disapprovals: fix searching by user.

Fix searching post disapprovals by user to use the new `visible_for_search` mechanism. This fixes it so you can do subsearches on the user field, like this: * https://danbooru.donmai.us/post_disapprovals?search[user][level]=32 (find disapprovals by Builder-level approvers)
2022-09-23 20:51:25 -05:00
parent 9363658652
commit 7bf824f0dd
3 changed files with 15 additions and 22 deletions
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -1209,7 +1209,7 @@ class Post < ApplicationRecord
          where(disapprovals: PostDisapproval.where(reason: query.downcase))
        else
          user = User.find_by_name(query)
-          where(disapprovals: PostDisapproval.creator_matches(user, current_user))
+          where(disapprovals: PostDisapproval.visible_for_search(:user, current_user).where(user: user))
        end
      end

--- a/app/models/post_disapproval.rb
+++ b/app/models/post_disapproval.rb
@@ -22,32 +22,12 @@ class PostDisapproval < ApplicationRecord

  concerning :SearchMethods do
    class_methods do
-      def creator_matches(creator, searcher)
-        return none if creator.nil?
-
-        policy = Pundit.policy!(searcher, PostDisapproval.new(user: creator))
-
-        if policy.can_view_creator?
-          where(user: creator)
-        else
-          none
-        end
-      end
-
      def search(params, current_user)
-        q = search_attributes(params, [:id, :created_at, :updated_at, :message, :reason, :post], current_user: current_user)
+        q = search_attributes(params, [:id, :created_at, :updated_at, :message, :reason, :post, :user], current_user: current_user)

        q = q.with_message if params[:has_message].to_s.truthy?
        q = q.without_message if params[:has_message].to_s.falsy?

-        if params[:user_id].present?
-          user = User.find(params[:user_id])
-          q = q.creator_matches(user, CurrentUser.user)
-        elsif params[:user_name].present?
-          user = User.find_by_name(params[:user_name])
-          q = q.creator_matches(user, CurrentUser.user)
-        end
-
        case params[:order]
        when "post_id", "post_id_desc"
          q = q.order(post_id: :desc, id: :desc)
--- a/app/policies/post_disapproval_policy.rb
+++ b/app/policies/post_disapproval_policy.rb
@@ -9,6 +9,10 @@ class PostDisapprovalPolicy < ApplicationPolicy
    user.is_moderator? || record.user_id == user.id
  end

+  def can_search_creator?
+    user.is_moderator?
+  end
+
  def permitted_attributes_for_create
    [:post_id, :reason, :message]
  end
@@ -30,4 +34,13 @@ class PostDisapprovalPolicy < ApplicationPolicy
    attributes -= [:user_id] unless can_view_creator?
    attributes
  end
+
+  def visible_for_search(disapprovals, attribute)
+    case attribute
+    in :user | :user_id if !can_search_creator?
+      disapprovals.where(user: user)
+    else
+      disapprovals
+    end
+  end
 end