From 41e0cad4582b09ec9ebbe1ac93c34bd727919a06 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Tue, 23 Mar 2021 00:34:35 -0500
Subject: [PATCH] ip bans: allow full bans to overlap partial bans.

Allow full banning an IP that is part of a subnet that has already been
partially banned.
---
 app/models/ip_ban.rb     | 2 +-
 test/unit/ip_ban_test.rb | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/models/ip_ban.rb b/app/models/ip_ban.rb
index b198643c8..24d76365f 100644
--- a/app/models/ip_ban.rb
+++ b/app/models/ip_ban.rb
@@ -71,7 +71,7 @@ class IpBan < ApplicationRecord
       errors.add(:ip_addr, "may not have a subnet bigger than /64")
     elsif partial_ban? && ip_addr.ipv6? && ip_addr.prefix < 20
       errors.add(:ip_addr, "may not have a subnet bigger than /20")
-    elsif new_record? && IpBan.active.ip_matches(subnetted_ip).exists?
+    elsif new_record? && IpBan.active.where(category: category).ip_matches(subnetted_ip).exists?
       errors.add(:ip_addr, "is already banned")
     end
   end
diff --git a/test/unit/ip_ban_test.rb b/test/unit/ip_ban_test.rb
index 929ca608a..fd2e408c5 100644
--- a/test/unit/ip_ban_test.rb
+++ b/test/unit/ip_ban_test.rb
@@ -16,6 +16,13 @@ class IpBanTest < ActiveSupport::TestCase
     assert(IpBan.ip_matches("1.2.3.255").exists?)
   end
 
+  should "allow a full ban to overlap a partial ban" do
+    @ip_ban1 = create(:ip_ban, ip_addr: "1.2.3.0/24", category: :partial)
+    @ip_ban2 = build(:ip_ban, ip_addr: "1.2.3.4", category: :full)
+
+    assert_equal(true, @ip_ban2.valid?)
+  end
+
   context "validation" do
     setup { create(:ip_ban, ip_addr: "5.6.7.8") }
     subject { build(:ip_ban) }