pundit: convert posts to pundit.

2020-03-20 01:55:51 -05:00
parent dd39913e55
commit a5418abb31
18 changed files with 178 additions and 95 deletions
--- a/app/views/posts/index.html.erb
+++ b/app/views/posts/index.html.erb
@@ -7,7 +7,7 @@

  <section id="tag-box">
    <h1>Tags</h1>
-    <%= @post_set.presenter.tag_list_html(current_query: params[:tags], show_extra_links: CurrentUser.user.is_gold?) %>
+    <%= @post_set.presenter.tag_list_html(current_query: params[:tags], show_extra_links: policy(Post).show_extra_links?) %>
  </section>

  <% if Danbooru.config.addthis_key.present? %>
--- a/app/views/posts/partials/common/_secondary_links.html.erb
+++ b/app/views/posts/partials/common/_secondary_links.html.erb
@@ -5,13 +5,17 @@
  <% if RecommenderService.available_for_user?(CurrentUser.user) %>
    <%= subnav_link_to "Recommended", recommended_posts_path(search: { user_name: CurrentUser.name }) %>
  <% end %>
-  <% unless CurrentUser.is_anonymous? %>
+  <% if policy(Favorite).create? %>
    <%= subnav_link_to "Favorites", posts_path(tags: "ordfav:#{CurrentUser.user.name}") %>
+  <% end %>
+  <% if policy(FavoriteGroup).create? %>
    <%= subnav_link_to "Fav groups", favorite_groups_path(search: { creator_name: CurrentUser.name }) %>
+  <% end %>
+  <% if policy(SavedSearch).create? %>
    <%= subnav_link_to "Saved searches", posts_path(tags: "search:all") %>
  <% end %>
  <%= subnav_link_to "Changes", post_versions_path %>
-  <% if CurrentUser.can_approve_posts? %>
+  <% if policy(PostApproval).create? %>
    <%= subnav_link_to "Modqueue", modqueue_index_path %>
  <% end %>
  <%= subnav_link_to "Help", wiki_page_path("help:posts") %>
--- a/app/views/posts/partials/index/_mode_menu.html.erb
+++ b/app/views/posts/partials/index/_mode_menu.html.erb
@@ -1,4 +1,4 @@
-<% if CurrentUser.is_gold? %>
+<% if policy(Post).can_use_mode_menu? %>
  <section id="mode-box">
    <h1>Mode</h1>
    <form action="/">
--- a/app/views/posts/partials/index/_options.html.erb
+++ b/app/views/posts/partials/index/_options.html.erb
@@ -1,7 +1,7 @@
 <section id="options-box">
  <h1>Options</h1>
  <ul>
-    <% if CurrentUser.is_member? %>
+    <% if policy(SavedSearch).create? %>
      <li><%= button_tag(tag.i(class: "fas fa-bookmark") + " Save search", id: "save-search", class: "ui-button ui-widget ui-corner-all sub") %></li>
    <% end %>
  </ul>
--- a/app/views/posts/partials/show/_edit.html.erb
+++ b/app/views/posts/partials/show/_edit.html.erb
@@ -26,13 +26,17 @@
    <%= f.input :has_embedded_notes, label: "Embed notes", as: :boolean, boolean_style: :inline, disabled: post.is_note_locked? %>
  </fieldset>

-  <% if CurrentUser.is_builder? %>
+  <% if policy(post).can_lock_rating? || policy(post).can_lock_notes? || policy(post).can_lock_status? %>
    <fieldset class="inline-fieldset">
      <label>Lock</label>

-      <%= f.input :is_rating_locked, label: "Rating", as: :boolean, boolean_style: :inline  %>
-      <%= f.input :is_note_locked, label: "Notes", as: :boolean, boolean_style: :inline  %>
-      <% if CurrentUser.is_admin? %>
+      <% if policy(post).can_lock_rating? %>
+        <%= f.input :is_rating_locked, label: "Rating", as: :boolean, boolean_style: :inline  %>
+      <% end %>
+      <% if policy(post).can_lock_notes? %>
+        <%= f.input :is_note_locked, label: "Notes", as: :boolean, boolean_style: :inline  %>
+      <% end %>
+      <% if policy(post).can_lock_status? %>
        <%= f.input :is_status_locked, label: "Status", as: :boolean, boolean_style: :inline  %>
      <% end %>
    </fieldset>
--- a/app/views/posts/partials/show/_image.html.erb
+++ b/app/views/posts/partials/show/_image.html.erb
@@ -1,3 +1,3 @@
-<% if post.visible? %>
+<% if policy(post).visible? %>
  <%= image_tag(post.file_url_for(CurrentUser.user), :width => post.image_width_for(CurrentUser.user), :height => post.image_height_for(CurrentUser.user), :id => "image", "data-original-width" => post.image_width, "data-original-height" => post.image_height, "data-large-width" => post.large_image_width, "data-large-height" => post.large_image_height, "data-tags" => post.tag_string, :alt => post.presenter.humanized_essential_tag_string, "data-uploader" => post.uploader.name, "data-rating" => post.rating, "data-flags" => post.status_flags, "data-parent-id" => post.parent_id, "data-has-children" => post.has_children?, "data-has-active-children" => post.has_active_children?, "data-score" => post.score, "data-fav-count" => post.fav_count, "itemprop" => "contentUrl") %>
 <% end %>
--- a/app/views/posts/partials/show/_information.html.erb
+++ b/app/views/posts/partials/show/_information.html.erb
@@ -1,6 +1,6 @@
 <ul>
  <li id="post-info-id">ID: <%= post.id %></li>
-  <% if CurrentUser.is_moderator? %>
+  <% if policy(post).can_view_uploader? %>
    <li id="post-info-uploader">Uploader: <%= link_to_user(post.uploader) %></li>
  <% end %>
  <li id="post-info-date">
@@ -11,7 +11,7 @@
    <li id="post-info-approver">Approver: <%= link_to_user(post.approver) %></li>
  <% end %>
  <li id="post-info-size">
-    Size: <%= link_to_if post.visible?, number_to_human_size(post.file_size), post.tagged_file_url %>
+    Size: <%= link_to_if policy(post).visible?, number_to_human_size(post.file_size), post.tagged_file_url %>
    <% if post.has_dimensions? %>
      (<span itemprop="width"><%= post.image_width %></span>x<span itemprop="height"><%= post.image_height %></span>)
    <% end %>
@@ -31,7 +31,7 @@
    <% end %>
  </li>
  <li id="post-info-favorites">Favorites: <span id="favcount-for-post-<%= post.id %>"><%= post.fav_count %></span>
-  <% if CurrentUser.is_gold? %>
+    <% if policy(post).can_view_favlist? %>
    <%= link_to "Show »", "#", id: "show-favlist-link", style: ("display: none;" if post.fav_count == 0) %>
    <%= link_to "« Hide", "#", id: "hide-favlist-link", style: "display: none;" %>
    <div id="favlist" style="display: none;"><%= post_favlist(post) %></div>
--- a/app/views/posts/partials/show/_notices.html.erb
+++ b/app/views/posts/partials/show/_notices.html.erb
@@ -41,7 +41,7 @@

    <%= render "post_disapprovals/counts", :disapprovals => post.disapprovals, :post => post %>

-    <% if CurrentUser.can_approve_posts? && !post.disapproved_by?(CurrentUser.user) %>
+    <% if policy(PostDisapproval).create? && !post.disapproved_by?(CurrentUser.user) %>
      <%= render "modqueue/quick_mod", post: post %>
      <%= render "post_disapprovals/detailed_rejection_dialog" %>
    <% end %>
@@ -67,7 +67,7 @@
  </div>
 <% end %>

-<% if post.visible? && post.has_large? && !post.is_ugoira? %>
+<% if policy(post).visible? && post.has_large? && !post.is_ugoira? %>
  <div class="notice notice-small post-notice post-notice-resized" id="image-resize-notice" style="<%= CurrentUser.default_image_size == "original" ? "display: none;" : "" %>">
    <span>Resized to <%= number_to_percentage post.resize_percentage.floor, :precision => 0 %> of original (<%= link_to "view original", post.tagged_file_url, :id => "image-resize-link" %>)</span>
    <span style="display: none;">Loading...</span>
--- a/app/views/posts/partials/show/_options.html.erb
+++ b/app/views/posts/partials/show/_options.html.erb
@@ -7,17 +7,21 @@
  <li id="post-option-find-similar">
    <%= link_to "Find similar", iqdb_queries_path(post_id: post.id) %>
  </li>
-  <li id="post-option-download">
-    <%= link_to_if post.visible?, "Download", post.tagged_file_url + "?download=1", download: post.presenter.filename_for_download %>
-  </li>
+  <% if policy(post).visible? %>
+    <li id="post-option-download">
+      <%= link_to "Download", post.tagged_file_url + "?download=1", download: post.presenter.filename_for_download %>
+    </li>
+  <% end %>

-  <% if CurrentUser.is_member? %>
+  <% if policy(Favorite).create? %>
    <li id="post-option-add-to-favorites">
      <%= link_to "Favorite", favorites_path(post_id: post.id), remote: true, method: :post, id: "add-to-favorites", "data-shortcut": "f", style: ("display: none;" if @post.is_favorited?) %>
    </li>
    <li id="post-option-remove-from-favorites">
      <%= link_to "Unfavorite", favorite_path(post), remote: true, method: :delete, id: "remove-from-favorites", "data-shortcut": "shift+f", style: ("display: none;" if !@post.is_favorited?) %>
    </li>
+  <% end %>
+  <% if policy(post).update? %>
    <li id="post-option-edit"><%= link_to "Edit", "#edit", id: "side-edit-link" %></li>
    <li id="post-option-add-to-pool"><%= link_to "Add to pool", "#", id: "pool" %></li>
    <li id="post-option-add-note">
@@ -31,18 +35,21 @@
      <li id="post-option-copy-notes"><%= link_to "Copy notes", "#", id: "copy-notes" %></li>
    <% end %>
    <li id="post-option-add-commentary"><%= link_to "Add commentary", "#", id: "add-commentary" %></li>
+  <% end %>
+  <% if policy(FavoriteGroup).create? %>
    <li id="post-option-add-fav-group"><%= link_to "Add to fav group", "#", id: "open-favgroup-dialog-link", "data-shortcut": "g" %></li>
+  <% end %>

    <% if post.is_status_locked? %>
      <li id="post-option-status-locked">Status locked</li>
    <% else %>
-      <% if !post.is_deleted? && !post.is_pending? && !post.is_flagged? %>
+      <% if (!post.is_deleted? && !post.is_pending? && !post.is_flagged?) && policy(PostFlag).create? %>
        <li id="post-option-flag"><%= link_to "Flag", new_post_flag_path(post_flag: { post_id: post.id }), remote: true %></li>
-      <% elsif post.is_flagged? || post.is_deleted? %>
+      <% elsif (post.is_flagged? || post.is_deleted?) && policy(PostAppeal).create? %>
        <li id="post-option-appeal"><%= link_to "Appeal", new_post_appeal_path(post_appeal: { post_id: post.id }), remote: true %></li>
      <% end %>

-      <% if CurrentUser.can_approve_posts? %>
+      <% if policy(PostApproval).create? %>
        <% if post.is_deleted? %>
          <li id="post-option-undelete"><%= link_to "Undelete", post_approvals_path(post_id: post.id), remote: true, method: :post, "data-confirm": "Are you sure you want to undelete this post?" %></li>
          <% if post.fav_count > 0 && post.parent_id %>
@@ -66,11 +73,10 @@
        <% if CurrentUser.is_admin? %>
          <li id="post-option-expunge"><%= link_to "Expunge", expunge_moderator_post_post_path(post_id: post.id), remote: true, method: :post, "data-confirm": "This will permanently delete this post (meaning the file will be deleted). Are you sure you want to delete this post?" %></li>
        <% end %>
+      <% end %>

-        <% if CurrentUser.is_moderator? %>
-          <li id="post-option-replace-image"><%= link_to "Replace image", new_post_replacement_path(post_id: post.id), remote: true %></li>
-        <% end %>
+      <% if policy(PostReplacement).create? %>
+        <li id="post-option-replace-image"><%= link_to "Replace image", new_post_replacement_path(post_id: post.id), remote: true %></li>
      <% end %>
    <% end %>
-  <% end %>
 </ul>
--- a/app/views/posts/show.html+tooltip.erb
+++ b/app/views/posts/show.html+tooltip.erb
@@ -1,6 +1,6 @@
 <div class="post-tooltip-header">
  <span class="post-tooltip-header-left">
-    <% if CurrentUser.is_moderator? %>
+    <% if policy(@post).can_view_uploader? %>
      <%= link_to_user @post.uploader %>
    <% end %>

--- a/app/views/posts/show.html.erb
+++ b/app/views/posts/show.html.erb
@@ -10,7 +10,7 @@
  <%= render "posts/partials/index/blacklist" %>

  <section id="tag-list">
-    <%= @post.presenter.split_tag_list_html(current_query: params[:q], show_extra_links: CurrentUser.user.is_gold?) %>
+    <%= @post.presenter.split_tag_list_html(current_query: params[:q], show_extra_links: policy(@post).show_extra_links?) %>
  </section>

  <section id="post-information">
@@ -108,7 +108,7 @@
      <li><a href="#recommended">Recommended</a></li>
    <% end %>

-    <% if CurrentUser.is_member? && @post.visible? %>
+    <% if policy(@post).update? %>
      <li><a href="#edit" id="post-edit-link" data-shortcut="e">Edit</a></li>
    <% end %>
  </menu>
@@ -134,22 +134,26 @@
    <% end %>
  </section>

-  <% if CurrentUser.is_member? && @post.visible? %>
+  <% if policy(@post).update? %>
    <section id="edit" style="display: none;">
      <%= render "posts/partials/show/edit", :post => @post %>
    </section>
  <% end %>
 <% end %>

-<% if CurrentUser.is_member? %>
+<% if policy(Pool).create? %>
  <div id="add-to-pool-dialog" title="Add to pool" style="display: none;">
    <%= render "pool_elements/new" %>
  </div>
+<% end %>

+<% if policy(ArtistCommentary).create_or_update? %>
  <div id="add-commentary-dialog" title="Add artist commentary" style="display: none;">
    <%= render "artist_commentaries/form", post: @post, artist_commentary: @post.artist_commentary || ArtistCommentary.new(post: @post) %>
  </div>
+<% end %>

+<% if policy(FavoriteGroup).create? %>
  <div id="add-to-favgroup-dialog" title="Add to favorite group" style="display: none;">
    <%= render "favorite_groups/add_to_favgroup_dialog", :post => @post %>
  </div>
@@ -161,7 +165,7 @@
  <meta name="post-id" content="<%= @post.id %>">
  <meta name="post-has-embedded-notes" content="<%= @post.has_embedded_notes? %>">

-  <% if @post.visible? %>
+  <% if policy(@post).visible? %>
    <%= tag.meta name: "og:image", content: @post.open_graph_image_url %>
  <% end %>

@@ -170,7 +174,7 @@
  <% if @post.twitter_card_supported? %>
    <meta name="twitter:card" content="summary_large_image">

-    <% if @post.visible? %>
+    <% if policy(@post).visible? %>
      <%= tag.meta name: "twitter:image", content: @post.open_graph_image_url %>
    <% end %>
  <% end %>