jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

forum post votes: fix exploits with voting on mod-only forum posts.

Browse Source 
* Don't allow unprivileged users to vote on mod-only forum posts.
* Don't allow unprivileged users to see votes on mod-only forum posts.
This commit is contained in:
evazion
2020-02-16 04:51:23 -06:00
parent bf4dbf1449
commit 835cc23f66
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/forum_post_vote.rb
View File

@@ -3,10 +3,12 @@ class ForumPostVote < ApplicationRecord
belongs_to :forum_post
validates :creator_id, uniqueness: {scope: :forum_post_id}
validates :score, inclusion: {in: [-1, 0, 1]}
scope :up, -> {where(score: 1)}
scope :down, -> {where(score: -1)}
scope :by, ->(user_id) {where(creator_id: user_id)}
scope :excluding_user, ->(user_id) {where("creator_id <> ?", user_id)}
scope :visible, -> { where(forum_post: ForumPost.permitted) }
def self.forum_post_matches(params)
return all if params.blank?