jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Raise error on unpermitted params.

Browse Source 
Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs
This commit is contained in:
r888888888
2018-04-02 10:51:26 -07:00
committed by Albert Yi
parent 01eda51020
commit abce4d2551
362 changed files with 4796 additions and 4799 deletions
Download Patch File Download Diff File Expand all files Collapse all files

193
test/functional/artists_controller_test.rb
View File

@@ -1,164 +1,157 @@
require 'test_helper'
class ArtistsControllerTest < ActionController::TestCase
def assert_artist_found(expected_artist, source_url)
get :finder, { :format => :json, :url => source_url }, { :user_id => @user.id }
class ArtistsControllerTest < ActionDispatch::IntegrationTest
def assert_artist_found(expected_artist, source_url = nil)
if source_url
get_auth finder_artists_path(format: "json", url: source_url), @user
end
assert_response :success
assert_equal(1, assigns(:artists).size, "Testing URL: #{source_url}")
assert_equal(expected_artist, assigns(:artists).first.name)
json = JSON.parse(response.body)
assert_equal(1, json.size, "Testing URL: #{source_url}")
assert_equal(expected_artist, json[0]["name"])
end
def assert_artist_not_found(source_url)
get :finder, { :format => :json, :url => source_url }, { :user_id => @user.id }
get_auth finder_artists_path(format: "json", url: source_url), @user
assert_response :success
assert_equal(0, assigns(:artists).size, "Testing URL: #{source_url}")
json = JSON.parse(response.body)
assert_equal(0, json.size, "Testing URL: #{source_url}")
end
context "An artists controller" do
setup do
@user = FactoryGirl.create(:user)
CurrentUser.user = @user
CurrentUser.ip_addr = "127.0.0.1"
@artist = FactoryGirl.create(:artist, :notes => "message")
@masao = FactoryGirl.create(:artist, :name => "masao", :url_string => "http://www.pixiv.net/member.php?id=32777")
@artgerm = FactoryGirl.create(:artist, :name => "artgerm", :url_string => "http://artgerm.deviantart.com/")
end
teardown do
CurrentUser.user = nil
CurrentUser.ip_addr = nil
@admin = create(:admin_user)
@user = create(:user)
as_user do
@artist = create(:artist, notes: "message")
@masao = create(:artist, name: "masao", url_string: "http://www.pixiv.net/member.php?id=32777")
@artgerm = create(:artist, name: "artgerm", url_string: "http://artgerm.deviantart.com/")
end
end
should "get the new page" do
get :new, {}, {:user_id => @user.id}
get_auth new_artist_path, @user
assert_response :success
end
should "get the show_or_new page" do
get :show_or_new, { name: "masao" }, { user_id: @user.id }
should "get the show_or_new page for an existing artist" do
get_auth show_or_new_artists_path(name: "masao"), @user
assert_redirected_to(@masao)
end
get :show_or_new, { name: "nobody" }, { user_id: @user.id }
should "get the show_or_new page for a nonexisting artist" do
get_auth show_or_new_artists_path(name: "nobody"), @user
assert_response :success
end
should "get the edit page" do
get :edit, {:id => @artist.id}, {:user_id => @user.id}
get_auth edit_artist_path(@artist.id), @user
assert_response :success
end
should "get the show page" do
get :show, {:id => @artist.id}
get artist_path(@artist.id)
assert_response :success
end
should "get the show page for a negated tag" do
@artist.update_attribute(:name, "-aaa")
get :show, {:id => @artist.id}
@artist.update(name: "-aaa")
get artist_path(@artist.id)
assert_response :success
end
should "get the banned page" do
get :banned
get banned_artists_path
assert_response :success
end
should "ban an artist" do
CurrentUser.scoped(FactoryGirl.create(:admin_user)) do
put :ban, { id: @artist.id }, { user_id: CurrentUser.id }
end
put_auth ban_artist_path(@artist.id), @admin
assert_redirected_to(@artist)
assert_equal(true, @artist.reload.is_banned)
@artist.reload
assert_equal(true, @artist.is_banned?)
assert_equal(true, TagImplication.exists?(antecedent_name: @artist.name, consequent_name: "banned_artist"))
end
should "unban an artist" do
CurrentUser.scoped(FactoryGirl.create(:admin_user)) do
as_admin do
@artist.ban!
put :unban, { id: @artist.id }, { user_id: CurrentUser.id }
end
put_auth unban_artist_path(@artist.id), @admin
assert_redirected_to(@artist)
assert_equal(false, @artist.reload.is_banned)
@artist.reload
assert_equal(false, @artist.is_banned?)
assert_equal(false, TagImplication.exists?(antecedent_name: @artist.name, consequent_name: "banned_artist"))
end
should "get the index page" do
get :index
get artists_path
assert_response :success
end
context "when searching the index page" do
should "find artists by name" do
get :index, { :name => "masao" }
assert_response :success
assert_equal(1, assigns(:artists).size)
assert_equal("masao", assigns(:artists).first.name)
get artists_path(name: "masao", format: "json")
assert_artist_found("masao")
end
should "find artists by image URL" do
get :index, { :name => "http://i2.pixiv.net/img04/img/syounen_no_uta/46170939_m.jpg" }
assert_response :success
assert_equal(1, assigns(:artists).size)
assert_equal("masao", assigns(:artists).first.name)
get artists_path(name: "http://i2.pixiv.net/img04/img/syounen_no_uta/46170939_m.jpg", format: "json")
assert_artist_found("masao")
end
should "find artists by page URL" do
url = "http://www.pixiv.net/member_illust.php?mode=medium&illust_id=46170939"
get :index, { :name => url }
assert_response :success
assert_equal(1, assigns(:artists).size)
assert_equal("masao", assigns(:artists).first.name)
get artists_path(name: url, format: "json")
assert_artist_found("masao")
end
end
should "create an artist" do
attributes = FactoryBot.attributes_for(:artist)
assert_difference("Artist.count", 1) do
attributes = FactoryGirl.attributes_for(:artist)
attributes.delete(:is_active)
post :create, {:artist => attributes}, {:user_id => @user.id}
post_auth artists_path, @user, params: {artist: attributes}
end
artist = Artist.last
assert_redirected_to(artist_path(artist))
artist = Artist.find_by_name(attributes[:name])
assert_not_nil(artist)
assert_redirected_to(artist_path(artist.id))
end
context "with an artist that has notes" do
setup do
@artist = FactoryGirl.create(:artist, :name => "aaa", :notes => "testing")
as(@admin) do
@artist = create(:artist, name: "aaa", notes: "testing")
end
@wiki_page = @artist.wiki_page
@another_user = FactoryGirl.create(:user)
@another_user = create(:user)
end
should "update an artist" do
old_timestamp = @wiki_page.updated_at
Timecop.travel(1.minute.from_now) do
post :update, {:id => @artist.id, :artist => {:notes => "rex"}}, {:user_id => @user.id}
travel_to(1.minute.from_now) do
put_auth artist_path(@artist.id), @user, params: {artist: {notes: "rex"}}
end
@artist.reload
@wiki_page.reload
@wiki_page = @artist.wiki_page
assert_equal("rex", @artist.notes)
assert_not_equal(old_timestamp, @wiki_page.updated_at)
assert_redirected_to(artist_path(@artist))
assert_redirected_to(artist_path(@artist.id))
end
should "not touch the updater_id and updated_at fields when nothing is changed" do
old_timestamp = @wiki_page.updated_at
old_updater_id = @wiki_page.updater_id
Timecop.travel(1.minutes.from_now) do
CurrentUser.scoped(@another_user) do
@artist.update_attributes(notes: "testing")
travel_to(1.minutes.from_now) do
as(@another_user) do
@artist.update(notes: "testing")
end
end
@wiki_page.reload
@artist.reload
@wiki_page = @artist.wiki_page
assert_equal(old_timestamp.to_i, @wiki_page.updated_at.to_i)
assert_equal(old_updater_id, @wiki_page.updater_id)
end
@@ -166,7 +159,7 @@ class ArtistsControllerTest < ActionController::TestCase
context "when renaming an artist" do
should "automatically rename the artist's wiki page" do
assert_difference("WikiPage.count", 0) do
post :update, {:id => @artist.id, :artist => {:name => "bbb", :notes => "more testing"}}, {:user_id => @user.id}
put_auth artist_path(@artist.id), @user, params: {artist: {name: "bbb", notes: "more testing"}}
end
@wiki_page.reload
assert_equal("bbb", @wiki_page.title)
@@ -174,49 +167,50 @@ class ArtistsControllerTest < ActionController::TestCase
end
should "merge the new notes with the existing wiki page's contents if a wiki page for the new name already exists" do
existing_wiki_page = FactoryGirl.create(:wiki_page, :title => "bbb", :body => "xxx")
post :update, {:id => @artist.id, :artist => {:name => "bbb", :notes => "yyy"}}, {:user_id => @user.id}
existing_wiki_page.reload
assert_equal("bbb", existing_wiki_page.title)
assert_equal("xxx\n\nyyy", existing_wiki_page.body)
as_user do
@existing_wiki_page = create(:wiki_page, title: "bbb", body: "xxx")
end
put_auth artist_path(@artist.id), @user, params: {artist: {name: "bbb", notes: "yyy"}}
@existing_wiki_page.reload
assert_equal("bbb", @existing_wiki_page.title)
assert_equal("xxx\n\nyyy", @existing_wiki_page.body)
end
end
end
should "delete an artist" do
CurrentUser.scoped(FactoryGirl.create(:builder_user)) do
delete :destroy, { id: @artist.id }, { user_id: CurrentUser.id }
end
assert_redirected_to(artist_path(@artist))
assert_equal(false, @artist.reload.is_active)
@builder = create(:builder_user)
delete_auth artist_path(@artist.id), @builder
assert_redirected_to(artist_path(@artist.id))
@artist.reload
assert_equal(false, @artist.is_active)
end
should "undelete an artist" do
CurrentUser.scoped(FactoryGirl.create(:builder_user)) do
put :undelete, { id: @artist.id }, { user_id: CurrentUser.id }
end
assert_redirected_to(artist_path(@artist))
@builder = create(:builder_user)
post_auth undelete_artist_path(@artist.id), @builder
assert_redirected_to(artist_path(@artist.id))
assert_equal(true, @artist.reload.is_active)
end
context "reverting an artist" do
should "work" do
@artist.update_attributes(:name => "xyz")
@artist.update_attributes(:name => "abc")
as_user do
@artist.update(name: "xyz")
@artist.update(name: "abc")
end
version = @artist.versions.first
post :revert, {:id => @artist.id, :version_id => version.id}
put_auth revert_artist_path(@artist.id), @user, params: {version_id: version.id}
end
should "not allow reverting to a previous version of another artist" do
@artist2 = FactoryGirl.create(:artist)
post :revert, { :id => @artist.id, :version_id => @artist2.versions(true).first.id }, {:user_id => @user.id}
as_user do
@artist2 = create(:artist)
end
put_auth artist_path(@artist.id), @user, params: {version_id: @artist2.versions.first.id}
@artist.reload
assert_not_equal(@artist.name, @artist2.name)
assert_response :missing
assert_redirected_to(artist_path(@artist.id))
end
end
@@ -233,14 +227,23 @@ class ArtistsControllerTest < ActionController::TestCase
assert_artist_found("artgerm", "http://fc06.deviantart.net/fs71/f/2014/150/d/c/peachy_princess_by_artgerm-d7k7tmu.jpg")
end
should "find pixiv artists" do
should "find pixiv artists for img##" do
assert_artist_found("masao", "http://i2.pixiv.net/img04/img/syounen_no_uta/46170939.jpg")
end
should "find pixiv artists for img-original" do
assert_artist_found("masao", "http://i2.pixiv.net/img-original/img/2014/09/25/00/57/24/46170939_p0.jpg")
end
should "find pixiv artists for member_illust.php" do
assert_artist_found("masao", "http://www.pixiv.net/member_illust.php?mode=medium&illust_id=46170939")
end
should "not fail for malformed Pixiv URLs" do
should "fail for nonexisting illust ids" do
assert_artist_not_found("http://www.pixiv.net/member_illust.php?mode=medium&illust_id=herpderp")
end
should "fail for malformed urls" do
assert_artist_not_found("http://www.pixiv.net/wharrgarbl")
end