From 40a114c99cb2792555af164bd8af2cade5f148d6 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Mon, 6 Jul 2020 13:51:07 -0500
Subject: [PATCH] posts: restrict banned paid rewards for non-approvers.

---
 app/models/post.rb                       |  3 ++-
 test/functional/posts_controller_test.rb | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/app/models/post.rb b/app/models/post.rb
index bee13f9ac..4a35f4cc6 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -1474,7 +1474,8 @@ class Post < ApplicationRecord
   end
 
   def banblocked?(user = CurrentUser.user)
-    is_banned? && !user.is_gold?
+    return false unless is_banned?
+    (has_tag?("paid_reward") && !user.is_approver?) || !user.is_gold?
   end
 
   def visible?(user = CurrentUser.user)
diff --git a/test/functional/posts_controller_test.rb b/test/functional/posts_controller_test.rb
index 65cd5d335..47f831550 100644
--- a/test/functional/posts_controller_test.rb
+++ b/test/functional/posts_controller_test.rb
@@ -374,6 +374,24 @@ class PostsControllerTest < ActionDispatch::IntegrationTest
         end
       end
 
+      context "with banned paid_reward posts" do
+        setup do
+          as(@user) { @post.update!(tag_string: "paid_reward", is_banned: true) }
+        end
+
+        should "show banned paid_rewards to approvers" do
+          get_auth posts_path, create(:approver)
+          assert_response :success
+          assert_select "#post_#{@post.id}", 1
+        end
+
+        should "not show banned paid_rewards to non-approvers" do
+          get_auth posts_path, create(:gold_user)
+          assert_response :success
+          assert_select "#post_#{@post.id}", 0
+        end
+      end
+
       context "in safe mode" do
         should "not include the rating:s tag in the page title" do
           get posts_path(tags: "1girl", safe_mode: true)