILDER - self.level = level - self.inviter_id = CurrentUser.id - save - end - end - end - module NameMethods extend ActiveSupport::Concern @@ -909,7 +893,6 @@ class User < ApplicationRecord include BlacklistMethods include ForumMethods include LimitMethods - include InvitationMethods include ApiMethods include CountMethods extend SearchMethods diff --git a/app/views/moderator/invitations/index.html.erb b/app/views/moderator/invitations/index.html.erb deleted file mode 100644 index abb81f54c..000000000 --- a/app/views/moderator/invitations/index.html.erb +++ /dev/null @@ -1,17 +0,0 @@ -
-
-

Invitations

- -
    - <% @users.each do |user| %> -
  • <%= link_to_user user %>
    • - <% end %> -
- - <%= numbered_paginator(@users) %> -
-
- -<% content_for(:page_title) do %> - Invitations - <%= Danbooru.config.app_name %> -<% end %> diff --git a/app/views/moderator/invitations/new.html.erb b/app/views/moderator/invitations/new.html.erb deleted file mode 100644 index 519b11fe9..000000000 --- a/app/views/moderator/invitations/new.html.erb +++ /dev/null @@ -1,28 +0,0 @@ -
-
-

New Invitation

- - <%= form_tag(moderator_invitations_path, :class => "simple_form") do %> -
- - <%= text_field :invitation, :user_name, :value => params[:invitation][:name] %> -
- -
- - <%= level_select %> -
- -
- - <%= check_box :invitation, :can_upload_free %> -
- - <%= submit_tag %> - <% end %> -
-
- -<% content_for(:page_title) do %> - New Invitation - <%= Danbooru.config.app_name %> -<% end %> diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 951a91291..77583f622 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -38,27 +38,6 @@ class UserTest < ActiveSupport::TestCase end end - context "that has been invited by a mod" do - setup do - @mod = FactoryBot.create(:moderator_user) - end - - should "work" do - @user.invite!(User::Levels::BUILDER, "1") - @user.reload - assert_equal(User::Levels::BUILDER, @user.level) - assert_equal(true, @user.can_upload_free) - end - - should "create a mod action" do - assert_difference("ModAction.count") do - @user.invite!(User::Levels::BUILDER, "1") - end - assert_equal(%{"#{@user.name}":/users/#{@user.id} level changed Member -> Builder}, ModAction.last.description) - assert_equal("user_level", ModAction.last.category) - end - end - should "not validate if the originating ip address is banned" do FactoryBot.create(:ip_ban, ip_addr: '127.0.0.1') user = FactoryBot.build(:user)