Raise error on unpermitted params.

Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs

app/models/bulk_update_request.rb

@@ -2,9 +2,9 @@ class BulkUpdateRequest < ApplicationRecord
   attr_accessor :reason, :skip_secondary_validations
 
   belongs_to :user
-  belongs_to :forum_topic
-  belongs_to :forum_post
-  belongs_to :approver, :class_name => "User"
+  belongs_to :forum_topic, optional: true
+  belongs_to :forum_post, optional: true
+  belongs_to :approver, optional: true, class_name: "User"
 
   validates_presence_of :user
   validates_presence_of :script
@@ -112,10 +112,12 @@ class BulkUpdateRequest < ApplicationRecord
     def create_forum_topic
       if forum_topic_id
         forum_post = forum_topic.posts.create(body: reason_with_link)
-        update_attributes(:forum_post_id => forum_post.id)
+        update(forum_post_id: forum_post.id)
       else
-        forum_topic = ForumTopic.create(:title => title, :category_id => 1, :original_post_attributes => {:body => reason_with_link})
-        update_attributes(:forum_topic_id => forum_topic.id, :forum_post_id => forum_topic.posts.first.id)
+        forum_topic = ForumTopic.create(title: title, category_id: 1, original_post_attributes: {body: reason_with_link})
+        puts forum_topic.errors.full_messages
+        puts forum_topic.original_post.errors.full_messages
+        update(forum_topic_id: forum_topic.id, forum_post_id: forum_topic.posts.first.id)
       end
     end
 
@@ -136,13 +138,13 @@ class BulkUpdateRequest < ApplicationRecord
       AliasAndImplicationImporter.tokenize(script)
       return true
     rescue StandardError => e
-      errors.add(:base, e.message)
+      errors[:base] << e.message
       return false
     end
 
     def forum_topic_id_not_invalid
       if forum_topic_id && !forum_topic
-        errors.add(:base, "Forum topic ID is invalid")
+        errors[:base] << "Forum topic ID is invalid"
       end
     end
 
@@ -150,7 +152,7 @@ class BulkUpdateRequest < ApplicationRecord
       begin
         AliasAndImplicationImporter.new(script, forum_topic_id, "1", skip_secondary_validations).validate!
       rescue RuntimeError => e
-        self.errors[:base] = e.message
+        self.errors[:base] << e.message
         return false
       end