post votes: fix exception when voting on posts using API.

Fix an `undefined method post_vote_url` exception when doing `POST https://danbooru.donmai.us/posts/1/votes.json`. Also add the following API endpoints: * https://danbooru.donmai.us/post_votes/:id.json * https://danbooru.donmai.us/comment_votes/:id.json * https://danbooru.donmai.us/forum_post_votes/:id.json where `:id` is the vote ID, not the post ID.
2021-11-14 20:11:38 -06:00
parent afae7aed07
commit ab6d9bd0e8
9 changed files with 97 additions and 3 deletions
--- a/app/controllers/comment_votes_controller.rb
+++ b/app/controllers/comment_votes_controller.rb
@@ -8,6 +8,11 @@ class CommentVotesController < ApplicationController
    respond_with(@comment_votes)
  end

+  def show
+    @comment_vote = authorize CommentVote.find(params[:id])
+    respond_with(@comment_vote)
+  end
+
  def create
    @comment = Comment.find(params[:comment_id])

--- a/app/controllers/forum_post_votes_controller.rb
+++ b/app/controllers/forum_post_votes_controller.rb
@@ -8,6 +8,11 @@ class ForumPostVotesController < ApplicationController
    respond_with(@forum_post_votes)
  end

+  def show
+    @forum_post_vote = authorize ForumPostVote.find(params[:id])
+    respond_with(@forum_post_vote)
+  end
+
  def create
    @forum_post = ForumPost.find(params[:forum_post_id])
    @forum_post_vote = authorize ForumPostVote.new(creator: CurrentUser.user, forum_post: @forum_post, **permitted_attributes(ForumPostVote))
--- a/app/controllers/post_votes_controller.rb
+++ b/app/controllers/post_votes_controller.rb
@@ -8,6 +8,11 @@ class PostVotesController < ApplicationController
    respond_with(@post_votes)
  end

+  def show
+    @post_vote = authorize PostVote.find(params[:id])
+    respond_with(@post_vote)
+  end
+
  def create
    @post = Post.find(params[:post_id])

--- a/app/policies/comment_vote_policy.rb
+++ b/app/policies/comment_vote_policy.rb
@@ -7,6 +7,10 @@ class CommentVotePolicy < ApplicationPolicy
    !record.is_deleted? && (record.user_id == user.id || user.is_admin?)
  end

+  def show?
+    can_see_votes? || record.user == user
+  end
+
  def can_see_votes?
    user.is_moderator?
  end
--- a/app/policies/post_vote_policy.rb
+++ b/app/policies/post_vote_policy.rb
@@ -6,4 +6,8 @@ class PostVotePolicy < ApplicationPolicy
  def destroy?
    unbanned? && record.user == user
  end
+
+  def show?
+    user.is_admin? || record.user == user
+  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -89,7 +89,7 @@ Rails.application.routes.draw do
      post :approve
    end
  end
-  resources :comment_votes, only: [:index, :destroy]
+  resources :comment_votes, only: [:index, :show, :destroy]
  resources :comments do
    resource :votes, controller: "comment_votes", only: [:create, :destroy], as: "comment_votes"
    collection do
@@ -134,7 +134,7 @@ Rails.application.routes.draw do
      get :search
    end
  end
-  resources :forum_post_votes, only: [:index, :create, :destroy]
+  resources :forum_post_votes, only: [:index, :show, :create, :destroy]
  resources :forum_topics do
    member do
      post :undelete
@@ -189,7 +189,7 @@ Rails.application.routes.draw do
  end
  resources :post_regenerations, :only => [:create]
  resources :post_replacements, :only => [:index, :new, :create, :update]
-  resources :post_votes, only: [:index]
+  resources :post_votes, only: [:index, :show]

  # XXX Use `only: []` to avoid redefining post routes defined at top of file.
  resources :posts, only: [] do
--- a/test/functional/comment_votes_controller_test.rb
+++ b/test/functional/comment_votes_controller_test.rb
@@ -53,12 +53,40 @@ class CommentVotesControllerTest < ActionDispatch::IntegrationTest
      end
    end

+    context "show action" do
+      setup do
+        @comment_vote = create(:comment_vote, comment: @comment, user: @user)
+      end
+
+      should "show the vote to the voter" do
+        get_auth comment_vote_path(@comment_vote), @user, as: :json
+        assert_response :success
+      end
+
+      should "show the vote to moderators" do
+        get_auth comment_vote_path(@comment_vote), create(:moderator_user), as: :json
+        assert_response :success
+      end
+
+      should "not show the vote to other users" do
+        get_auth comment_vote_path(@comment_vote), create(:user), as: :json
+        assert_response 403
+      end
+    end
+
    context "create action" do
      setup do
        @user = create(:user)
        @comment = create(:comment)
      end

+      should "work for a JSON response" do
+        post_auth comment_comment_votes_path(comment_id: @comment.id), @user, params: { score: 1, format: "json" }
+
+        assert_response 201
+        assert_equal(1, @comment.reload.score)
+      end
+
      should "not allow anonymous users to vote" do
        post comment_comment_votes_path(comment_id: @comment.id, score: "1"), xhr: true
        assert_response 403
--- a/test/functional/forum_post_votes_controller_test.rb
+++ b/test/functional/forum_post_votes_controller_test.rb
@@ -34,7 +34,22 @@ class ForumPostVotesControllerTest < ActionDispatch::IntegrationTest
      end
    end

+    context "show action" do
+      should "show the vote to all users" do
+        @forum_post_vote = create(:forum_post_vote, forum_post: @forum_post)
+        get forum_post_vote_path(@forum_post_vote), as: :json
+        assert_response :success
+      end
+    end
+
    context "create action" do
+      should "work for a JSON response" do
+        post_auth forum_post_votes_path, @user, params: { forum_post_id: @forum_post.id, forum_post_vote: { score: 1 }}, as: :json
+
+        assert_response 201
+        assert_equal(1, @forum_post.votes.count)
+      end
+
      should "allow members to vote" do
        assert_difference("ForumPostVote.count", 1) do
          post_auth forum_post_votes_path(format: :js), @user, params: { forum_post_id: @forum_post.id, forum_post_vote: { score: 1 }}
--- a/test/functional/post_votes_controller_test.rb
+++ b/test/functional/post_votes_controller_test.rb
@@ -44,7 +44,35 @@ class PostVotesControllerTest < ActionDispatch::IntegrationTest
      end
    end

+    context "show action" do
+      setup do
+        @post_vote = create(:post_vote, post: @post, user: @user)
+      end
+
+      should "show the vote to the voter" do
+        get_auth post_vote_path(@post_vote), @user, as: :json
+        assert_response :success
+      end
+
+      should "show the vote to admins" do
+        get_auth post_vote_path(@post_vote), create(:admin_user), as: :json
+        assert_response :success
+      end
+
+      should "not show the vote to other users" do
+        get_auth post_vote_path(@post_vote), create(:user), as: :json
+        assert_response 403
+      end
+    end
+
    context "create action" do
+      should "work for a JSON response" do
+        post_auth post_post_votes_path(post_id: @post.id), @user, params: { score: 1, format: "json" }
+
+        assert_response 201
+        assert_equal(1, @post.reload.score)
+      end
+
      should "not allow anonymous users to vote" do
        post post_post_votes_path(post_id: @post.id), params: { score: 1, format: "js" }