Fix #4770: Allow flaggers to update flag reason.

2021-03-23 01:25:43 -05:00
parent 41e0cad458
commit 6a84d33409
6 changed files with 98 additions and 2 deletions
--- a/app/controllers/post_flags_controller.rb
+++ b/app/controllers/post_flags_controller.rb
@@ -31,4 +31,17 @@ class PostFlagsController < ApplicationController
      fmt.html { redirect_to post_flags_path(search: { id: @post_flag.id }) }
    end
  end
+
+  def edit
+    @post_flag = authorize PostFlag.find(params[:id])
+    respond_with(@post_flag)
+  end
+
+  def update
+    @post_flag = authorize PostFlag.find(params[:id])
+    @post_flag.update(permitted_attributes(@post_flag))
+    respond_with(@post_flag) do |fmt|
+      fmt.html { redirect_to post_path(@post_flag.post) }
+    end
+  end
 end
--- a/app/policies/post_flag_policy.rb
+++ b/app/policies/post_flag_policy.rb
@@ -1,4 +1,12 @@
 class PostFlagPolicy < ApplicationPolicy
+  def edit?
+    update?
+  end
+
+  def update?
+    unbanned? && record.pending? && record.creator_id == user.id
+  end
+
  def can_search_flagger?
    user.is_moderator?
  end
@@ -7,10 +15,14 @@ class PostFlagPolicy < ApplicationPolicy
    (user.is_moderator? || record.creator_id == user.id) && (record.post&.uploader_id != user.id)
  end

-  def permitted_attributes
+  def permitted_attributes_for_create
    [:post_id, :reason]
  end

+  def permitted_attributes_for_update
+    [:reason]
+  end
+
  def api_attributes
    attributes = super + [:category]
    attributes -= [:creator_id] unless can_view_flagger?
--- a/app/views/post_flags/_reasons.html.erb
+++ b/app/views/post_flags/_reasons.html.erb
@@ -2,6 +2,10 @@
  <li>
    <span class="prose"><%= format_text(flag.reason, inline: true) %></span>

+    <% if policy(flag).edit? %>
+      (<%= link_to "edit", edit_post_flag_url(flag) %>)
+    <% end %>
+
    <% if policy(flag).can_view_flagger? %>
      (<%= link_to_user(flag.creator) %>, <%= time_ago_in_words_tagged(flag.created_at) %>)
    <% else %>
--- a/app/views/post_flags/edit.html.erb
+++ b/app/views/post_flags/edit.html.erb
@@ -0,0 +1,15 @@
+<div id="c-post-flags">
+  <div id="a-edit">
+    <h1>Edit Flag</h1>
+
+    <p>
+      Editing flag for <%= link_to "post ##{@post_flag.post_id}", @post_flag.post %>.
+    </p>
+
+    <%= edit_form_for(@post_flag) do |f| %>
+      <%= f.input :reason, as: :dtext, inline: true %>
+      <%= f.button :submit, "Submit" %>
+      <%= dtext_preview_button "post_flag_reason" %>
+    <% end %>
+  </div>
+</div>