pundit: convert emails to pundit.

app/controllers/emails_controller.rb

@@ -1,24 +1,18 @@
 class EmailsController < ApplicationController
-  before_action :member_only
   respond_to :html, :xml, :json
 
   def show
-    @user = User.find(params[:user_id])
-    check_privilege(@user)
-
-    respond_with(@user.email_address)
+    @email_address = authorize EmailAddress.find_by_user_id!(params[:user_id])
+    respond_with(@email_address)
   end
 
   def edit
-    @user = User.find(params[:user_id])
-    check_privilege(@user)
-
+    @user = authorize User.find(params[:user_id]), policy_class: EmailAddressPolicy
     respond_with(@user)
   end
 
   def update
-    @user = User.find(params[:user_id])
-    check_privilege(@user)
+    @user = authorize User.find(params[:user_id]), policy_class: EmailAddressPolicy
 
     if User.authenticate(@user.name, params[:user][:password])
       @user.update(email_address_attributes: { address: params[:user][:email] })
@@ -37,17 +31,10 @@ class EmailsController < ApplicationController
   end
 
   def verify
-    email_id = Danbooru::MessageVerifier.new(:email_verification_key).verify(params[:email_verification_key])
-    @email_address = EmailAddress.find(email_id)
+    @email_address = authorize EmailAddress.find_by_user_id!(params[:user_id])
     @email_address.update!(is_verified: true)
 
     flash[:notice] = "Email address verified"
     redirect_to @email_address.user
   end
-
-  private
-
-  def check_privilege(user)
-    raise User::PrivilegeError unless user.id == CurrentUser.id || CurrentUser.is_admin?
-  end
 end

app/helpers/users_helper.rb

@@ -15,4 +15,8 @@ module UsersHelper
     verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.email_key, serializer: JSON, digest: "SHA256")
     verifier.generate(user.id.to_s)
   end
+
+  def email_verification_url(user)
+    verify_user_email_url(user, email_verification_key: user.email_address.verification_key)
+  end
 end

app/models/email_address.rb

@@ -12,4 +12,18 @@ class EmailAddress < ApplicationRecord
     self.normalized_address = EmailNormalizer.normalize(value) || address
     super
   end
+
+  concerning :VerificationMethods do
+    def verifier
+      @verifier ||= Danbooru::MessageVerifier.new(:email_verification_key)
+    end
+
+    def verification_key
+      verifier.generate(id)
+    end
+
+    def valid_key?(key)
+      id == verifier.verified(key)
+    end
+  end
 end

app/policies/email_address_policy.rb

@@ -0,0 +1,14 @@
+class EmailAddressPolicy < ApplicationPolicy
+  def show?
+    record.user_id == user.id
+  end
+
+  def update?
+    # XXX here record is a user, not the email address.
+    record.id == user.id
+  end
+
+  def verify?
+    record.valid_key?(request.params[:email_verification_key])
+  end
+end

app/views/user_mailer/email_change_confirmation.html.erb

@@ -9,7 +9,7 @@
     </p>
 
     <p>
-      <%= link_to "Verify email address", verify_user_email_url(@user, email_verification_key: Danbooru::MessageVerifier.new(:email_verification_key).generate(@user.email_address.id)) %>
+      <%= link_to "Verify email address", email_verification_url(@user) %>
     </p>
 
     <p>

app/views/user_mailer/welcome_user.html.erb

@@ -8,7 +8,7 @@
     </p>
 
     <p>
-      <%= link_to "Verify email address", verify_user_email_url(@user, email_verification_key: Danbooru::MessageVerifier.new(:email_verification_key).generate(@user.email_address.id)) %>
+      <%= link_to "Verify email address", email_verification_url(@user) %>
     </p>
 
     <p>