jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pundit: convert posts to pundit.

Browse Source
This commit is contained in:
evazion
2020-03-20 01:55:51 -05:00
parent dd39913e55
commit a5418abb31
18 changed files with 178 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
app/controllers/posts_controller.rb
View File

@@ -1,17 +1,17 @@
class PostsController < ApplicationController
before_action :member_only, :except => [:show, :show_seq, :index, :home, :random]
respond_to :html, :xml, :json, :js
layout "sidebar"
def index
if params[:md5].present?
@post = Post.find_by!(md5: params[:md5])
@post = authorize Post.find_by!(md5: params[:md5])
respond_with(@post) do |format|
format.html { redirect_to(@post) }
end
else
tag_query = params[:tags] || params.dig(:post, :tags)
@post_set = PostSets::Post.new(tag_query, params[:page], params[:limit], raw: params[:raw], random: params[:random], format: params[:format])
@posts = @post_set.posts
@posts = authorize @post_set.posts
respond_with(@posts) do |format|
format.atom
end
@@ -19,7 +19,7 @@ class PostsController < ApplicationController
end
def show
@post = Post.find(params[:id])
@post = authorize Post.find(params[:id])
if request.format.html?
@comments = @post.comments
@@ -41,6 +41,7 @@ class PostsController < ApplicationController
end
def show_seq
authorize Post
context = PostSearchContext.new(params)
if context.post_id
redirect_to(post_path(context.post_id, q: params[:q]))
@@ -50,19 +51,15 @@ class PostsController < ApplicationController
end
def update
@post = Post.find(params[:id])
@post.update(post_params) if @post.visible?
@post = authorize Post.find(params[:id])
@post.update(permitted_attributes(@post))
respond_with_post_after_update(@post)
end
def revert
@post = Post.find(params[:id])
@post = authorize Post.find(params[:id])
@version = @post.versions.find(params[:version_id])
if @post.visible?
@post.revert_to!(@version)
end
@post.revert_to!(@version)
respond_with(@post) do |format|
format.js
@@ -71,7 +68,7 @@ class PostsController < ApplicationController
def copy_notes
@post = Post.find(params[:id])
@other_post = Post.find(params[:other_post_id].to_i)
@other_post = authorize Post.find(params[:other_post_id].to_i)
@post.copy_notes_to(@other_post)
if @post.errors.any?
@@ -83,7 +80,7 @@ class PostsController < ApplicationController
end
def random
@post = Post.tag_match(params[:tags]).random
@post = authorize Post.tag_match(params[:tags]).random
raise ActiveRecord::RecordNotFound if @post.nil?
respond_with(@post) do |format|
format.html { redirect_to post_path(@post, :tags => params[:tags]) }
@@ -91,17 +88,13 @@ class PostsController < ApplicationController
end
def mark_as_translated
@post = Post.find(params[:id])
@post = authorize Post.find(params[:id])
@post.mark_as_translated(params[:post])
respond_with_post_after_update(@post)
end
private
def tag_query
params[:tags] || (params[:post] && params[:post][:tags])
end
def respond_with_post_after_update(post)
respond_with(post) do |format|
format.html do
@@ -124,18 +117,4 @@ class PostsController < ApplicationController
end
end
end
def post_params
permitted_params = %i[
tag_string old_tag_string
parent_id old_parent_id
source old_source
rating old_rating
has_embedded_notes
]
permitted_params += %i[is_rating_locked is_note_locked] if CurrentUser.is_builder?
permitted_params += %i[is_status_locked] if CurrentUser.is_admin?
params.require(:post).permit(permitted_params)
end
end

68
app/policies/post_policy.rb Normal file
View File

@@ -0,0 +1,68 @@
class PostPolicy < ApplicationPolicy
def show_seq?
true
end
def random?
true
end
def update?
unbanned? && record.visible?
end
def revert?
update?
end
def copy_notes?
update?
end
def mark_as_translated?
update?
end
def visible?
record.visible?
end
def can_view_uploader?
user.is_moderator?
end
def can_lock_rating?
user.is_builder?
end
def can_lock_notes?
user.is_builder?
end
def can_lock_status?
user.is_admin?
end
def can_use_mode_menu?
user.is_gold?
end
def can_view_favlist?
user.is_gold?
end
# whether to show the + - links in the tag list.
def show_extra_links?
user.is_gold?
end
def permitted_attributes
[
:tag_string, :old_tag_string, :parent_id, :old_parent_id,
:source, :old_source, :rating, :old_rating, :has_embedded_notes,
(:is_rating_locked if can_lock_rating?),
(:is_noted_locked if can_lock_notes?),
(:is_status_locked if can_lock_status?),
].compact
end
end

2
app/views/comments/_index_by_comment.html.erb
View File

@@ -4,7 +4,7 @@
<% if CurrentUser.is_moderator? || (params[:search] && params[:search][:is_deleted] =~ /t/) || !comment.is_deleted? %>
<%= content_tag(:div, { id: "post_#{comment.post.id}", class: ["post", *PostPresenter.preview_class(comment.post)].join(" ") }.merge(PostPresenter.data_attributes(comment.post))) do %>
<div class="preview">
<% if comment.post.visible? %>
<% if policy(comment.post).visible? %>
<%= link_to(image_tag(comment.post.preview_file_url), post_path(comment.post)) %>
<% end %>
</div>

2
app/views/comments/partials/index/_header.html.erb
View File

@@ -4,7 +4,7 @@
<strong>Date</strong>
<%= compact_time(post.created_at) %>
</span>
<% if CurrentUser.is_moderator? %>
<% if policy(post).can_view_uploader? %>
<span class="info">
<strong>User</strong>
<%= link_to_user(post.uploader) %>

2
app/views/favorites/_update.js.erb
View File

@@ -4,7 +4,7 @@ $("#score-for-post-<%= @post.id %>").text(<%= @post.score %>);
$("#favcount-for-post-<%= @post.id %>").text(<%= @post.fav_count %>);
$(".fav-buttons").toggleClass("fav-buttons-false").toggleClass("fav-buttons-true");
<% if CurrentUser.is_gold? %>
<% if policy(@post).can_view_favlist? %>
var fav_count = <%= @post.fav_count %>;
$("#favlist").html("<%= j post_favlist(@post) %>");

2
app/views/posts/index.html.erb
View File

@@ -7,7 +7,7 @@
<section id="tag-box">
<h1>Tags</h1>
<%= @post_set.presenter.tag_list_html(current_query: params[:tags], show_extra_links: CurrentUser.user.is_gold?) %>
<%= @post_set.presenter.tag_list_html(current_query: params[:tags], show_extra_links: policy(Post).show_extra_links?) %>
</section>
<% if Danbooru.config.addthis_key.present? %>

8
app/views/posts/partials/common/_secondary_links.html.erb
View File

@@ -5,13 +5,17 @@
<% if RecommenderService.available_for_user?(CurrentUser.user) %>
<%= subnav_link_to "Recommended", recommended_posts_path(search: { user_name: CurrentUser.name }) %>
<% end %>
<% unless CurrentUser.is_anonymous? %>
<% if policy(Favorite).create? %>
<%= subnav_link_to "Favorites", posts_path(tags: "ordfav:#{CurrentUser.user.name}") %>
<% end %>
<% if policy(FavoriteGroup).create? %>
<%= subnav_link_to "Fav groups", favorite_groups_path(search: { creator_name: CurrentUser.name }) %>
<% end %>
<% if policy(SavedSearch).create? %>
<%= subnav_link_to "Saved searches", posts_path(tags: "search:all") %>
<% end %>
<%= subnav_link_to "Changes", post_versions_path %>
<% if CurrentUser.can_approve_posts? %>
<% if policy(PostApproval).create? %>
<%= subnav_link_to "Modqueue", modqueue_index_path %>
<% end %>
<%= subnav_link_to "Help", wiki_page_path("help:posts") %>

2
app/views/posts/partials/index/_mode_menu.html.erb
View File

@@ -1,4 +1,4 @@
<% if CurrentUser.is_gold? %>
<% if policy(Post).can_use_mode_menu? %>
<section id="mode-box">
<h1>Mode</h1>
<form action="/">

2
app/views/posts/partials/index/_options.html.erb
View File

@@ -1,7 +1,7 @@
<section id="options-box">
<h1>Options</h1>
<ul>
<% if CurrentUser.is_member? %>
<% if policy(SavedSearch).create? %>
<li><%= button_tag(tag.i(class: "fas fa-bookmark") + " Save search", id: "save-search", class: "ui-button ui-widget ui-corner-all sub") %></li>
<% end %>
</ul>

12
app/views/posts/partials/show/_edit.html.erb
View File

@@ -26,13 +26,17 @@
<%= f.input :has_embedded_notes, label: "Embed notes", as: :boolean, boolean_style: :inline, disabled: post.is_note_locked? %>
</fieldset>
<% if CurrentUser.is_builder? %>
<% if policy(post).can_lock_rating? || policy(post).can_lock_notes? || policy(post).can_lock_status? %>
<fieldset class="inline-fieldset">
<label>Lock</label>
<%= f.input :is_rating_locked, label: "Rating", as: :boolean, boolean_style: :inline %>
<%= f.input :is_note_locked, label: "Notes", as: :boolean, boolean_style: :inline %>
<% if CurrentUser.is_admin? %>
<% if policy(post).can_lock_rating? %>
<%= f.input :is_rating_locked, label: "Rating", as: :boolean, boolean_style: :inline %>
<% end %>
<% if policy(post).can_lock_notes? %>
<%= f.input :is_note_locked, label: "Notes", as: :boolean, boolean_style: :inline %>
<% end %>
<% if policy(post).can_lock_status? %>
<%= f.input :is_status_locked, label: "Status", as: :boolean, boolean_style: :inline %>
<% end %>
</fieldset>

2
app/views/posts/partials/show/_image.html.erb
View File

@@ -1,3 +1,3 @@
<% if post.visible? %>
<% if policy(post).visible? %>
<%= image_tag(post.file_url_for(CurrentUser.user), :width => post.image_width_for(CurrentUser.user), :height => post.image_height_for(CurrentUser.user), :id => "image", "data-original-width" => post.image_width, "data-original-height" => post.image_height, "data-large-width" => post.large_image_width, "data-large-height" => post.large_image_height, "data-tags" => post.tag_string, :alt => post.presenter.humanized_essential_tag_string, "data-uploader" => post.uploader.name, "data-rating" => post.rating, "data-flags" => post.status_flags, "data-parent-id" => post.parent_id, "data-has-children" => post.has_children?, "data-has-active-children" => post.has_active_children?, "data-score" => post.score, "data-fav-count" => post.fav_count, "itemprop" => "contentUrl") %>
<% end %>

6
app/views/posts/partials/show/_information.html.erb
View File

@@ -1,6 +1,6 @@
<ul>
<li id="post-info-id">ID: <%= post.id %></li>
<% if CurrentUser.is_moderator? %>
<% if policy(post).can_view_uploader? %>
<li id="post-info-uploader">Uploader: <%= link_to_user(post.uploader) %></li>
<% end %>
<li id="post-info-date">
@@ -11,7 +11,7 @@
<li id="post-info-approver">Approver: <%= link_to_user(post.approver) %></li>
<% end %>
<li id="post-info-size">
Size: <%= link_to_if post.visible?, number_to_human_size(post.file_size), post.tagged_file_url %>
Size: <%= link_to_if policy(post).visible?, number_to_human_size(post.file_size), post.tagged_file_url %>
<% if post.has_dimensions? %>
(<span itemprop="width"><%= post.image_width %></span>x<span itemprop="height"><%= post.image_height %></span>)
<% end %>
@@ -31,7 +31,7 @@
<% end %>
</li>
<li id="post-info-favorites">Favorites: <span id="favcount-for-post-<%= post.id %>"><%= post.fav_count %></span>
<% if CurrentUser.is_gold? %>
<% if policy(post).can_view_favlist? %>
<%= link_to "Show »", "#", id: "show-favlist-link", style: ("display: none;" if post.fav_count == 0) %>
<%= link_to "« Hide", "#", id: "hide-favlist-link", style: "display: none;" %>
<div id="favlist" style="display: none;"><%= post_favlist(post) %></div>

4
app/views/posts/partials/show/_notices.html.erb
View File

@@ -41,7 +41,7 @@
<%= render "post_disapprovals/counts", :disapprovals => post.disapprovals, :post => post %>
<% if CurrentUser.can_approve_posts? && !post.disapproved_by?(CurrentUser.user) %>
<% if policy(PostDisapproval).create? && !post.disapproved_by?(CurrentUser.user) %>
<%= render "modqueue/quick_mod", post: post %>
<%= render "post_disapprovals/detailed_rejection_dialog" %>
<% end %>
@@ -67,7 +67,7 @@
</div>
<% end %>
<% if post.visible? && post.has_large? && !post.is_ugoira? %>
<% if policy(post).visible? && post.has_large? && !post.is_ugoira? %>
<div class="notice notice-small post-notice post-notice-resized" id="image-resize-notice" style="<%= CurrentUser.default_image_size == "original" ? "display: none;" : "" %>">
<span>Resized to <%= number_to_percentage post.resize_percentage.floor, :precision => 0 %> of original (<%= link_to "view original", post.tagged_file_url, :id => "image-resize-link" %>)</span>
<span style="display: none;">Loading...</span>

28
app/views/posts/partials/show/_options.html.erb
View File

@@ -7,17 +7,21 @@
<li id="post-option-find-similar">
<%= link_to "Find similar", iqdb_queries_path(post_id: post.id) %>
</li>
<li id="post-option-download">
<%= link_to_if post.visible?, "Download", post.tagged_file_url + "?download=1", download: post.presenter.filename_for_download %>
</li>
<% if policy(post).visible? %>
<li id="post-option-download">
<%= link_to "Download", post.tagged_file_url + "?download=1", download: post.presenter.filename_for_download %>
</li>
<% end %>
<% if CurrentUser.is_member? %>
<% if policy(Favorite).create? %>
<li id="post-option-add-to-favorites">
<%= link_to "Favorite", favorites_path(post_id: post.id), remote: true, method: :post, id: "add-to-favorites", "data-shortcut": "f", style: ("display: none;" if @post.is_favorited?) %>
</li>
<li id="post-option-remove-from-favorites">
<%= link_to "Unfavorite", favorite_path(post), remote: true, method: :delete, id: "remove-from-favorites", "data-shortcut": "shift+f", style: ("display: none;" if !@post.is_favorited?) %>
</li>
<% end %>
<% if policy(post).update? %>
<li id="post-option-edit"><%= link_to "Edit", "#edit", id: "side-edit-link" %></li>
<li id="post-option-add-to-pool"><%= link_to "Add to pool", "#", id: "pool" %></li>
<li id="post-option-add-note">
@@ -31,18 +35,21 @@
<li id="post-option-copy-notes"><%= link_to "Copy notes", "#", id: "copy-notes" %></li>
<% end %>
<li id="post-option-add-commentary"><%= link_to "Add commentary", "#", id: "add-commentary" %></li>
<% end %>
<% if policy(FavoriteGroup).create? %>
<li id="post-option-add-fav-group"><%= link_to "Add to fav group", "#", id: "open-favgroup-dialog-link", "data-shortcut": "g" %></li>
<% end %>
<% if post.is_status_locked? %>
<li id="post-option-status-locked">Status locked</li>
<% else %>
<% if !post.is_deleted? && !post.is_pending? && !post.is_flagged? %>
<% if (!post.is_deleted? && !post.is_pending? && !post.is_flagged?) && policy(PostFlag).create? %>
<li id="post-option-flag"><%= link_to "Flag", new_post_flag_path(post_flag: { post_id: post.id }), remote: true %></li>
<% elsif post.is_flagged? || post.is_deleted? %>
<% elsif (post.is_flagged? || post.is_deleted?) && policy(PostAppeal).create? %>
<li id="post-option-appeal"><%= link_to "Appeal", new_post_appeal_path(post_appeal: { post_id: post.id }), remote: true %></li>
<% end %>
<% if CurrentUser.can_approve_posts? %>
<% if policy(PostApproval).create? %>
<% if post.is_deleted? %>
<li id="post-option-undelete"><%= link_to "Undelete", post_approvals_path(post_id: post.id), remote: true, method: :post, "data-confirm": "Are you sure you want to undelete this post?" %></li>
<% if post.fav_count > 0 && post.parent_id %>
@@ -66,11 +73,10 @@
<% if CurrentUser.is_admin? %>
<li id="post-option-expunge"><%= link_to "Expunge", expunge_moderator_post_post_path(post_id: post.id), remote: true, method: :post, "data-confirm": "This will permanently delete this post (meaning the file will be deleted). Are you sure you want to delete this post?" %></li>
<% end %>
<% end %>
<% if CurrentUser.is_moderator? %>
<li id="post-option-replace-image"><%= link_to "Replace image", new_post_replacement_path(post_id: post.id), remote: true %></li>
<% end %>
<% if policy(PostReplacement).create? %>
<li id="post-option-replace-image"><%= link_to "Replace image", new_post_replacement_path(post_id: post.id), remote: true %></li>
<% end %>
<% end %>
<% end %>
</ul>

2
app/views/posts/show.html+tooltip.erb
View File

@@ -1,6 +1,6 @@
<div class="post-tooltip-header">
<span class="post-tooltip-header-left">
<% if CurrentUser.is_moderator? %>
<% if policy(@post).can_view_uploader? %>
<%= link_to_user @post.uploader %>
<% end %>

16
app/views/posts/show.html.erb
View File

@@ -10,7 +10,7 @@
<%= render "posts/partials/index/blacklist" %>
<section id="tag-list">
<%= @post.presenter.split_tag_list_html(current_query: params[:q], show_extra_links: CurrentUser.user.is_gold?) %>
<%= @post.presenter.split_tag_list_html(current_query: params[:q], show_extra_links: policy(@post).show_extra_links?) %>
</section>
<section id="post-information">
@@ -108,7 +108,7 @@
<li><a href="#recommended">Recommended</a></li>
<% end %>
<% if CurrentUser.is_member? && @post.visible? %>
<% if policy(@post).update? %>
<li><a href="#edit" id="post-edit-link" data-shortcut="e">Edit</a></li>
<% end %>
</menu>
@@ -134,22 +134,26 @@
<% end %>
</section>
<% if CurrentUser.is_member? && @post.visible? %>
<% if policy(@post).update? %>
<section id="edit" style="display: none;">
<%= render "posts/partials/show/edit", :post => @post %>
</section>
<% end %>
<% end %>
<% if CurrentUser.is_member? %>
<% if policy(Pool).create? %>
<div id="add-to-pool-dialog" title="Add to pool" style="display: none;">
<%= render "pool_elements/new" %>
</div>
<% end %>
<% if policy(ArtistCommentary).create_or_update? %>
<div id="add-commentary-dialog" title="Add artist commentary" style="display: none;">
<%= render "artist_commentaries/form", post: @post, artist_commentary: @post.artist_commentary || ArtistCommentary.new(post: @post) %>
</div>
<% end %>
<% if policy(FavoriteGroup).create? %>
<div id="add-to-favgroup-dialog" title="Add to favorite group" style="display: none;">
<%= render "favorite_groups/add_to_favgroup_dialog", :post => @post %>
</div>
@@ -161,7 +165,7 @@
<meta name="post-id" content="<%= @post.id %>">
<meta name="post-has-embedded-notes" content="<%= @post.has_embedded_notes? %>">
<% if @post.visible? %>
<% if policy(@post).visible? %>
<%= tag.meta name: "og:image", content: @post.open_graph_image_url %>
<% end %>
@@ -170,7 +174,7 @@
<% if @post.twitter_card_supported? %>
<meta name="twitter:card" content="summary_large_image">
<% if @post.visible? %>
<% if policy(@post).visible? %>
<%= tag.meta name: "twitter:image", content: @post.open_graph_image_url %>
<% end %>
<% end %>