jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

controllers: allow banned users to use GET actions.

Browse Source 
Make member_only et al only apply to non-GET actions. This avoids doing
IP ban checks when simply viewing members-only pages.
This commit is contained in:
evazion
2020-02-16 04:21:20 -06:00
parent 594c4ea0c9
commit 998eece95d
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/application_controller.rb
View File

@@ -154,11 +154,15 @@ class ApplicationController < ActionController::Base
render_error_page(status, error) render_error_page(status, error)
end end
def role_only!(role)
raise User::PrivilegeError if !CurrentUser.send("is_#{role}?")
raise User::PrivilegeError if !request.get? && CurrentUser.user.is_banned?
raise User::PrivilegeError if !request.get? && IpBan.is_banned?(CurrentUser.ip_addr)
end
User::Roles.each do |role| User::Roles.each do |role|
define_method("#{role}_only") do define_method("#{role}_only") do
if !CurrentUser.user.send("is_#{role}?") || CurrentUser.user.is_banned? || IpBan.is_banned?(CurrentUser.ip_addr) role_only!(role)
raise User::PrivilegeError
end
end end
end end