pundit: convert moderation reports to pundit.

2020-03-17 23:09:32 -05:00
parent 480f39c34a
commit 9242bf522b
16 changed files with 60 additions and 58 deletions
--- a/app/controllers/moderation_reports_controller.rb
+++ b/app/controllers/moderation_reports_controller.rb
@@ -1,49 +1,28 @@
 class ModerationReportsController < ApplicationController
  respond_to :html, :xml, :json, :js
-  before_action :member_only, only: [:new, :create]
-  before_action :moderator_only, only: [:index]

  def new
-    @moderation_report = ModerationReport.new(moderation_report_params)
-    check_privilege(@moderation_report)
+    @moderation_report = authorize ModerationReport.new(permitted_attributes(ModerationReport))
    respond_with(@moderation_report)
  end

  def index
-    @moderation_reports = ModerationReport.visible(CurrentUser.user).paginated_search(params, count_pages: true)
+    @moderation_reports = authorize ModerationReport.visible(CurrentUser.user).paginated_search(params, count_pages: true)
    @moderation_reports = @moderation_reports.includes(:creator, :model) if request.format.html?

    respond_with(@moderation_reports)
  end

  def show
+    authorize ModerationReport
    redirect_to moderation_reports_path(search: { id: params[:id] })
  end

  def create
-    @moderation_report = ModerationReport.new(moderation_report_params.merge(creator: CurrentUser.user))
-    check_privilege(@moderation_report)
+    @moderation_report = authorize ModerationReport.new(creator: CurrentUser.user, **permitted_attributes(ModerationReport))
    @moderation_report.save

    flash.now[:notice] = @moderation_report.valid? ? "Report submitted" : @moderation_report.errors.full_messages.join("; ")
    respond_with(@moderation_report)
  end
-
-  private
-
-  def model_type
-    params.fetch(:moderation_report, {}).fetch(:model_type)
-  end
-
-  def model_id
-    params.fetch(:moderation_report, {}).fetch(:model_id)
-  end
-
-  def check_privilege(moderation_report)
-    raise User::PrivilegeError unless moderation_report.model.reportable_by?(CurrentUser.user)
-  end
-
-  def moderation_report_params
-    params.fetch(:moderation_report, {}).permit(%i[model_type model_id reason])
-  end
 end
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -117,10 +117,6 @@ class Comment < ApplicationRecord
    end
  end

-  def reportable_by?(user)
-    creator_id != user.id && !creator.is_moderator?
-  end
-
  def voted_by?(user)
    return false if user.is_anonymous?
    user.id.in?(votes.map(&:user_id))
--- a/app/models/dmail.rb
+++ b/app/models/dmail.rb
@@ -169,10 +169,6 @@ class Dmail < ApplicationRecord
    end
  end

-  def reportable_by?(user)
-    owner == user && is_recipient? && !is_automated? && !from.is_moderator?
-  end
-
  def dtext_shortlink(key: false, **options)
    key ? "dmail ##{id}/#{self.key}" : "dmail ##{id}"
  end
--- a/app/models/forum_post.rb
+++ b/app/models/forum_post.rb
@@ -81,10 +81,6 @@ class ForumPost < ApplicationRecord
    end
  end

-  def reportable_by?(user)
-    visible?(user) && creator_id != user.id && !creator.is_moderator?
-  end
-
  def votable?
    bulk_update_request.present? && bulk_update_request.is_pending?
  end
@@ -99,10 +95,6 @@ class ForumPost < ApplicationRecord
    end
  end

-  def visible?(user, show_deleted_posts = false)
-    user.is_moderator? || (user.level >= topic.min_level && (show_deleted_posts || !is_deleted?))
-  end
-
  def update_topic_updated_at_on_create
    if topic
      # need to do this to bypass the topic's original post from getting touched
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -697,10 +697,6 @@ class User < ApplicationRecord
    CurrentUser.as(self, &block)
  end

-  def reportable_by?(user)
-    ModerationReport.enabled? && user.is_builder? && id != user.id && !is_moderator?
-  end
-
  def hide_favorites?
    !CurrentUser.is_admin? && enable_private_favorites? && CurrentUser.user.id != id
  end
--- a/app/policies/comment_policy.rb
+++ b/app/policies/comment_policy.rb
@@ -3,6 +3,10 @@ class CommentPolicy < ApplicationPolicy
    unbanned? && (user.is_moderator? || record.updater_id == user.id)
  end

+  def reportable?
+    unbanned? && record.creator_id != user.id && !record.creator.is_moderator?
+  end
+
  def can_sticky_comment?
    user.is_moderator?
  end
--- a/app/policies/dmail_policy.rb
+++ b/app/policies/dmail_policy.rb
@@ -19,6 +19,10 @@ class DmailPolicy < ApplicationPolicy
    user.is_member? && (record.owner_id == user.id || record.valid_key?(request.params[:key]))
  end

+  def reportable?
+    unbanned? && record.owner_id == user.id && record.is_recipient? && !record.is_automated? && !record.from.is_moderator?
+  end
+
  def permitted_attributes_for_create
    [:title, :body, :to_name, :to_id]
  end
--- a/app/policies/forum_post_policy.rb
+++ b/app/policies/forum_post_policy.rb
@@ -19,6 +19,10 @@ class ForumPostPolicy < ApplicationPolicy
    unbanned? && show? && user.is_moderator?
  end

+  def reportable?
+    unbanned? && show? && record.creator_id != user.id && !record.creator.is_moderator?
+  end
+
  def show_deleted?
    !record.is_deleted? || user.is_moderator?
  end
--- a/app/policies/moderation_report_policy.rb
+++ b/app/policies/moderation_report_policy.rb
@@ -0,0 +1,13 @@
+class ModerationReportPolicy < ApplicationPolicy
+  def index?
+    user.is_moderator?
+  end
+
+  def create?
+    unbanned? && policy(record.model).reportable?
+  end
+
+  def permitted_attributes
+    [:model_type, :model_id, :reason]
+  end
+end
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -15,6 +15,10 @@ class UserPolicy < ApplicationPolicy
    user.is_member?
  end

+  def reportable?
+    false
+  end
+
  def fix_counts?
    user.is_member?
  end
--- a/app/views/comments/partials/show/_comment.html.erb
+++ b/app/views/comments/partials/show/_comment.html.erb
@@ -12,7 +12,7 @@
           data-is-deleted="<%= comment.is_deleted? %>"
           data-is-sticky="<%= comment.is_sticky? %>"
           data-below-threshold="<%= comment.score < CurrentUser.user.comment_threshold %>"
-           <% if CurrentUser.is_moderator? %>
+           <% if policy(moderation_reports).show? %>
            data-is-reported="<%= moderation_reports.pluck(:model_id).include?(comment.id) %>"
           <% end %>
           data-is-voted="<%= comment.voted_by?(CurrentUser.user) %>">
@@ -56,7 +56,7 @@
          <li class="comment-unvote-link">
            <%= link_to "Unvote", comment_comment_votes_path(comment_id: comment.id), method: :delete, remote: true %>
          </li>
-          <% if comment.reportable_by?(CurrentUser.user) %>
+          <% if policy(comment).reportable? %>
            <li><%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "Comment", model_id: comment.id }), remote: true %></li>
          <% end %>
        </menu>
--- a/app/views/dmails/index.html.erb
+++ b/app/views/dmails/index.html.erb
@@ -37,7 +37,7 @@
          <%= link_to "Delete", dmail_path(dmail, format: :js), remote: true, method: :put, "data-params": "dmail[is_deleted]=true", "data-confirm": "Are you sure you want to delete this dmail?" %>
        <% end %>

-        <% if dmail.reportable_by?(CurrentUser.user) %>
+        <% if policy(dmail).reportable? %>
          | <%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "Dmail", model_id: dmail.id }), remote: true, title: "Report this dmail to the moderators" %>
        <% end %>
      <% end %>
--- a/app/views/dmails/show.html.erb
+++ b/app/views/dmails/show.html.erb
@@ -29,7 +29,7 @@
          <%= link_to "Respond", new_dmail_path(:respond_to_id => @dmail) %>
          | <%= link_to "Forward", new_dmail_path(:respond_to_id => @dmail, :forward => true) %>
          | <%= link_to "Share", dmail_path(@dmail, key: @dmail.key), title: "Anyone with this link will be able to view this dmail." %>
-          <% if @dmail.reportable_by?(CurrentUser.user) %>
+          <% if policy(@dmail).reportable? %>
            | <%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "Dmail", model_id: @dmail.id }), remote: true, title: "Report this dmail to the moderators" %>
          <% end %>
        </p>
--- a/app/views/forum_posts/_forum_post.html.erb
+++ b/app/views/forum_posts/_forum_post.html.erb
@@ -1,7 +1,7 @@
 <% if policy(forum_post).show_deleted? %>
  <article class="forum-post message" id="forum_post_<%= forum_post.id %>" 
           data-forum-post-id="<%= forum_post.id %>"
-           <% if CurrentUser.is_moderator? %>
+           <% if policy(moderation_reports).show? %>
            data-is-reported="<%= moderation_reports.pluck(:model_id).include?(forum_post.id) %>"
           <% end %>
           data-creator="<%= forum_post.creator.name %>">
@@ -37,7 +37,7 @@
            <li><%= link_to "Edit", edit_forum_post_path(forum_post.id), :id => "edit_forum_post_link_#{forum_post.id}", :class => "edit_forum_post_link" %></li>
          <% end %>
        <% end %>
-        <% if forum_post.reportable_by?(CurrentUser.user) %>
+        <% if policy(forum_post).reportable? %>
          <li><%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "ForumPost", model_id: forum_post.id }), remote: true, title: "Report this forum post to the moderators" %></li>
        <% end %>
        <% if forum_post.bulk_update_request.present? %>
--- a/app/views/users/_secondary_links.html.erb
+++ b/app/views/users/_secondary_links.html.erb
@@ -22,7 +22,7 @@
      <% if !@user.is_platinum? %>
        <%= subnav_link_to "Gift upgrade", new_user_upgrade_path(:user_id => @user.id) %>
      <% end %>
-      <% if @user.reportable_by?(CurrentUser.user) %>
+      <% if policy(@user).reportable? %>
        <%= subnav_link_to "Report user", new_moderation_report_path(moderation_report: { model_type: "User", model_id: @user.id }), remote: true %>
      <% end %>
    <% end %>