jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix #3842: Mods can demote other mods or admins.

Browse Source
This commit is contained in:
evazion
2018-08-25 13:52:50 -05:00
parent 0bb787d987
commit 3dafca9aec
7 changed files with 1 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/controllers/moderator/invitations_controller.rb
View File

@@ -1,17 +0,0 @@
module Moderator
class InvitationsController < ApplicationController
before_action :moderator_only
def new
end
def create
User.find(params[:invitation][:user_id]).invite!(params[:invitation][:level], params[:invitation][:can_upload_free])
redirect_to moderator_invitations_path
end
def index
@users = User.where("inviter_id = ?", CurrentUser.id).paginate(params[:page])
end
end
end

2
app/helpers/application_helper.rb
View File

@@ -150,7 +150,7 @@ module ApplicationHelper
html << " [" + link_to("+", new_user_feedback_path(:user_feedback => {:category => "positive", :user_id => user.id})) + "]" html << " [" + link_to("+", new_user_feedback_path(:user_feedback => {:category => "positive", :user_id => user.id})) + "]"
unless user.is_gold? unless user.is_gold?
html << " [" + link_to("invite", new_moderator_invitation_path(:invitation => {:name => user.name, :can_upload_free => "1"})) + "]" html << " [" + link_to("promote", edit_admin_user_path(user)) + "]"
end end
else else
html << " [" + link_to("&ndash;".html_safe, new_user_feedback_path(:user_feedback => {:category => "negative", :user_id => user.id})) + "]" html << " [" + link_to("&ndash;".html_safe, new_user_feedback_path(:user_feedback => {:category => "negative", :user_id => user.id})) + "]"

10
app/helpers/moderator/invitations_helper.rb
View File

@@ -1,10 +0,0 @@
module Moderator
module InvitationsHelper
def level_select
choices = []
choices << ["Gold", User::Levels::GOLD]
choices << ["Platinum", User::Levels::PLATINUM]
select(:invitation, :level, choices)
end
end
end

17
app/models/user.rb
View File

@@ -135,22 +135,6 @@ class User < ApplicationRecord
end end
end end
module InvitationMethods
def invite!(level, can_upload_free)
if can_upload_free
self.can_upload_free = true
else
self.can_upload_free = false
end
if level.to_i <= Levels::BUILDER
self.level = level
self.inviter_id = CurrentUser.id
save
end
end
end
module NameMethods module NameMethods
extend ActiveSupport::Concern extend ActiveSupport::Concern
@@ -909,7 +893,6 @@ class User < ApplicationRecord
include BlacklistMethods include BlacklistMethods
include ForumMethods include ForumMethods
include LimitMethods include LimitMethods
include InvitationMethods
include ApiMethods include ApiMethods
include CountMethods include CountMethods
extend SearchMethods extend SearchMethods

17
app/views/moderator/invitations/index.html.erb
View File

@@ -1,17 +0,0 @@
<div id="c-moderator-invitations">
<div id="a-index">
<h1>Invitations</h1>
<ul>
<% @users.each do |user| %>
<li><%= link_to_user user %></li>
<% end %>
</ul>
<%= numbered_paginator(@users) %>
</div>
</div>
<% content_for(:page_title) do %>
Invitations - <%= Danbooru.config.app_name %>
<% end %>

28
app/views/moderator/invitations/new.html.erb
View File

@@ -1,28 +0,0 @@
<div id="c-moderator-invitations">
<div id="a-new">
<h1>New Invitation</h1>
<%= form_tag(moderator_invitations_path, :class => "simple_form") do %>
<div class="input">
<label>User</label>
<%= text_field :invitation, :user_name, :value => params[:invitation][:name] %>
</div>
<div class="input">
<label>Level</label>
<%= level_select %>
</div>
<div class="input">
<label>Unrestricted Uploads</label>
<%= check_box :invitation, :can_upload_free %>
</div>
<%= submit_tag %>
<% end %>
</div>
</div>
<% content_for(:page_title) do %>
New Invitation - <%= Danbooru.config.app_name %>
<% end %>

21
test/unit/user_test.rb
View File

@@ -38,27 +38,6 @@ class UserTest < ActiveSupport::TestCase
end end
end end
context "that has been invited by a mod" do
setup do
@mod = FactoryBot.create(:moderator_user)
end
should "work" do
@user.invite!(User::Levels::BUILDER, "1")
@user.reload
assert_equal(User::Levels::BUILDER, @user.level)
assert_equal(true, @user.can_upload_free)
end
should "create a mod action" do
assert_difference("ModAction.count") do
@user.invite!(User::Levels::BUILDER, "1")
end
assert_equal(%{"#{@user.name}":/users/#{@user.id} level changed Member -> Builder}, ModAction.last.description)
assert_equal("user_level", ModAction.last.category)
end
end
should "not validate if the originating ip address is banned" do should "not validate if the originating ip address is banned" do
FactoryBot.create(:ip_ban, ip_addr: '127.0.0.1') FactoryBot.create(:ip_ban, ip_addr: '127.0.0.1')
user = FactoryBot.build(:user) user = FactoryBot.build(:user)