jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Raise error on unpermitted params.

Browse Source 
Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs
This commit is contained in:
r888888888
2018-04-02 10:51:26 -07:00
committed by Albert Yi
parent 01eda51020
commit abce4d2551
362 changed files with 4796 additions and 4799 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
test/functional/moderator/dashboards_controller_test.rb
View File

@@ -1,130 +1,141 @@
require 'test_helper'
module Moderator
class DashboardsControllerTest < ActionController::TestCase
class DashboardsControllerTest < ActionDispatch::IntegrationTest
context "The moderator dashboards controller" do
setup do
@admin = FactoryGirl.create(:admin_user)
CurrentUser.user = @admin
CurrentUser.ip_addr = "127.0.0.1"
travel_to(1.month.ago) do
@user = create(:gold_user)
end
@admin = create(:admin_user)
Danbooru.config.stubs(:member_comment_time_threshold).returns(1.week.from_now)
end
context "show action" do
context "for mod actions" do
setup do
@mod_action = FactoryGirl.create(:mod_action)
as(@admin) do
@mod_action = create(:mod_action)
end
end
should "render" do
assert_equal(1, ModAction.count)
get :show, {}, {:user_id => @admin.id}
get_auth moderator_dashboard_path, @admin
assert_response :success
end
end
context "for user feedbacks" do
setup do
@feedback = FactoryGirl.create(:user_feedback)
as(@user) do
@feedback = create(:user_feedback)
end
end
should "render" do
assert_equal(1, UserFeedback.count)
get :show, {}, {:user_id => @admin.id}
get_auth moderator_dashboard_path, @admin
assert_response :success
end
end
context "for wiki pages" do
setup do
@wiki_page = FactoryGirl.create(:wiki_page)
as(@user) do
@wiki_page = create(:wiki_page)
end
end
should "render" do
assert_equal(1, WikiPageVersion.count)
get :show, {}, {:user_id => @admin.id}
get_auth moderator_dashboard_path, @admin
assert_response :success
end
end
context "for tags and uploads" do
setup do
@post = FactoryGirl.create(:post)
as(@user) do
@post = create(:post)
end
end
should "render" do
assert_equal(1, PostArchive.count)
get :show, {}, {:user_id => @admin.id}
get_auth moderator_dashboard_path, @admin
assert_response :success
end
end
context "for notes"do
setup do
@post = FactoryGirl.create(:post)
@note = FactoryGirl.create(:note, :post_id => @post.id)
as(@user) do
@post = create(:post)
@note = create(:note, :post_id => @post.id)
end
end
should "render" do
assert_equal(1, NoteVersion.count)
get :show, {}, {:user_id => @admin.id}
get_auth moderator_dashboard_path, @admin
assert_response :success
end
end
context "for comments" do
setup do
@users = (0..5).map {FactoryGirl.create(:user)}
@users = (0..5).map {create(:user)}
CurrentUser.scoped(@users[0], "1.2.3.4") do
@comment = FactoryGirl.create(:comment)
CurrentUser.as(@users[0]) do
@comment = create(:comment)
end
@users.each do |user|
CurrentUser.scoped(user, "1.2.3.4") do
CurrentUser.as(user) do
@comment.vote!(-1)
end
end
end
should "render" do
get :show, {}, {:user_id => @admin.id}
get_auth moderator_dashboard_path, @admin
assert_response :success
end
end
context "for artists" do
setup do
@artist = FactoryGirl.create(:artist)
as(@user) do
@artist = create(:artist)
end
end
should "render" do
get :show, {}, {:user_id => @admin.id}
assert_equal(1, ArtistVersion.count)
get_auth moderator_dashboard_path, @admin
assert_response :success
end
end
context "for flags" do
setup do
@post = FactoryGirl.create(:post)
@post.flag!("blah")
as(@user) do
@post = create(:post)
@post.flag!("blah")
end
end
should "render" do
get :show, {}, {:user_id => @admin.id}
get_auth moderator_dashboard_path, @admin
assert_response :success
end
end
context "for appeals" do
setup do
@post = FactoryGirl.create(:post, :is_deleted => true)
@post.appeal!("blah")
as(@user) do
@post = create(:post, :is_deleted => true)
@post.appeal!("blah")
end
end
should "render" do
get :show, {}, {:user_id => @admin.id}
get_auth moderator_dashboard_path, @admin
assert_response :success
end
end

34
test/functional/moderator/invitations_controller_test.rb
View File

@@ -1,34 +0,0 @@
require 'test_helper'
module Moderator
class InvitationsControllerTest < ActionController::TestCase
context "The invitations controller" do
setup do
@mod = FactoryGirl.create(:moderator_user)
CurrentUser.user = @mod
CurrentUser.ip_addr = "127.0.0.1"
@user_1 = FactoryGirl.create(:user)
@user_2 = FactoryGirl.create(:user, :inviter_id => @mod.id)
end
should "render the new page" do
get :new, {:invitation => {:name => @user_1.name}}, {:user_id => @mod.id}
assert_response :success
end
should "create a new invite" do
post :create, {:invitation => {:user_id => @user_1.id, :level => User::Levels::BUILDER, :can_upload_free => "1"}}, {:user_id => @mod.id}
assert_redirected_to(moderator_invitations_path)
@user_1.reload
assert_equal(User::Levels::BUILDER, @user_1.level)
assert_equal(true, @user_1.can_upload_free?)
end
should "list invites" do
get :index, {}, {:user_id => @mod.id}
assert_response :success
end
end
end
end

24
test/functional/moderator/ip_addrs_controller_test.rb
View File

@@ -1,40 +1,38 @@
require 'test_helper'
module Moderator
class IpAddrsControllerTest < ActionController::TestCase
class IpAddrsControllerTest < ActionDispatch::IntegrationTest
context "The ip addrs controller" do
setup do
PoolArchive.delete_all
PostArchive.delete_all
@user = FactoryGirl.create(:moderator_user)
CurrentUser.user = @user
CurrentUser.ip_addr = "127.0.0.1"
FactoryGirl.create(:comment)
end
travel_to(1.month.ago) do
@user = create(:moderator_user)
end
teardown do
CurrentUser.user = nil
CurrentUser.ip_addr = nil
as_user do
create(:comment)
end
end
should "find by ip addr" do
get :index, {:search => {:ip_addr => "127.0.0.1"}}, {:user_id => @user.id}
get_auth moderator_ip_addrs_path, @user, params: {:search => {:ip_addr => "127.0.0.1"}}
assert_response :success
end
should "find by user id" do
get :index, {:search => {:user_id => @user.id.to_s}}, {:user_id => @user.id}
get_auth moderator_ip_addrs_path, @user, params: {:search => {:user_id => @user.id.to_s}}
assert_response :success
end
should "find by user name" do
get :index, {:search => {:user_name => @user.name}}, {:user_id => @user.id}
get_auth moderator_ip_addrs_path, @user, params: {:search => {:user_name => @user.name}}
assert_response :success
end
should "render the search page" do
get :search, {}, {:user_id => @user.id}
get_auth search_moderator_ip_addrs_path, @user
assert_response :success
end
end

13
test/functional/moderator/post/approvals_controller_test.rb
View File

@@ -2,19 +2,18 @@ require 'test_helper'
module Moderator
module Post
class ApprovalsControllerTest < ActionController::TestCase
class ApprovalsControllerTest < ActionDispatch::IntegrationTest
context "The moderator post approvals controller" do
setup do
@admin = FactoryGirl.create(:admin_user)
CurrentUser.user = @admin
CurrentUser.ip_addr = "127.0.0.1"
@post = FactoryGirl.create(:post, :is_pending => true)
@admin = create(:admin_user)
as_admin do
@post = create(:post, :is_pending => true)
end
end
context "create action" do
should "render" do
post :create, {:post_id => @post.id, :format => "js"}, {:user_id => @admin.id}
post_auth moderator_post_approval_path, @admin, params: {:post_id => @post.id, :format => "js"}
assert_response :success
@post.reload
assert(!@post.is_pending?)

13
test/functional/moderator/post/disapprovals_controller_test.rb
View File

@@ -2,20 +2,19 @@ require 'test_helper'
module Moderator
module Post
class DisapprovalsControllerTest < ActionController::TestCase
class DisapprovalsControllerTest < ActionDispatch::IntegrationTest
context "The moderator post disapprovals controller" do
setup do
@admin = FactoryGirl.create(:admin_user)
CurrentUser.user = @admin
CurrentUser.ip_addr = "127.0.0.1"
@post = FactoryGirl.create(:post, :is_pending => true)
@admin = create(:admin_user)
as_user do
@post = create(:post, :is_pending => true)
end
end
context "create action" do
should "render" do
assert_difference("PostDisapproval.count", 1) do
post :create, {:post_id => @post.id, :format => "js"}, {:user_id => @admin.id}
post_auth moderator_post_disapproval_path, @admin, params: { post_disapproval: { post_id: @post.id, reason: "breaks_rules" }, format: "js" }
end
assert_response :success
end

80
test/functional/moderator/post/posts_controller_test.rb
View File

@@ -2,44 +2,47 @@ require 'test_helper'
module Moderator
module Post
class PostsControllerTest < ActionController::TestCase
class PostsControllerTest < ActionDispatch::IntegrationTest
context "The moderator posts controller" do
setup do
@admin = FactoryGirl.create(:admin_user)
CurrentUser.user = @admin
CurrentUser.ip_addr = "127.0.0.1"
@post = FactoryGirl.create(:post)
end
teardown do
CurrentUser.user = nil
CurrentUser.ip_addr = nil
@admin = create(:admin_user)
travel_to(1.month.ago) do
@user = create(:gold_user)
end
as_user do
@post = create(:post)
end
end
context "confirm_delete action" do
should "render" do
get :confirm_delete, { id: @post.id }, { user_id: @admin.id }
get_auth confirm_delete_moderator_post_post_path(@post), @admin
assert_response :success
end
end
context "delete action" do
should "render" do
post :delete, {:id => @post.id, :reason => "xxx", :format => "js", :commit => "Delete"}, {:user_id => @admin.id}
post_auth delete_moderator_post_post_path(@post), @admin, params: {:reason => "xxx", :format => "js", :commit => "Delete"}
assert(@post.reload.is_deleted?)
end
should "work even if the deleter has flagged the post previously" do
PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
post :delete, {:id => @post.id, :reason => "xxx", :format => "js", :commit => "Delete"}, {:user_id => @admin.id}
as_user do
PostFlag.create(:post => @post, :reason => "aaa", :is_resolved => false)
end
post_auth delete_moderator_post_post_path(@post), @admin, params: {:reason => "xxx", :format => "js", :commit => "Delete"}
assert(@post.reload.is_deleted?)
end
end
context "undelete action" do
should "render" do
@post.update(is_deleted: true)
post :undelete, {:id => @post.id, :format => "js"}, {:user_id => @admin.id}
as_user do
@post.update(is_deleted: true)
end
post_auth undelete_moderator_post_post_path(@post), @admin, params: {:format => "js"}
assert_response :success
assert(!@post.reload.is_deleted?)
@@ -48,41 +51,38 @@ module Moderator
context "confirm_move_favorites action" do
should "render" do
get :confirm_move_favorites, { id: @post.id }, { user_id: @admin.id }
get_auth confirm_ban_moderator_post_post_path(@post), @admin
assert_response :success
end
end
context "move_favorites action" do
setup do
@admin = FactoryGirl.create(:admin_user)
CurrentUser.user = @admin
CurrentUser.ip_addr = "127.0.0.1"
@admin = create(:admin_user)
end
teardown do
CurrentUser.user = nil
CurrentUser.ip_addr = nil
end
should "render" do
as_user do
@parent = create(:post)
@child = create(:post, parent: @parent)
end
users = FactoryBot.create_list(:user, 2)
users.each do |u|
@child.add_favorite!(u)
end
should "1234 render" do
parent = FactoryGirl.create(:post)
child = FactoryGirl.create(:post, parent: parent)
users = FactoryGirl.create_list(:user, 2)
users.each { |u| child.add_favorite!(u) }
put :move_favorites, { id: child.id, commit: "Submit" }, { user_id: @admin.id }
CurrentUser.user = @admin
assert_redirected_to(child)
assert_equal(users, parent.reload.favorited_users)
assert_equal([], child.reload.favorited_users)
post_auth move_favorites_moderator_post_post_path(@child.id), @admin, params: { commit: "Submit" }
assert_redirected_to(@child)
as(@admin) do
assert_equal(users, @parent.reload.favorited_users)
assert_equal([], @child.reload.favorited_users)
end
end
end
context "expunge action" do
should "render" do
put :expunge, { id: @post.id, format: "js" }, { user_id: @admin.id }
post_auth expunge_moderator_post_post_path(@post), @admin, params: { format: "js" }
assert_response :success
assert_equal(false, ::Post.exists?(@post.id))
@@ -91,14 +91,14 @@ module Moderator
context "confirm_ban action" do
should "render" do
get :confirm_ban, { id: @post.id }, { user_id: @admin.id }
get_auth confirm_ban_moderator_post_post_path(@post), @admin
assert_response :success
end
end
context "ban action" do
should "render" do
put :ban, { id: @post.id, commit: "Ban", format: "js" }, { user_id: @admin.id }
post_auth ban_moderator_post_post_path(@post), @admin, params: { commit: "Ban", format: "js" }
assert_response :success
assert_equal(true, @post.reload.is_banned?)
@@ -108,7 +108,7 @@ module Moderator
context "unban action" do
should "render" do
@post.ban!
put :unban, { id: @post.id, format: "js" }, { user_id: @admin.id }
post_auth unban_moderator_post_post_path(@post), @admin, params: { format: "js" }
assert_redirected_to(@post)
assert_equal(false, @post.reload.is_banned?)

16
test/functional/moderator/post/queues_controller_test.rb
View File

@@ -2,26 +2,26 @@ require 'test_helper'
module Moderator
module Post
class QueuesControllerTest < ActionController::TestCase
class QueuesControllerTest < ActionDispatch::IntegrationTest
context "The moderator post queues controller" do
setup do
@admin = FactoryGirl.create(:admin_user)
CurrentUser.user = @admin
CurrentUser.ip_addr = "127.0.0.1"
@post = FactoryGirl.create(:post, :is_pending => true)
@admin = create(:admin_user)
@user = create(:user)
as_user do
@post = create(:post, :is_pending => true)
end
end
context "show action" do
should "render" do
get :show, {}, {:user_id => @admin.id}
get_auth moderator_post_queue_path, @admin
assert_response :success
end
end
context "random action" do
should "render" do
get :random, {}, {:user_id => @admin.id}
get_auth moderator_post_queue_path, @admin
assert_response :success
end
end

16
test/functional/moderator/tags_controller_test.rb
View File

@@ -1,27 +1,27 @@
require 'test_helper'
module Moderator
class TagsControllerTest < ActionController::TestCase
class TagsControllerTest < ActionDispatch::IntegrationTest
context "The tags controller" do
setup do
@user = FactoryGirl.create(:moderator_user)
CurrentUser.user = @user
CurrentUser.ip_addr = "127.0.0.1"
@post = FactoryGirl.create(:post)
@user = create(:moderator_user)
as_user do
@post = create(:post)
end
end
should "render the edit action" do
get :edit, {}, {:user_id => @user.id}
get_auth edit_moderator_tag_path, @user
assert_response :success
end
should "execute the update action" do
post :update, {:tag => {:predicate => "aaa", :consequent => "bbb"}}, {:user_id => @user.id}
put_auth moderator_tag_path, @user, params: {:tag => {:predicate => "aaa", :consequent => "bbb"}}
assert_redirected_to edit_moderator_tag_path
end
should "fail gracefully if the update action fails" do
post :update, {:tag => {:predicate => "", :consequent => "bbb"}}, {:user_id => @user.id}
put_auth moderator_tag_path, @user, params: {:tag => {:predicate => "", :consequent => "bbb"}}
assert_redirected_to edit_moderator_tag_path
end
end