jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pundit: convert moderation reports to pundit.

Browse Source
This commit is contained in:
evazion
2020-03-17 23:09:32 -05:00
parent 480f39c34a
commit 9242bf522b
16 changed files with 60 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
app/controllers/moderation_reports_controller.rb
View File

@@ -1,49 +1,28 @@
class ModerationReportsController < ApplicationController class ModerationReportsController < ApplicationController
respond_to :html, :xml, :json, :js respond_to :html, :xml, :json, :js
before_action :member_only, only: [:new, :create]
before_action :moderator_only, only: [:index]
def new def new
@moderation_report = ModerationReport.new(moderation_report_params) @moderation_report = authorize ModerationReport.new(permitted_attributes(ModerationReport))
check_privilege(@moderation_report)
respond_with(@moderation_report) respond_with(@moderation_report)
end end
def index def index
@moderation_reports = ModerationReport.visible(CurrentUser.user).paginated_search(params, count_pages: true) @moderation_reports = authorize ModerationReport.visible(CurrentUser.user).paginated_search(params, count_pages: true)
@moderation_reports = @moderation_reports.includes(:creator, :model) if request.format.html? @moderation_reports = @moderation_reports.includes(:creator, :model) if request.format.html?
respond_with(@moderation_reports) respond_with(@moderation_reports)
end end
def show def show
authorize ModerationReport
redirect_to moderation_reports_path(search: { id: params[:id] }) redirect_to moderation_reports_path(search: { id: params[:id] })
end end
def create def create
@moderation_report = ModerationReport.new(moderation_report_params.merge(creator: CurrentUser.user)) @moderation_report = authorize ModerationReport.new(creator: CurrentUser.user, **permitted_attributes(ModerationReport))
check_privilege(@moderation_report)
@moderation_report.save @moderation_report.save
flash.now[:notice] = @moderation_report.valid? ? "Report submitted" : @moderation_report.errors.full_messages.join("; ") flash.now[:notice] = @moderation_report.valid? ? "Report submitted" : @moderation_report.errors.full_messages.join("; ")
respond_with(@moderation_report) respond_with(@moderation_report)
end end
private
def model_type
params.fetch(:moderation_report, {}).fetch(:model_type)
end
def model_id
params.fetch(:moderation_report, {}).fetch(:model_id)
end
def check_privilege(moderation_report)
raise User::PrivilegeError unless moderation_report.model.reportable_by?(CurrentUser.user)
end
def moderation_report_params
params.fetch(:moderation_report, {}).permit(%i[model_type model_id reason])
end
end end

4
app/models/comment.rb
View File

@@ -117,10 +117,6 @@ class Comment < ApplicationRecord
end end
end end
def reportable_by?(user)
creator_id != user.id && !creator.is_moderator?
end
def voted_by?(user) def voted_by?(user)
return false if user.is_anonymous? return false if user.is_anonymous?
user.id.in?(votes.map(&:user_id)) user.id.in?(votes.map(&:user_id))

4
app/models/dmail.rb
View File

@@ -169,10 +169,6 @@ class Dmail < ApplicationRecord
end end
end end
def reportable_by?(user)
owner == user && is_recipient? && !is_automated? && !from.is_moderator?
end
def dtext_shortlink(key: false, **options) def dtext_shortlink(key: false, **options)
key ? "dmail ##{id}/#{self.key}" : "dmail ##{id}" key ? "dmail ##{id}/#{self.key}" : "dmail ##{id}"
end end

8
app/models/forum_post.rb
View File

@@ -81,10 +81,6 @@ class ForumPost < ApplicationRecord
end end
end end
def reportable_by?(user)
visible?(user) && creator_id != user.id && !creator.is_moderator?
end
def votable? def votable?
bulk_update_request.present? && bulk_update_request.is_pending? bulk_update_request.present? && bulk_update_request.is_pending?
end end
@@ -99,10 +95,6 @@ class ForumPost < ApplicationRecord
end end
end end
def visible?(user, show_deleted_posts = false)
user.is_moderator? || (user.level >= topic.min_level && (show_deleted_posts || !is_deleted?))
end
def update_topic_updated_at_on_create def update_topic_updated_at_on_create
if topic if topic
# need to do this to bypass the topic's original post from getting touched # need to do this to bypass the topic's original post from getting touched

4
app/models/user.rb
View File

@@ -697,10 +697,6 @@ class User < ApplicationRecord
CurrentUser.as(self, &block) CurrentUser.as(self, &block)
end end
def reportable_by?(user)
ModerationReport.enabled? && user.is_builder? && id != user.id && !is_moderator?
end
def hide_favorites? def hide_favorites?
!CurrentUser.is_admin? && enable_private_favorites? && CurrentUser.user.id != id !CurrentUser.is_admin? && enable_private_favorites? && CurrentUser.user.id != id
end end

4
app/policies/comment_policy.rb
View File

@@ -3,6 +3,10 @@ class CommentPolicy < ApplicationPolicy
unbanned? && (user.is_moderator? || record.updater_id == user.id) unbanned? && (user.is_moderator? || record.updater_id == user.id)
end end
def reportable?
unbanned? && record.creator_id != user.id && !record.creator.is_moderator?
end
def can_sticky_comment? def can_sticky_comment?
user.is_moderator? user.is_moderator?
end end

4
app/policies/dmail_policy.rb
View File

@@ -19,6 +19,10 @@ class DmailPolicy < ApplicationPolicy
user.is_member? && (record.owner_id == user.id || record.valid_key?(request.params[:key])) user.is_member? && (record.owner_id == user.id || record.valid_key?(request.params[:key]))
end end
def reportable?
unbanned? && record.owner_id == user.id && record.is_recipient? && !record.is_automated? && !record.from.is_moderator?
end
def permitted_attributes_for_create def permitted_attributes_for_create
[:title, :body, :to_name, :to_id] [:title, :body, :to_name, :to_id]
end end

4
app/policies/forum_post_policy.rb
View File

@@ -19,6 +19,10 @@ class ForumPostPolicy < ApplicationPolicy
unbanned? && show? && user.is_moderator? unbanned? && show? && user.is_moderator?
end end
def reportable?
unbanned? && show? && record.creator_id != user.id && !record.creator.is_moderator?
end
def show_deleted? def show_deleted?
!record.is_deleted? || user.is_moderator? !record.is_deleted? || user.is_moderator?
end end

13
app/policies/moderation_report_policy.rb Normal file
View File

@@ -0,0 +1,13 @@
class ModerationReportPolicy < ApplicationPolicy
def index?
user.is_moderator?
end
def create?
unbanned? && policy(record.model).reportable?
end
def permitted_attributes
[:model_type, :model_id, :reason]
end
end

4
app/policies/user_policy.rb
View File

@@ -15,6 +15,10 @@ class UserPolicy < ApplicationPolicy
user.is_member? user.is_member?
end end
def reportable?
false
end
def fix_counts? def fix_counts?
user.is_member? user.is_member?
end end

4
app/views/comments/partials/show/_comment.html.erb
View File

@@ -12,7 +12,7 @@
data-is-deleted="<%= comment.is_deleted? %>" data-is-deleted="<%= comment.is_deleted? %>"
data-is-sticky="<%= comment.is_sticky? %>" data-is-sticky="<%= comment.is_sticky? %>"
data-below-threshold="<%= comment.score < CurrentUser.user.comment_threshold %>" data-below-threshold="<%= comment.score < CurrentUser.user.comment_threshold %>"
<% if CurrentUser.is_moderator? %> <% if policy(moderation_reports).show? %>
data-is-reported="<%= moderation_reports.pluck(:model_id).include?(comment.id) %>" data-is-reported="<%= moderation_reports.pluck(:model_id).include?(comment.id) %>"
<% end %> <% end %>
data-is-voted="<%= comment.voted_by?(CurrentUser.user) %>"> data-is-voted="<%= comment.voted_by?(CurrentUser.user) %>">
@@ -56,7 +56,7 @@
<li class="comment-unvote-link"> <li class="comment-unvote-link">
<%= link_to "Unvote", comment_comment_votes_path(comment_id: comment.id), method: :delete, remote: true %> <%= link_to "Unvote", comment_comment_votes_path(comment_id: comment.id), method: :delete, remote: true %>
</li> </li>
<% if comment.reportable_by?(CurrentUser.user) %> <% if policy(comment).reportable? %>
<li><%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "Comment", model_id: comment.id }), remote: true %></li> <li><%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "Comment", model_id: comment.id }), remote: true %></li>
<% end %> <% end %>
</menu> </menu>

2
app/views/dmails/index.html.erb
View File

@@ -37,7 +37,7 @@
<%= link_to "Delete", dmail_path(dmail, format: :js), remote: true, method: :put, "data-params": "dmail[is_deleted]=true", "data-confirm": "Are you sure you want to delete this dmail?" %> <%= link_to "Delete", dmail_path(dmail, format: :js), remote: true, method: :put, "data-params": "dmail[is_deleted]=true", "data-confirm": "Are you sure you want to delete this dmail?" %>
<% end %> <% end %>
<% if dmail.reportable_by?(CurrentUser.user) %> <% if policy(dmail).reportable? %>
| <%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "Dmail", model_id: dmail.id }), remote: true, title: "Report this dmail to the moderators" %> | <%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "Dmail", model_id: dmail.id }), remote: true, title: "Report this dmail to the moderators" %>
<% end %> <% end %>
<% end %> <% end %>

2
app/views/dmails/show.html.erb
View File

@@ -29,7 +29,7 @@
<%= link_to "Respond", new_dmail_path(:respond_to_id => @dmail) %> <%= link_to "Respond", new_dmail_path(:respond_to_id => @dmail) %>
| <%= link_to "Forward", new_dmail_path(:respond_to_id => @dmail, :forward => true) %> | <%= link_to "Forward", new_dmail_path(:respond_to_id => @dmail, :forward => true) %>
| <%= link_to "Share", dmail_path(@dmail, key: @dmail.key), title: "Anyone with this link will be able to view this dmail." %> | <%= link_to "Share", dmail_path(@dmail, key: @dmail.key), title: "Anyone with this link will be able to view this dmail." %>
<% if @dmail.reportable_by?(CurrentUser.user) %> <% if policy(@dmail).reportable? %>
| <%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "Dmail", model_id: @dmail.id }), remote: true, title: "Report this dmail to the moderators" %> | <%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "Dmail", model_id: @dmail.id }), remote: true, title: "Report this dmail to the moderators" %>
<% end %> <% end %>
</p> </p>

4
app/views/forum_posts/_forum_post.html.erb
View File

@@ -1,7 +1,7 @@
<% if policy(forum_post).show_deleted? %> <% if policy(forum_post).show_deleted? %>
<article class="forum-post message" id="forum_post_<%= forum_post.id %>" <article class="forum-post message" id="forum_post_<%= forum_post.id %>"
data-forum-post-id="<%= forum_post.id %>" data-forum-post-id="<%= forum_post.id %>"
<% if CurrentUser.is_moderator? %> <% if policy(moderation_reports).show? %>
data-is-reported="<%= moderation_reports.pluck(:model_id).include?(forum_post.id) %>" data-is-reported="<%= moderation_reports.pluck(:model_id).include?(forum_post.id) %>"
<% end %> <% end %>
data-creator="<%= forum_post.creator.name %>"> data-creator="<%= forum_post.creator.name %>">
@@ -37,7 +37,7 @@
<li><%= link_to "Edit", edit_forum_post_path(forum_post.id), :id => "edit_forum_post_link_#{forum_post.id}", :class => "edit_forum_post_link" %></li> <li><%= link_to "Edit", edit_forum_post_path(forum_post.id), :id => "edit_forum_post_link_#{forum_post.id}", :class => "edit_forum_post_link" %></li>
<% end %> <% end %>
<% end %> <% end %>
<% if forum_post.reportable_by?(CurrentUser.user) %> <% if policy(forum_post).reportable? %>
<li><%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "ForumPost", model_id: forum_post.id }), remote: true, title: "Report this forum post to the moderators" %></li> <li><%= link_to "Report", new_moderation_report_path(moderation_report: { model_type: "ForumPost", model_id: forum_post.id }), remote: true, title: "Report this forum post to the moderators" %></li>
<% end %> <% end %>
<% if forum_post.bulk_update_request.present? %> <% if forum_post.bulk_update_request.present? %>

2
app/views/users/_secondary_links.html.erb
View File

@@ -22,7 +22,7 @@
<% if !@user.is_platinum? %> <% if !@user.is_platinum? %>
<%= subnav_link_to "Gift upgrade", new_user_upgrade_path(:user_id => @user.id) %> <%= subnav_link_to "Gift upgrade", new_user_upgrade_path(:user_id => @user.id) %>
<% end %> <% end %>
<% if @user.reportable_by?(CurrentUser.user) %> <% if policy(@user).reportable? %>
<%= subnav_link_to "Report user", new_moderation_report_path(moderation_report: { model_type: "User", model_id: @user.id }), remote: true %> <%= subnav_link_to "Report user", new_moderation_report_path(moderation_report: { model_type: "User", model_id: @user.id }), remote: true %>
<% end %> <% end %>
<% end %> <% end %>

26
test/functional/moderation_reports_controller_test.rb
View File

@@ -8,6 +8,7 @@ class ModerationReportsControllerTest < ActionDispatch::IntegrationTest
@mod = create(:moderator_user, created_at: 2.weeks.ago) @mod = create(:moderator_user, created_at: 2.weeks.ago)
as(@spammer) do as(@spammer) do
@dmail = create(:dmail, from: @spammer, owner: @user, to: @user)
@comment = create(:comment, creator: @spammer) @comment = create(:comment, creator: @spammer)
@forum_topic = create(:forum_topic, creator: @spammer) @forum_topic = create(:forum_topic, creator: @spammer)
@forum_post = create(:forum_post, topic: @forum_topic, creator: @spammer) @forum_post = create(:forum_post, topic: @forum_topic, creator: @spammer)
@@ -15,10 +16,9 @@ class ModerationReportsControllerTest < ActionDispatch::IntegrationTest
end end
context "new action" do context "new action" do
should "render the access denied page" do should "render the access denied page for anonymous users" do
get_auth new_moderation_report_path, User.anonymous get new_moderation_report_path
assert_response 403 assert_response 403
assert_select "h1", /Access Denied/
end end
should "render" do should "render" do
@@ -32,13 +32,12 @@ class ModerationReportsControllerTest < ActionDispatch::IntegrationTest
create(:moderation_report, model: @comment, creator: @user) create(:moderation_report, model: @comment, creator: @user)
end end
should "render the access denied page" do should "render the access denied page for members" do
get_auth moderation_reports_path, @user get_auth moderation_reports_path, @user
assert_response 403 assert_response 403
assert_select "h1", /Access Denied/
end end
should "render" do should "render for mods" do
get_auth moderation_reports_path, @mod get_auth moderation_reports_path, @mod
assert_response :success assert_response :success
end end
@@ -51,6 +50,14 @@ class ModerationReportsControllerTest < ActionDispatch::IntegrationTest
end end
end end
context "show action" do
should "redirect" do
@report = create(:moderation_report, model: @comment, creator: @user)
get_auth moderation_report_path(@report), @mod
assert_redirected_to moderation_reports_path(search: { id: @report.id })
end
end
context "create action" do context "create action" do
should "create a new moderation report on a comment" do should "create a new moderation report on a comment" do
assert_difference("ModerationReport.count", 1) do assert_difference("ModerationReport.count", 1) do
@@ -65,6 +72,13 @@ class ModerationReportsControllerTest < ActionDispatch::IntegrationTest
assert_response :success assert_response :success
end end
end end
should "create a new moderation report on a dmail" do
assert_difference("ModerationReport.count", 1) do
post_auth moderation_reports_path, @user, params: { format: "js", moderation_report: { model_id: @dmail.id, model_type: "Dmail", reason: "xxx" }}
assert_response :success
end
end
end end
end end
end end