jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pundit: convert tags to pundit.

Browse Source
This commit is contained in:
evazion
2020-03-17 17:35:59 -05:00
parent 4cd0b2cbfe
commit 4bb036aff1
6 changed files with 27 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/controllers/tags_controller.rb
View File

@@ -1,15 +1,13 @@
class TagsController < ApplicationController class TagsController < ApplicationController
before_action :member_only, :only => [:edit, :update]
respond_to :html, :xml, :json respond_to :html, :xml, :json
def edit def edit
@tag = Tag.find(params[:id]) @tag = authorize Tag.find(params[:id])
check_privilege(@tag)
respond_with(@tag) respond_with(@tag)
end end
def index def index
@tags = Tag.paginated_search(params, hide_empty: true) @tags = authorize Tag.paginated_search(params, hide_empty: true)
@tags = @tags.includes(:consequent_aliases) if request.format.html? @tags = @tags.includes(:consequent_aliases) if request.format.html?
respond_with(@tags) respond_with(@tags)
end end
@@ -27,27 +25,13 @@ class TagsController < ApplicationController
end end
def show def show
@tag = Tag.find(params[:id]) @tag = authorize Tag.find(params[:id])
respond_with(@tag) respond_with(@tag)
end end
def update def update
@tag = Tag.find(params[:id]) @tag = authorize Tag.find(params[:id])
check_privilege(@tag) @tag.update(permitted_attributes(@tag))
@tag.update(tag_params)
respond_with(@tag) respond_with(@tag)
end end
private
def check_privilege(tag)
raise User::PrivilegeError unless tag.editable_by?(CurrentUser.user)
end
def tag_params
permitted_params = [:category]
permitted_params << :is_locked if CurrentUser.is_moderator?
params.require(:tag).permit(permitted_params)
end
end end

9
app/models/tag.rb
View File

@@ -210,7 +210,7 @@ class Tag < ApplicationRecord
# next few lines if the category is changed. # next few lines if the category is changed.
tag.update_category_cache tag.update_category_cache
if tag.editable_by?(creator) if Pundit.policy!([creator, nil], tag).can_change_category?
tag.update(category: category_id) tag.update(category: category_id)
end end
end end
@@ -382,13 +382,6 @@ class Tag < ApplicationRecord
cosplay_tags.grep(/\A(.+)_\(cosplay\)\Z/) { "#{TagAlias.to_aliased([$1]).first}_(cosplay)" } + other_tags cosplay_tags.grep(/\A(.+)_\(cosplay\)\Z/) { "#{TagAlias.to_aliased([$1]).first}_(cosplay)" } + other_tags
end end
def editable_by?(user)
return true if user.is_admin?
return true if !is_locked? && user.is_builder? && post_count < 1_000
return true if !is_locked? && user.is_member? && post_count < 50
return false
end
def posts def posts
Post.tag_match(name) Post.tag_match(name)
end end

15
app/policies/tag_policy.rb Normal file
View File

@@ -0,0 +1,15 @@
class TagPolicy < ApplicationPolicy
def can_change_category?
user.is_admin? ||
(user.is_builder? && !record.is_locked? && record.post_count < 1_000) ||
(user.is_member? && !record.is_locked? && record.post_count < 50)
end
def can_lock?
user.is_moderator?
end
def permitted_attributes
[(:category if can_change_category?), (:is_locked if can_lock?)].compact
end
end

2
app/views/tags/edit.html.erb
View File

@@ -9,7 +9,7 @@
<%= f.input :category, :collection => TagCategory.canonical_mapping.to_a, :include_blank => false %> <%= f.input :category, :collection => TagCategory.canonical_mapping.to_a, :include_blank => false %>
<% end %> <% end %>
<% if CurrentUser.is_moderator? %> <% if policy(@tag).can_lock? %>
<%= f.input :is_locked, :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false %> <%= f.input :is_locked, :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false %>
<% end %> <% end %>

4
app/views/tags/index.html.erb
View File

@@ -16,7 +16,9 @@
<% end %> <% end %>
<% end %> <% end %>
<% t.column column: "control" do |tag| %> <% t.column column: "control" do |tag| %>
<%= link_to_if tag.editable_by?(CurrentUser.user), "Edit", edit_tag_path(tag) %> | <% if policy(tag).update? %>
<%= link_to "Edit", edit_tag_path(tag) %> |
<% end %>
<%= link_to "History", post_versions_path(search: { changed_tags: tag.name }) %> | <%= link_to "History", post_versions_path(search: { changed_tags: tag.name }) %> |
<%= link_to "Related", related_tag_path(search: { query: tag.name }) %> | <%= link_to "Related", related_tag_path(search: { query: tag.name }) %> |
<%= link_to "Similar", tags_path(search: { fuzzy_name_matches: tag.name, order: :similarity }) %> <%= link_to "Similar", tags_path(search: { fuzzy_name_matches: tag.name, order: :similarity }) %>

2
test/functional/tags_controller_test.rb
View File

@@ -86,6 +86,7 @@ class TagsControllerTest < ActionDispatch::IntegrationTest
should "not lock the tag for a user" do should "not lock the tag for a user" do
put_auth tag_path(@tag), @user, params: {tag: { is_locked: true }} put_auth tag_path(@tag), @user, params: {tag: { is_locked: true }}
assert_response 403
assert_equal(false, @tag.reload.is_locked) assert_equal(false, @tag.reload.is_locked)
end end
@@ -100,6 +101,7 @@ class TagsControllerTest < ActionDispatch::IntegrationTest
@member = create(:member_user) @member = create(:member_user)
put_auth tag_path(@tag), @member, params: {tag: { category: Tag.categories.general }} put_auth tag_path(@tag), @member, params: {tag: { category: Tag.categories.general }}
assert_response 403
assert_not_equal(Tag.categories.general, @tag.reload.category) assert_not_equal(Tag.categories.general, @tag.reload.category)
end end