From 62875eabb25480f06e2de9646ed6da00950606c7 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Sun, 25 Aug 2019 20:29:32 -0500
Subject: [PATCH] /posts.atom: fix banned posts being visible to Members.

Bug: /posts.atom only hid loli/shota, not banned posts and not unsafe
posts when safe mode was on.
---
 app/views/posts/index.atom.erb           |  2 +-
 config/danbooru_default_config.rb        |  4 ----
 test/functional/posts_controller_test.rb | 26 +++++++++++++++++++++++-
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/app/views/posts/index.atom.erb b/app/views/posts/index.atom.erb
index 3fcfe4d7e..37c410a23 100644
--- a/app/views/posts/index.atom.erb
+++ b/app/views/posts/index.atom.erb
@@ -10,7 +10,7 @@
   <% end %>
   <author><name><%= Danbooru.config.app_name %></name></author>
 
-  <% Danbooru.config.select_posts_visible_to_user(CurrentUser.user, @posts).each do |post| %>
+  <% @posts.select(&:visible?).each do |post| %>
     <entry>
       <title><%= post.presenter.humanized_essential_tag_string %></title>
       <link href="<%= post_url(post) %>" rel="alternate"/>
diff --git a/config/danbooru_default_config.rb b/config/danbooru_default_config.rb
index 1820c7050..b040c6db6 100644
--- a/config/danbooru_default_config.rb
+++ b/config/danbooru_default_config.rb
@@ -405,10 +405,6 @@ module Danbooru
       end
     end
 
-    def select_posts_visible_to_user(user, posts)
-      posts.select {|x| can_user_see_post?(user, x)}
-    end
-
     def max_appeals_per_day
       1
     end
diff --git a/test/functional/posts_controller_test.rb b/test/functional/posts_controller_test.rb
index ca60a5c18..42130d116 100644
--- a/test/functional/posts_controller_test.rb
+++ b/test/functional/posts_controller_test.rb
@@ -4,7 +4,7 @@ class PostsControllerTest < ActionDispatch::IntegrationTest
   context "The posts controller" do
     setup do
       PopularSearchService.stubs(:enabled?).returns(false)
-      
+
       @user = travel_to(1.month.ago) {create(:user)}
       as_user do
         @post = create(:post, :tag_string => "aaaa")
@@ -92,6 +92,30 @@ class PostsControllerTest < ActionDispatch::IntegrationTest
           assert_response :success
         end
       end
+
+      context "with the .atom format" do
+        should "render without tags" do
+          get posts_path(format: :atom)
+
+          assert_response :success
+          assert_select "entry", 1
+        end
+
+        should "render with tags" do
+          get posts_path(format: :atom), params: { tags: "aaaa" }
+
+          assert_response :success
+          assert_select "entry", 1
+        end
+
+        should "hide restricted posts" do
+          @post.update(is_banned: true)
+          get posts_path(format: :atom)
+
+          assert_response :success
+          assert_select "entry", 0
+        end
+      end
     end
 
     context "show_seq action" do