jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

disapprovals: fix searching by user.

Browse Source 
Fix searching post disapprovals by user to use the new `visible_for_search`
mechanism. This fixes it so you can do subsearches on the user field, like this:

* https://danbooru.donmai.us/post_disapprovals?search[user][level]=32 (find disapprovals by Builder-level approvers)
This commit is contained in:
evazion
2022-09-23 20:51:25 -05:00
parent 9363658652
commit 7bf824f0dd
3 changed files with 15 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/post.rb
View File

@@ -1209,7 +1209,7 @@ class Post < ApplicationRecord
where(disapprovals: PostDisapproval.where(reason: query.downcase)) where(disapprovals: PostDisapproval.where(reason: query.downcase))
else else
user = User.find_by_name(query) user = User.find_by_name(query)
where(disapprovals: PostDisapproval.creator_matches(user, current_user)) where(disapprovals: PostDisapproval.visible_for_search(:user, current_user).where(user: user))
end end
end end

22
app/models/post_disapproval.rb
View File

@@ -22,32 +22,12 @@ class PostDisapproval < ApplicationRecord
concerning :SearchMethods do concerning :SearchMethods do
class_methods do class_methods do
def creator_matches(creator, searcher)
return none if creator.nil?
policy = Pundit.policy!(searcher, PostDisapproval.new(user: creator))
if policy.can_view_creator?
where(user: creator)
else
none
end
end
def search(params, current_user) def search(params, current_user)
q = search_attributes(params, [:id, :created_at, :updated_at, :message, :reason, :post], current_user: current_user) q = search_attributes(params, [:id, :created_at, :updated_at, :message, :reason, :post, :user], current_user: current_user)
q = q.with_message if params[:has_message].to_s.truthy? q = q.with_message if params[:has_message].to_s.truthy?
q = q.without_message if params[:has_message].to_s.falsy? q = q.without_message if params[:has_message].to_s.falsy?
if params[:user_id].present?
user = User.find(params[:user_id])
q = q.creator_matches(user, CurrentUser.user)
elsif params[:user_name].present?
user = User.find_by_name(params[:user_name])
q = q.creator_matches(user, CurrentUser.user)
end
case params[:order] case params[:order]
when "post_id", "post_id_desc" when "post_id", "post_id_desc"
q = q.order(post_id: :desc, id: :desc) q = q.order(post_id: :desc, id: :desc)

13
app/policies/post_disapproval_policy.rb
View File

@@ -9,6 +9,10 @@ class PostDisapprovalPolicy < ApplicationPolicy
user.is_moderator? || record.user_id == user.id user.is_moderator? || record.user_id == user.id
end end
def can_search_creator?
user.is_moderator?
end
def permitted_attributes_for_create def permitted_attributes_for_create
[:post_id, :reason, :message] [:post_id, :reason, :message]
end end
@@ -30,4 +34,13 @@ class PostDisapprovalPolicy < ApplicationPolicy
attributes -= [:user_id] unless can_view_creator? attributes -= [:user_id] unless can_view_creator?
attributes attributes
end end
def visible_for_search(disapprovals, attribute)
case attribute
in :user | :user_id if !can_search_creator?
disapprovals.where(user: user)
else
disapprovals
end
end
end end