jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Raise error on unpermitted params.

Browse Source 
Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs
This commit is contained in:
r888888888
2018-04-02 10:51:26 -07:00
committed by Albert Yi
parent 01eda51020
commit abce4d2551
362 changed files with 4796 additions and 4799 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Gemfile
View File

@@ -2,13 +2,12 @@ source 'https://rubygems.org/'
gem 'dotenv-rails', :require => "dotenv/rails-now"
gem 'protected_attributes'
gem "sass-rails"
gem "sprockets-rails", :require => "sprockets/railtie"
gem "uglifier"
gem "therubyracer", :platforms => :ruby
gem "rails", "~> 4.2.0"
gem "pg", "0.21.0"
gem "rails", "~> 5.1"
gem "pg"
gem "dalli", :platforms => :ruby
gem "memcache-client", :platforms => [:mswin, :mingw, :x64_mingw]
gem "tzinfo-data", :platforms => [:mswin, :mingw, :x64_mingw]
@@ -22,9 +21,9 @@ gem 'ruby-vips'
gem 'net-sftp'
gem 'term-ansicolor', :require => "term/ansicolor"
gem 'diff-lcs', :require => "diff/lcs/array"
gem 'bcrypt-ruby', :require => "bcrypt"
gem 'bcrypt', :require => "bcrypt"
gem 'statistics2'
gem 'capistrano', '~> 3.4.0'
gem 'capistrano', '~> 3.10'
gem 'capistrano-rails'
gem 'capistrano-rbenv'
gem 'radix62', '~> 1.0.1'
@@ -48,6 +47,8 @@ gem 'addressable'
gem 'httparty'
gem 'rakismet'
gem 'recaptcha', require: "recaptcha/rails"
gem 'activemodel-serializers-xml'
gem 'ptools'
# needed for looser jpeg header compat
gem 'ruby-imagespec', :require => "image_spec", :git => "https://github.com/r888888888/ruby-imagespec.git", :branch => "exif-fixes"
@@ -68,16 +69,16 @@ group :development, :test do
gem 'pry-byebug'
gem 'ruby-prof'
gem 'foreman'
gem 'listen'
end
group :test do
gem "shoulda-context"
gem "shoulda-matchers"
gem "factory_girl"
gem "factory_bot"
gem "mocha", :require => "mocha/setup"
gem "ffaker"
gem "simplecov", :require => false
gem "timecop"
gem "webmock"
gem "test_after_commit" # XXX remove me after upgrading to rails 5.
end

294
Gemfile.lock
View File

@@ -9,7 +9,7 @@ GIT
GIT
remote: https://github.com/r888888888/dtext_rb.git
revision: e343c4572e7a72666123984679e6cf90badd473d
revision: 47f238ec378be0933fcd7eccf1904fbd1f8d8613
specs:
dtext_rb (1.7.0)
nokogiri (~> 1.8)
@@ -24,76 +24,82 @@ GIT
GEM
remote: https://rubygems.org/
specs:
actionmailer (4.2.8)
actionpack (= 4.2.8)
actionview (= 4.2.8)
activejob (= 4.2.8)
actioncable (5.1.6)
actionpack (= 5.1.6)
nio4r (~> 2.0)
websocket-driver (~> 0.6.1)
actionmailer (5.1.6)
actionpack (= 5.1.6)
actionview (= 5.1.6)
activejob (= 5.1.6)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.8)
actionview (= 4.2.8)
activesupport (= 4.2.8)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-dom-testing (~> 2.0)
actionpack (5.1.6)
actionview (= 5.1.6)
activesupport (= 5.1.6)
rack (~> 2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (4.2.8)
activesupport (= 4.2.8)
actionview (5.1.6)
activesupport (= 5.1.6)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (4.2.8)
activesupport (= 4.2.8)
globalid (>= 0.3.0)
activemodel (4.2.8)
activesupport (= 4.2.8)
activejob (5.1.6)
activesupport (= 5.1.6)
globalid (>= 0.3.6)
activemodel (5.1.6)
activesupport (= 5.1.6)
activemodel-serializers-xml (1.0.2)
activemodel (> 5.x)
activesupport (> 5.x)
builder (~> 3.1)
activerecord (4.2.8)
activemodel (= 4.2.8)
activesupport (= 4.2.8)
arel (~> 6.0)
activesupport (4.2.8)
i18n (~> 0.7)
activerecord (5.1.6)
activemodel (= 5.1.6)
activesupport (= 5.1.6)
arel (~> 8.0)
activesupport (5.1.6)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
addressable (2.5.2)
public_suffix (>= 2.0.2, < 4.0)
arel (6.0.4)
airbrussh (1.3.0)
sshkit (>= 1.6.1, != 1.7.0)
arel (8.0.0)
awesome_print (1.8.0)
aws-sdk (2.10.122)
aws-sdk-resources (= 2.10.122)
aws-sdk-core (2.10.122)
aws-sdk (2.10.125)
aws-sdk-resources (= 2.10.125)
aws-sdk-core (2.10.125)
aws-sigv4 (~> 1.0)
jmespath (~> 1.0)
aws-sdk-resources (2.10.122)
aws-sdk-core (= 2.10.122)
aws-sdk-resources (2.10.125)
aws-sdk-core (= 2.10.125)
aws-sigv4 (1.0.2)
bcrypt (3.1.11)
bcrypt (3.1.11-x64-mingw32)
bcrypt-ruby (3.1.5)
bcrypt (>= 3.1.3)
bcrypt-ruby (3.1.5-x64-mingw32)
bcrypt (>= 3.1.3)
bootsnap (1.1.8)
msgpack (~> 1.0)
buftok (0.2.0)
builder (3.2.3)
byebug (9.1.0)
capistrano (3.4.0)
byebug (10.0.2)
capistrano (3.10.1)
airbrussh (>= 1.0.0)
i18n
rake (>= 10.0.0)
sshkit (~> 1.3)
capistrano-bundler (1.1.4)
sshkit (>= 1.9.0)
capistrano-bundler (1.3.0)
capistrano (~> 3.1)
sshkit (~> 1.2)
capistrano-deploytags (1.0.4)
capistrano (>= 3.2.0)
capistrano-rails (1.1.3)
capistrano-deploytags (1.0.7)
capistrano (>= 3.7.0)
capistrano-rails (1.3.1)
capistrano (~> 3.1)
capistrano-bundler (~> 1.1)
capistrano-rbenv (2.0.3)
capistrano-rbenv (2.1.3)
capistrano (~> 3.1)
sshkit (~> 1.3)
capistrano3-unicorn (0.2.1)
@@ -121,15 +127,17 @@ GEM
dotenv (= 2.2.1)
railties (>= 3.2, < 5.2)
equalizer (0.0.11)
erubis (2.7.0)
erubi (1.7.1)
execjs (2.7.0)
factory_girl (4.8.0)
factory_bot (4.8.2)
activesupport (>= 3.0.0)
faraday (0.10.1)
faraday (0.12.2)
multipart-post (>= 1.2, < 3)
ffaker (2.8.1)
ffi (1.9.18)
ffi (1.9.18-x64-mingw32)
ffi-win32-extensions (1.0.3)
ffi
foreman (0.63.0)
dotenv (>= 0.7)
thor (>= 0.13.6)
@@ -149,8 +157,8 @@ GEM
mime-types (>= 1.6)
representable (~> 2.3.0)
retriable (~> 2.0)
googleauth (0.5.1)
faraday (~> 0.9)
googleauth (0.5.3)
faraday (~> 0.12)
jwt (~> 1.4)
logging (~> 2.0)
memoist (~> 0.12)
@@ -159,32 +167,35 @@ GEM
signet (~> 0.7)
hashdiff (0.3.7)
highline (1.7.10)
hike (1.2.3)
http (2.2.2)
http (3.0.0)
addressable (~> 2.3)
http-cookie (~> 1.0)
http-form_data (~> 1.0.1)
http-form_data (>= 2.0.0.pre.pre2, < 3)
http_parser.rb (~> 0.6.0)
http-cookie (1.0.3)
domain_name (~> 0.5)
http-form_data (1.0.3)
http-form_data (2.0.0)
http_parser.rb (0.6.0)
httparty (0.15.6)
multi_xml (>= 0.5.2)
httpclient (2.8.3)
hurley (0.2)
i18n (0.9.1)
i18n (1.0.0)
concurrent-ruby (~> 1.0)
jmespath (1.3.1)
json (1.8.6)
json (2.1.0)
jwt (1.5.6)
kgio (2.11.1)
kgio (2.11.2)
libv8 (3.16.14.19)
listen (3.1.5)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
ruby_dep (~> 1.2)
little-plugger (1.1.4)
logging (2.2.2)
little-plugger (~> 1.1)
multi_json (~> 1.10)
loofah (2.1.1)
loofah (2.2.2)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.0)
@@ -205,10 +216,12 @@ GEM
thread_safe (~> 0.3, >= 0.3.1)
metaclass (0.0.4)
method_source (0.9.0)
mime-types (2.99.3)
mime-types (3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2016.0521)
mini_mime (1.0.0)
mini_portile2 (2.3.0)
minitest (5.11.1)
minitest (5.11.3)
mocha (1.3.0)
metaclass (~> 0.0.1)
msgpack (1.2.2)
@@ -224,13 +237,13 @@ GEM
net-sftp (2.1.2)
net-ssh (>= 2.6.5)
net-ssh (4.2.0)
netrc (0.11.0)
newrelic_rpm (4.7.1.340)
nokogiri (1.8.1)
newrelic_rpm (4.8.0.341)
nio4r (2.3.0)
nokogiri (1.8.2)
mini_portile2 (~> 2.3.0)
nokogiri (1.8.1-x64-mingw32)
nokogiri (1.8.2-x64-mingw32)
mini_portile2 (~> 2.3.0)
nokogumbo (1.4.13)
nokogumbo (1.5.0)
nokogiri
ntlm-http (0.1.1)
oauth2 (1.4.0)
@@ -242,50 +255,50 @@ GEM
os (0.9.6)
pg (0.21.0)
pg (0.21.0-x64-mingw32)
protected_attributes (1.1.4)
activemodel (>= 4.0.1, < 5.0)
pry (0.11.3)
coderay (~> 1.1.0)
method_source (~> 0.9.0)
pry-byebug (3.5.1)
byebug (~> 9.1)
pry-byebug (3.6.0)
byebug (~> 10.0)
pry (~> 0.10)
ptools (1.3.5)
ptools (1.3.5-universal-mingw32)
win32-file (>= 0.7.0)
public_suffix (3.0.1)
rack (1.6.8)
rack-test (0.6.3)
rack (>= 1.0)
rack (2.0.4)
rack-test (1.0.0)
rack (>= 1.0, < 3)
radix62 (1.0.1)
rails (4.2.8)
actionmailer (= 4.2.8)
actionpack (= 4.2.8)
actionview (= 4.2.8)
activejob (= 4.2.8)
activemodel (= 4.2.8)
activerecord (= 4.2.8)
activesupport (= 4.2.8)
bundler (>= 1.3.0, < 2.0)
railties (= 4.2.8)
sprockets-rails
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
rails-dom-testing (1.0.9)
activesupport (>= 4.2.0, < 5.0)
nokogiri (~> 1.6)
rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.0.3)
loofah (~> 2.0)
railties (4.2.8)
actionpack (= 4.2.8)
activesupport (= 4.2.8)
rails (5.1.6)
actioncable (= 5.1.6)
actionmailer (= 5.1.6)
actionpack (= 5.1.6)
actionview (= 5.1.6)
activejob (= 5.1.6)
activemodel (= 5.1.6)
activerecord (= 5.1.6)
activesupport (= 5.1.6)
bundler (>= 1.3.0)
railties (= 5.1.6)
sprockets-rails (>= 2.0.0)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.0.4)
loofah (~> 2.2, >= 2.2.2)
railties (5.1.6)
actionpack (= 5.1.6)
activesupport (= 5.1.6)
method_source
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
raindrops (0.19.0)
rake (12.3.0)
rake (12.3.1)
rakismet (1.5.4)
rb-fsevent (0.10.2)
rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2)
recaptcha (4.6.3)
recaptcha (4.6.4)
json
ref (2.0.0)
representable (2.3.0)
@@ -293,25 +306,17 @@ GEM
responders (2.4.0)
actionpack (>= 4.2.0, < 5.3)
railties (>= 4.2.0, < 5.3)
rest-client (1.8.0)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 3.0)
netrc (~> 0.7)
rest-client (1.8.0-x64-mingw32)
ffi (~> 1.9)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 3.0)
netrc (~> 0.7)
retriable (2.1.0)
ruby-prof (0.17.0)
ruby-vips (2.0.9)
ffi (~> 1.9)
ruby_dep (1.5.0)
rubyzip (1.2.1)
safe_yaml (1.0.4)
sanitize (4.5.0)
sanitize (4.6.0)
crass (~> 1.0.2)
nokogiri (>= 1.4.4)
nokogumbo (~> 1.4.1)
nokogumbo (~> 1.4)
sass (3.5.5)
sass-listen (~> 4.0.0)
sass-listen (4.0.0)
@@ -340,52 +345,48 @@ GEM
json (>= 1.8, < 3)
simplecov-html (~> 0.10.0)
simplecov-html (0.10.2)
sprockets (2.12.4)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.3.3)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0)
sprockets (3.7.1)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.1)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
sshkit (1.15.1)
net-scp (>= 1.1.2)
net-ssh (>= 2.8.0)
statistics2 (0.54)
streamio-ffmpeg (3.0.2)
multi_json (~> 1.8)
stripe (1.25.0)
json (~> 1.8.1)
rest-client (~> 1.4)
stripe (3.9.1)
faraday (~> 0.10)
term-ansicolor (1.6.0)
tins (~> 1.0)
test_after_commit (1.1.0)
activerecord (>= 3.2)
therubyracer (0.12.3)
libv8 (~> 3.16.14.15)
ref
thor (0.20.0)
thread_safe (0.3.6)
tilt (1.4.1)
tilt (2.0.8)
timecop (0.9.1)
tins (1.16.3)
twitter (6.0.0)
addressable (~> 2.5)
twitter (6.2.0)
addressable (~> 2.3)
buftok (~> 0.2.0)
equalizer (= 0.0.11)
faraday (~> 0.10.0)
http (~> 2.1)
equalizer (~> 0.0.11)
http (~> 3.0)
http-form_data (~> 2.0)
http_parser.rb (~> 0.6.0)
memoizable (~> 0.4.2)
naught (~> 1.1)
simple_oauth (~> 0.3.1)
tzinfo (1.2.4)
memoizable (~> 0.4.0)
multipart-post (~> 2.0)
naught (~> 1.0)
simple_oauth (~> 0.3.0)
tzinfo (1.2.5)
thread_safe (~> 0.1)
tzinfo-data (1.2017.3)
tzinfo-data (1.2018.3)
tzinfo (>= 1.0.0)
uber (0.0.15)
uglifier (4.1.3)
uglifier (4.1.5)
execjs (>= 0.3.0, < 3)
unf (0.1.4)
unf_ext
@@ -402,8 +403,18 @@ GEM
crack (>= 0.3.2)
hashdiff
webrobots (0.1.2)
websocket-driver (0.6.5)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.3)
whenever (0.10.0)
chronic (>= 0.6.3)
win32-file (0.8.1)
ffi
ffi-win32-extensions
win32-file-stat (>= 1.4.0)
win32-file-stat (1.5.5)
ffi
ffi-win32-extensions
win32console (1.3.2)
PLATFORMS
@@ -411,13 +422,14 @@ PLATFORMS
x64-mingw32
DEPENDENCIES
activemodel-serializers-xml
addressable
awesome_print
aws-sdk (~> 2)
bcrypt-ruby
bcrypt
bigquery!
bootsnap
capistrano (~> 3.4.0)
capistrano (~> 3.10)
capistrano-deploytags (~> 1.0.0)
capistrano-rails
capistrano-rbenv
@@ -430,12 +442,13 @@ DEPENDENCIES
diff-lcs
dotenv-rails
dtext_rb!
factory_girl
factory_bot
ffaker
foreman
google-api-client
highline
httparty
listen
mechanize
memcache-client
memcache_mock
@@ -444,11 +457,11 @@ DEPENDENCIES
net-sftp
newrelic_rpm
oauth2
pg (= 0.21.0)
protected_attributes
pg
pry-byebug
ptools
radix62 (~> 1.0.1)
rails (~> 4.2.0)
rails (~> 5.1)
rakismet
recaptcha
responders
@@ -467,7 +480,6 @@ DEPENDENCIES
streamio-ffmpeg
stripe
term-ansicolor
test_after_commit
therubyracer
timecop
twitter

14
app/assets/javascripts/mod_queue.js
View File

@@ -56,23 +56,17 @@
}
Danbooru.ModQueue.detailed_rejection_dialog = function() {
$("#post_id").val($(this).data("post-id"));
$("#post_disapproval_post_id").val($(this).data("post-id"));
$("#detailed-rejection-dialog").dialog({
width: 500,
buttons: {
"Submit": function() {
var data = $("#detailed-rejection-form").serialize();
$.ajax({
type: "POST",
url: $("#detailed-rejection-form").attr("action"),
data: data,
dataType: "script"
});
$("#detailed-rejection-dialog").dialog("close");
$(this).find("form").submit();
$(this).dialog("close");
},
"Cancel": function() {
$("#detailed-rejection-dialog").dialog("close");
$(this).dialog("close");
}
}
});

2
app/assets/javascripts/posts.js
View File

@@ -628,6 +628,8 @@
});
$("#save-search").click(function(e) {
$("#save-search-dialog #saved_search_query").val($("#tags").val());
if (Danbooru.meta("disable-labeled-saved-searches") === "false") {
$("#save-search-dialog").dialog("open");
} else {

2
app/controllers/admin/alias_and_implication_imports_controller.rb
View File

@@ -1,6 +1,6 @@
module Admin
class AliasAndImplicationImportsController < ApplicationController
before_filter :admin_only
before_action :admin_only
def new
end

2
app/controllers/admin/users_controller.rb
View File

@@ -1,6 +1,6 @@
module Admin
class UsersController < ApplicationController
before_filter :moderator_only
before_action :moderator_only
def edit
@user = User.find(params[:id])

34
app/controllers/application_controller.rb
View File

@@ -1,25 +1,26 @@
class ApplicationController < ActionController::Base
protect_from_forgery
helper :pagination
before_filter :reset_current_user
before_filter :set_current_user
after_filter :reset_current_user
before_filter :set_title
before_filter :normalize_search
before_filter :set_started_at_session
before_filter :api_check
before_filter :set_safe_mode
# before_filter :secure_cookies_check
before_action :reset_current_user
before_action :set_current_user
after_action :reset_current_user
before_action :set_title
before_action :normalize_search
before_action :set_started_at_session
before_action :api_check
before_action :set_safe_mode
# before_action :secure_cookies_check
layout "default"
force_ssl :if => :ssl_login?
helper_method :show_moderation_notice?
before_filter :enable_cors
before_action :enable_cors
rescue_from Exception, :with => :rescue_exception
rescue_from User::PrivilegeError, :with => :access_denied
rescue_from SessionLoader::AuthenticationFailure, :with => :authentication_failed
rescue_from Danbooru::Paginator::PaginationError, :with => :render_pagination_limit
rescue_from PG::ConnectionBad, with: :bad_db_connection
rescue_from ActionController::UnpermittedParameters, :with => :access_denied
# This is raised on requests to `/blah.js`. Rails has already rendered StaticController#not_found
# here, so calling `rescue_exception` would cause a double render error.
@@ -93,6 +94,13 @@ class ApplicationController < ActionController::Base
def rescue_exception(exception)
@exception = exception
if Rails.env.test? && ENV["DEBUG"]
puts "---"
STDERR.puts("#{exception.class} exception thrown: #{exception.message}")
exception.backtrace.each {|x| STDERR.puts(x)}
puts "---"
end
if exception.is_a?(::ActiveRecord::StatementInvalid) && exception.to_s =~ /statement timeout/
if Rails.env.production?
NewRelic::Agent.notice_error(exception, :uri => request.original_url, :referer => request.referer, :request_params => params, :custom_params => {:user_id => CurrentUser.user.id, :user_ip_addr => CurrentUser.ip_addr})
@@ -159,7 +167,7 @@ class ApplicationController < ActionController::Base
render :json => {:success => false, :reason => "access denied"}.to_json, :status => 403
end
fmt.js do
render :nothing => true, :status => 403
render js: "", :status => 403
end
end
end
@@ -212,6 +220,10 @@ class ApplicationController < ActionController::Base
end
end
def search_params
params.fetch(:search, {}).permit!
end
def set_safe_mode
CurrentUser.set_safe_mode(request)
end

25
app/controllers/artist_commentaries_controller.rb
View File

@@ -1,9 +1,9 @@
class ArtistCommentariesController < ApplicationController
respond_to :html, :xml, :json, :js
before_filter :member_only, :except => [:index, :show]
before_action :member_only, :except => [:index, :show]
def index
@commentaries = ArtistCommentary.search(params[:search]).paginate(params[:page], :limit => params[:limit])
@commentaries = ArtistCommentary.search(search_params).paginate(params[:page], :limit => params[:limit])
respond_with(@commentaries) do |format|
format.xml do
render :xml => @commentaries.to_xml(:root => "artist-commentaries")
@@ -24,14 +24,8 @@ class ArtistCommentariesController < ApplicationController
end
def create_or_update
@artist_commentary = ArtistCommentary.find_by_post_id(params[:artist_commentary][:post_id])
if @artist_commentary
@artist_commentary.update_attributes(params[:artist_commentary])
else
@artist_commentary = ArtistCommentary.create(params[:artist_commentary])
end
@artist_commentary = ArtistCommentary.find_or_initialize_by(post_id: params.dig(:artist_commentary, :post_id))
@artist_commentary.update(commentary_params)
respond_with(@artist_commentary)
end
@@ -39,6 +33,15 @@ class ArtistCommentariesController < ApplicationController
@artist_commentary = ArtistCommentary.find_by_post_id!(params[:id])
@version = @artist_commentary.versions.find(params[:version_id])
@artist_commentary.revert_to!(@version)
respond_with(@artist_commentary)
end
private
def commentary_params
params.fetch(:artist_commentary, {}).except(:post_id).permit(%i[
original_description original_title translated_description translated_title
remove_commentary_tag remove_commentary_request_tag remove_commentary_check_tag
add_commentary_tag add_commentary_request_tag add_commentary_check_tag
])
end
end

2
app/controllers/artist_commentary_versions_controller.rb
View File

@@ -2,7 +2,7 @@ class ArtistCommentaryVersionsController < ApplicationController
respond_to :html, :xml, :json
def index
@commentary_versions = ArtistCommentaryVersion.search(params[:search]).paginate(params[:page], :limit => params[:limit])
@commentary_versions = ArtistCommentaryVersion.search(search_params).paginate(params[:page], :limit => params[:limit])
respond_with(@commentary_versions) do |format|
format.xml do
render :xml => @commentary_versions.to_xml(:root => "artist-commentary-versions")

5
app/controllers/artist_versions_controller.rb
View File

@@ -1,13 +1,14 @@
class ArtistVersionsController < ApplicationController
before_filter :member_only
before_action :member_only
respond_to :html, :xml, :json
def index
@artist_versions = ArtistVersion.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@artist_versions = ArtistVersion.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@artist_versions) do |format|
format.xml do
render :xml => @artist_versions.to_xml(:root => "artist-versions")
end
end
end
end

28
app/controllers/artists_controller.rb
View File

@@ -1,12 +1,12 @@
class ArtistsController < ApplicationController
respond_to :html, :xml, :json
before_filter :member_only, :except => [:index, :show, :show_or_new, :banned]
before_filter :builder_only, :only => [:destroy]
before_filter :admin_only, :only => [:ban, :unban]
before_filter :load_artist, :only => [:ban, :unban, :show, :edit, :update, :destroy, :undelete]
before_action :member_only, :except => [:index, :show, :show_or_new, :banned]
before_action :builder_only, :only => [:destroy]
before_action :admin_only, :only => [:ban, :unban]
before_action :load_artist, :only => [:ban, :unban, :show, :edit, :update, :destroy, :undelete]
def new
@artist = Artist.new_with_defaults(params)
@artist = Artist.new_with_defaults(artist_params)
respond_with(@artist)
end
@@ -37,7 +37,6 @@ class ArtistsController < ApplicationController
end
def index
search_params = params[:search].present? ? params[:search] : params
@artists = Artist.includes(:urls).search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@artists) do |format|
format.xml do
@@ -56,12 +55,12 @@ class ArtistsController < ApplicationController
end
def create
@artist = Artist.create(params[:artist], :as => CurrentUser.role)
@artist = Artist.create(artist_params)
respond_with(@artist)
end
def update
@artist.update(params[:artist], :as => CurrentUser.role)
@artist.update(artist_params)
flash[:notice] = @artist.valid? ? "Artist updated" : @artist.errors.full_messages.join("; ")
respond_with(@artist)
end
@@ -118,4 +117,17 @@ private
def load_artist
@artist = Artist.find(params[:id])
end
def search_params
sp = params.fetch(:search, {})
sp[:name] = params[:name] if params[:name]
sp.permit!
end
def artist_params
permitted_params = %i[name other_names other_names_comma group_name url_string notes]
permitted_params << :is_active if CurrentUser.is_builder?
params.fetch(:artist, {}).permit(permitted_params)
end
end

18
app/controllers/bans_controller.rb
View File

@@ -1,6 +1,7 @@
class BansController < ApplicationController
before_filter :moderator_only, :except => [:show, :index]
before_action :moderator_only, :except => [:show, :index]
respond_to :html, :xml, :json
helper_method :search_params
def new
@ban = Ban.new(params[:ban])
@@ -11,7 +12,7 @@ class BansController < ApplicationController
end
def index
@bans = Ban.search(params[:search]).paginate(params[:page], :limit => params[:limit])
@bans = Ban.search(search_params).paginate(params[:page], :limit => params[:limit])
respond_with(@bans) do |fmt|
fmt.html { @bans = @bans.includes(:user, :banner) }
end
@@ -23,7 +24,7 @@ class BansController < ApplicationController
end
def create
@ban = Ban.create(params[:ban])
@ban = Ban.create(ban_params(:create))
if @ban.errors.any?
render :action => "new"
@@ -34,7 +35,7 @@ class BansController < ApplicationController
def update
@ban = Ban.find(params[:id])
if @ban.update_attributes(params[:ban])
if @ban.update(ban_params(:update))
redirect_to ban_path(@ban), :notice => "Ban updated"
else
render :action => "edit"
@@ -46,4 +47,13 @@ class BansController < ApplicationController
@ban.destroy
redirect_to bans_path, :notice => "Ban destroyed"
end
private
def ban_params(context)
permitted_params = %i[reason duration expires_at]
permitted_params += %i[user_id user_name] if context == :create
params.require(:ban).permit(permitted_params)
end
end

8
app/controllers/bulk_update_requests_controller.rb
View File

@@ -1,8 +1,8 @@
class BulkUpdateRequestsController < ApplicationController
respond_to :html, :xml, :json, :js
before_filter :member_only, :except => [:index, :show]
before_filter :admin_only, :only => [:approve]
before_filter :load_bulk_update_request, :except => [:new, :create, :index]
before_action :member_only, :except => [:index, :show]
before_action :admin_only, :only => [:approve]
before_action :load_bulk_update_request, :except => [:new, :create, :index]
def new
@bulk_update_request = BulkUpdateRequest.new
@@ -47,7 +47,7 @@ class BulkUpdateRequestsController < ApplicationController
end
def index
@bulk_update_requests = BulkUpdateRequest.search(params[:search]).paginate(params[:page], :limit => params[:limit])
@bulk_update_requests = BulkUpdateRequest.search(search_params).paginate(params[:page], :limit => params[:limit])
respond_with(@bulk_update_requests)
end

4
app/controllers/comment_votes_controller.rb
View File

@@ -1,7 +1,7 @@
class CommentVotesController < ApplicationController
respond_to :js, :json, :xml
before_filter :member_only
skip_before_filter :api_check
before_action :member_only
skip_before_action :api_check
def create
@comment = Comment.find(params[:comment_id])

29
app/controllers/comments_controller.rb
View File

@@ -1,12 +1,12 @@
class CommentsController < ApplicationController
respond_to :html, :xml, :json
before_filter :member_only, :except => [:index, :search, :show]
skip_before_filter :api_check
before_action :member_only, :except => [:index, :search, :show]
skip_before_action :api_check
def index
if params[:group_by] == "comment" || request.format == Mime::ATOM
if params[:group_by] == "comment" || request.format == Mime::Type.lookup("application/atom+xml")
index_by_comment
elsif request.format == Mime::JS
elsif request.format == Mime::Type.lookup("text/javascript")
index_for_post
else
index_by_post
@@ -23,15 +23,17 @@ class CommentsController < ApplicationController
def update
@comment = Comment.find(params[:id])
check_privilege(@comment)
@comment.update(update_params, :as => CurrentUser.role)
@comment.update(comment_params(:update))
respond_with(@comment, :location => post_path(@comment.post_id))
end
def create
@comment = Comment.create(create_params, :as => CurrentUser.role)
@comment = Comment.create(comment_params(:create))
respond_with(@comment) do |format|
format.html do
if @comment.errors.any?
if @comment.post.nil?
redirect_to comments_path, notice: @comment.errors.full_messages.join("; ")
elsif @comment.errors.any?
redirect_to post_path(@comment.post), :notice => @comment.errors.full_messages.join("; ")
else
redirect_to post_path(@comment.post), :notice => "Comment posted"
@@ -88,7 +90,7 @@ private
end
def index_by_comment
@comments = Comment.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@comments = Comment.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@comments) do |format|
format.atom do
@comments = @comments.includes(:post, :creator).load
@@ -105,11 +107,12 @@ private
end
end
def create_params
params.require(:comment).permit(:post_id, :body, :do_not_bump_post, :is_sticky)
end
def comment_params(context)
permitted_params = %i[body]
permitted_params += %i[post_id do_not_bump_post] if context == :create
permitted_params += %i[is_deleted] if context == :update
permitted_params += %i[is_sticky] if CurrentUser.is_moderator?
def update_params
params.require(:comment).permit(:body, :is_deleted, :is_sticky)
params.require(:comment).permit(permitted_params)
end
end

4
app/controllers/delayed_jobs_controller.rb
View File

@@ -1,6 +1,6 @@
class DelayedJobsController < ApplicationController
respond_to :html, :xml, :json, :js
before_filter :admin_only, except: [:index]
before_action :admin_only, except: [:index]
def index
@delayed_jobs = Delayed::Job.order("run_at asc").paginate(params[:page], :limit => params[:limit])
@@ -18,7 +18,7 @@ class DelayedJobsController < ApplicationController
def retry
@job = Delayed::Job.find(params[:id])
if !@job.locked_at?
@job.update({failed_at: nil, attempts: 0}, without_protection: true)
@job.update(failed_at: nil, attempts: 0)
end
respond_with(@job)
end

6
app/controllers/dmails_controller.rb
View File

@@ -1,7 +1,7 @@
class DmailsController < ApplicationController
respond_to :html, :xml, :json
before_filter :member_only, except: [:index, :show, :destroy, :mark_all_as_read]
before_filter :gold_only, only: [:ham, :spam]
before_action :member_only, except: [:index, :show, :destroy, :mark_all_as_read]
before_action :gold_only, only: [:ham, :spam]
def new
if params[:respond_to_id]
@@ -19,7 +19,7 @@ class DmailsController < ApplicationController
if params[:folder] && params[:set_default_folder]
cookies.permanent[:dmail_folder] = params[:folder]
end
@query = Dmail.active.visible.search(params[:search])
@query = Dmail.active.visible.search(search_params)
@dmails = @query.paginate(params[:page], :limit => params[:limit])
respond_with(@dmails) do |format|
format.xml do

2
app/controllers/explore/posts_controller.rb
View File

@@ -1,7 +1,7 @@
module Explore
class PostsController < ApplicationController
respond_to :html, :xml, :json
before_filter :set_date, only: [:searches, :viewed]
before_action :set_date, only: [:searches, :viewed]
def popular
@post_set = PostSets::Popular.new(params[:date], params[:scale])

2
app/controllers/favorite_group_orders_controller.rb
View File

@@ -1,6 +1,6 @@
class FavoriteGroupOrdersController < ApplicationController
respond_to :html, :xml, :json, :js
before_filter :member_only
before_action :member_only
def edit
@favorite_group = FavoriteGroup.find(params[:favorite_group_id])

15
app/controllers/favorite_groups_controller.rb
View File

@@ -1,9 +1,9 @@
class FavoriteGroupsController < ApplicationController
before_filter :member_only, :except => [:index, :show]
before_action :member_only, :except => [:index, :show]
respond_to :html, :xml, :json, :js
def index
@favorite_groups = FavoriteGroup.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@favorite_groups = FavoriteGroup.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@favorite_groups) do |format|
format.xml do
render :xml => @favorite_groups.to_xml(:root => "favorite-groups")
@@ -24,7 +24,7 @@ class FavoriteGroupsController < ApplicationController
end
def create
@favorite_group = FavoriteGroup.create(params[:favorite_group])
@favorite_group = FavoriteGroup.create(favgroup_params)
respond_with(@favorite_group) do |format|
format.html do
if @favorite_group.errors.any?
@@ -45,7 +45,7 @@ class FavoriteGroupsController < ApplicationController
def update
@favorite_group = FavoriteGroup.find(params[:id])
check_write_privilege(@favorite_group)
@favorite_group.update_attributes(params[:favorite_group])
@favorite_group.update(favgroup_params)
unless @favorite_group.errors.any?
flash[:notice] = "Favorite group updated"
end
@@ -67,7 +67,8 @@ class FavoriteGroupsController < ApplicationController
@favorite_group.add!(@post.id)
end
private
private
def check_write_privilege(favgroup)
raise User::PrivilegeError unless favgroup.editable_by?(CurrentUser.user)
end
@@ -75,4 +76,8 @@ private
def check_read_privilege(favgroup)
raise User::PrivilegeError unless favgroup.viewable_by?(CurrentUser.user)
end
def favgroup_params
params.fetch(:favorite_group, {}).permit(%i[name post_ids is_public])
end
end

4
app/controllers/favorites_controller.rb
View File

@@ -1,7 +1,7 @@
class FavoritesController < ApplicationController
before_filter :member_only, except: [:index]
before_action :member_only, except: [:index]
respond_to :html, :xml, :json
skip_before_filter :api_check
skip_before_action :api_check
def index
if params[:tags]

25
app/controllers/forum_posts_controller.rb
View File

@@ -1,9 +1,9 @@
class ForumPostsController < ApplicationController
respond_to :html, :xml, :json, :js
before_filter :member_only, :except => [:index, :show, :search]
before_filter :load_post, :only => [:edit, :show, :update, :destroy, :undelete]
before_filter :check_min_level, :only => [:edit, :show, :update, :destroy, :undelete]
skip_before_filter :api_check
before_action :member_only, :except => [:index, :show, :search]
before_action :load_post, :only => [:edit, :show, :update, :destroy, :undelete]
before_action :check_min_level, :only => [:edit, :show, :update, :destroy, :undelete]
skip_before_action :api_check
def new
if params[:topic_id]
@@ -24,7 +24,7 @@ class ForumPostsController < ApplicationController
end
def index
@query = ForumPost.search(params[:search])
@query = ForumPost.search(search_params)
@forum_posts = @query.includes(:topic).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@forum_posts) do |format|
format.xml do
@@ -45,14 +45,14 @@ class ForumPostsController < ApplicationController
end
def create
@forum_post = ForumPost.create(params[:forum_post])
@forum_post = ForumPost.create(forum_post_params(:create))
page = @forum_post.topic.last_page if @forum_post.topic.last_page > 1
respond_with(@forum_post, :location => forum_topic_path(@forum_post.topic, :page => page))
end
def update
check_privilege(@forum_post)
@forum_post.update_attributes(params[:forum_post])
@forum_post.update(forum_post_params(:update))
page = @forum_post.forum_topic_page if @forum_post.forum_topic_page > 1
respond_with(@forum_post, :location => forum_topic_path(@forum_post.topic, :page => page, :anchor => "forum_post_#{@forum_post.id}"))
end
@@ -84,11 +84,11 @@ private
end
fmt.json do
render :nothing => true, :status => 403
render json: nil, :status => 403
end
fmt.xml do
render :nothing => true, :status => 403
render xml: nil, :status => 403
end
end
@@ -101,4 +101,11 @@ private
raise User::PrivilegeError
end
end
def forum_post_params(context)
permitted_params = [:body]
permitted_params += [:topic_id] if context == :create
params.require(:forum_post).permit(permitted_params)
end
end

33
app/controllers/forum_topics_controller.rb
View File

@@ -1,11 +1,11 @@
class ForumTopicsController < ApplicationController
respond_to :html, :xml, :json
before_filter :member_only, :except => [:index, :show]
before_filter :moderator_only, :only => [:new_merge, :create_merge]
before_filter :normalize_search, :only => :index
before_filter :load_topic, :only => [:edit, :show, :update, :destroy, :undelete, :new_merge, :create_merge, :subscribe, :unsubscribe]
before_filter :check_min_level, :only => [:show, :edit, :update, :new_merge, :create_merge, :destroy, :undelete, :subscribe, :unsubscribe]
skip_before_filter :api_check
before_action :member_only, :except => [:index, :show]
before_action :moderator_only, :only => [:new_merge, :create_merge]
before_action :normalize_search, :only => :index
before_action :load_topic, :only => [:edit, :show, :update, :destroy, :undelete, :new_merge, :create_merge, :subscribe, :unsubscribe]
before_action :check_min_level, :only => [:show, :edit, :update, :new_merge, :create_merge, :destroy, :undelete, :subscribe, :unsubscribe]
skip_before_action :api_check
def new
@forum_topic = ForumTopic.new
@@ -20,9 +20,9 @@ class ForumTopicsController < ApplicationController
def index
params[:search] ||= {}
params[:search][:order] ||= "sticky" if request.format == Mime::HTML
params[:search][:order] ||= "sticky" if request.format == Mime::Type.lookup("text/html")
@query = ForumTopic.active.search(params[:search])
@query = ForumTopic.active.search(search_params)
@forum_topics = @query.paginate(params[:page], :limit => per_page, :search_count => params[:search])
respond_with(@forum_topics) do |format|
@@ -42,7 +42,7 @@ class ForumTopicsController < ApplicationController
end
def show
if request.format == Mime::HTML
if request.format == Mime::Type.lookup("text/html")
@forum_topic.mark_as_read!(CurrentUser.user)
end
@forum_posts = ForumPost.search(:topic_id => @forum_topic.id).reorder("forum_posts.id").paginate(params[:page])
@@ -54,13 +54,13 @@ class ForumTopicsController < ApplicationController
end
def create
@forum_topic = ForumTopic.create(params[:forum_topic], :as => CurrentUser.role)
@forum_topic = ForumTopic.create(forum_topic_params(:create))
respond_with(@forum_topic)
end
def update
check_privilege(@forum_topic)
@forum_topic.update_attributes(params[:forum_topic], :as => CurrentUser.role)
@forum_topic.update(forum_topic_params(:update))
respond_with(@forum_topic)
end
@@ -147,15 +147,22 @@ private
end
fmt.json do
render :nothing => true, :status => 403
render json: nil, :status => 403
end
fmt.xml do
render :nothing => true, :status => 403
render xml: nil, :status => 403
end
end
return false
end
end
def forum_topic_params(context)
permitted_params = [:title, :category_id, { original_post_attributes: %i[id body] }]
permitted_params += %i[is_sticky is_locked min_level] if CurrentUser.is_moderator?
params.require(:forum_topic).permit(permitted_params)
end
end

18
app/controllers/ip_bans_controller.rb
View File

@@ -1,18 +1,18 @@
class IpBansController < ApplicationController
respond_to :html, :xml, :json
before_filter :moderator_only
respond_to :html, :xml, :json, :js
before_action :moderator_only
def new
@ip_ban = IpBan.new
end
def create
@ip_ban = IpBan.create(params[:ip_ban])
@ip_ban = IpBan.create(ip_ban_params)
respond_with(@ip_ban, :location => ip_bans_path)
end
def index
@search = IpBan.search(params[:search])
@search = IpBan.search(search_params)
@ip_bans = @search.paginate(params[:page], :limit => params[:limit])
respond_with(@ip_bans)
end
@@ -22,4 +22,14 @@ class IpBansController < ApplicationController
@ip_ban.destroy
respond_with(@ip_ban)
end
private
def ip_ban_params
params.fetch(:ip_ban, {}).permit(%i[ip_addr reason])
end
def search_params
params.fetch(:search, {}).permit(%i[ip_addr order])
end
end

2
app/controllers/iqdb_queries_controller.rb
View File

@@ -15,7 +15,7 @@ class IqdbQueriesController < ApplicationController
fmt.js { render :layout => false, :action => "create_by_post" }
end
else
render :nothing => true, :status => 422
render plain: "", :status => 422
end
end

12
app/controllers/janitor_trials_controller.rb
View File

@@ -1,6 +1,6 @@
class JanitorTrialsController < ApplicationController
respond_to :html, :xml, :json
before_filter :moderator_only, :only => [:create, :promote, :demote]
before_action :moderator_only, :only => [:create, :promote, :demote]
def new
@janitor_trial = JanitorTrial.new
@@ -13,12 +13,12 @@ class JanitorTrialsController < ApplicationController
end
def index
@janitor_trials = JanitorTrial.search(params[:search]).paginate(params[:page], :limit => params[:limit])
@janitor_trials = JanitorTrial.search(search_params).paginate(params[:page], :limit => params[:limit])
respond_with(@janitor_trials)
end
def create
@janitor_trial = JanitorTrial.create(params[:janitor_trial])
@janitor_trial = JanitorTrial.create(janitor_trial_params)
respond_with(@janitor_trial, :location => janitor_trials_path)
end
@@ -41,4 +41,10 @@ class JanitorTrialsController < ApplicationController
def test
@tester = JanitorTrialTester.new(params[:janitor_trial][:user_name])
end
private
def janitor_trial_params
params.require(:janitor_trial).permit(%i[user_id user_name])
end
end

4
app/controllers/legacy_controller.rb
View File

@@ -1,5 +1,5 @@
class LegacyController < ApplicationController
before_filter :member_only, :only => [:create_post]
before_action :member_only, :only => [:create_post]
respond_to :json, :xml
def posts
@@ -40,7 +40,7 @@ class LegacyController < ApplicationController
end
def artists
@artists = Artist.limit(100).search(params[:search]).paginate(params[:page])
@artists = Artist.limit(100).search(search_params).paginate(params[:page])
end
def unavailable

4
app/controllers/maintenance/user/api_keys_controller.rb
View File

@@ -1,8 +1,8 @@
module Maintenance
module User
class ApiKeysController < ApplicationController
before_filter :check_privilege
before_filter :authenticate!, :except => [:show]
before_action :check_privilege
before_action :authenticate!, :except => [:show]
rescue_from ::SessionLoader::AuthenticationFailure, :with => :authentication_failed
respond_to :html, :json, :xml

10
app/controllers/maintenance/user/dmail_filters_controller.rb
View File

@@ -1,7 +1,7 @@
module Maintenance
module User
class DmailFiltersController < ApplicationController
before_filter :ensure_ownership
before_action :ensure_ownership
respond_to :html, :json, :xml
def edit
@@ -10,12 +10,12 @@ module Maintenance
def update
@dmail_filter = CurrentUser.dmail_filter || DmailFilter.new
@dmail_filter.update(params.require(:dmail_filter).permit(:words), :as => CurrentUser.role)
@dmail_filter.update(dmail_filter_params)
flash[:notice] = "Filter updated"
respond_with(@dmail)
end
private
private
def ensure_ownership
@dmail = Dmail.find(params[:dmail_id])
@@ -24,6 +24,10 @@ module Maintenance
raise User::PrivilegeError.new
end
end
def dmail_filter_params
params.require(:dmail_filter).permit(:words)
end
end
end
end

4
app/controllers/maintenance/user/email_notifications_controller.rb
View File

@@ -3,7 +3,7 @@ module Maintenance
class EmailNotificationsController < ApplicationController
class VerificationError < Exception ; end
before_filter :validate_sig, :only => [:destroy]
before_action :validate_sig, :only => [:destroy]
rescue_from VerificationError, :with => :render_403
def show
@@ -18,7 +18,7 @@ module Maintenance
private
def render_403
render :nothing => true, :status => 403
render plain: "", :status => 403
end
def validate_sig

6
app/controllers/maintenance/user/password_resets_controller.rb
View File

@@ -6,7 +6,7 @@ module Maintenance
end
def create
@nonce = UserPasswordResetNonce.create(params[:nonce])
@nonce = UserPasswordResetNonce.create(nonce_params)
if @nonce.errors.any?
redirect_to new_maintenance_user_password_reset_path, :notice => @nonce.errors.full_messages.join("; ")
else
@@ -29,6 +29,10 @@ module Maintenance
redirect_to new_maintenance_user_password_reset_path, :notice => "Invalid key"
end
end
def nonce_params
params.fetch(:nonce, {}).permit([:email])
end
end
end
end

2
app/controllers/mod_actions_controller.rb
View File

@@ -2,7 +2,7 @@ class ModActionsController < ApplicationController
respond_to :html, :xml, :json
def index
@mod_actions = ModAction.search(params[:search]).paginate(params[:page], :limit => params[:limit])
@mod_actions = ModAction.search(search_params).paginate(params[:page], :limit => params[:limit])
respond_with(@mod_actions)
end
end

4
app/controllers/moderator/bulk_reverts_controller.rb
View File

@@ -1,7 +1,7 @@
module Moderator
class BulkRevertsController < ApplicationController
before_filter :moderator_only
before_filter :init_constraints
before_action :moderator_only
before_action :init_constraints
helper PostVersionsHelper
rescue_from BulkRevert::ConstraintTooGeneralError, :with => :tag_constraint_too_general

2
app/controllers/moderator/dashboards_controller.rb
View File

@@ -1,6 +1,6 @@
module Moderator
class DashboardsController < ApplicationController
before_filter :member_only
before_action :member_only
helper :post_flags, :post_appeals
def show

2
app/controllers/moderator/invitations_controller.rb
View File

@@ -1,6 +1,6 @@
module Moderator
class InvitationsController < ApplicationController
before_filter :moderator_only
before_action :moderator_only
def new
end

2
app/controllers/moderator/ip_addrs_controller.rb
View File

@@ -1,6 +1,6 @@
module Moderator
class IpAddrsController < ApplicationController
before_filter :moderator_only
before_action :moderator_only
def index
@search = IpAddrSearch.new(params[:search])

4
app/controllers/moderator/post/approvals_controller.rb
View File

@@ -1,8 +1,8 @@
module Moderator
module Post
class ApprovalsController < ApplicationController
before_filter :approver_only
skip_before_filter :api_check
before_action :approver_only
skip_before_action :api_check
respond_to :json, :xml, :js
def create

15
app/controllers/moderator/post/disapprovals_controller.rb
View File

@@ -1,13 +1,20 @@
module Moderator
module Post
class DisapprovalsController < ApplicationController
before_filter :approver_only
skip_before_filter :api_check
before_action :approver_only
skip_before_action :api_check
respond_to :js, :json, :xml
def create
cookies.permanent[:moderated] = Time.now.to_i
@post = ::Post.find(params[:post_id])
@post_disapproval = PostDisapproval.create(:post => @post, :user => CurrentUser.user, :reason => params[:reason] || "disinterest", :message => params[:message])
@post_disapproval = PostDisapproval.create(post_disapproval_params)
respond_with(@post_disapproval)
end
private
def post_disapproval_params
params.require(:post_disapproval).permit(%i[post_id reason message])
end
end
end

6
app/controllers/moderator/post/posts_controller.rb
View File

@@ -1,9 +1,9 @@
module Moderator
module Post
class PostsController < ApplicationController
before_filter :approver_only, :only => [:delete, :undelete, :move_favorites, :ban, :unban, :confirm_delete, :confirm_move_favorites, :confirm_ban]
before_filter :admin_only, :only => [:expunge]
skip_before_filter :api_check
before_action :approver_only, :only => [:delete, :undelete, :move_favorites, :ban, :unban, :confirm_delete, :confirm_move_favorites, :confirm_ban]
before_action :admin_only, :only => [:expunge]
skip_before_action :api_check
respond_to :html, :json, :xml

4
app/controllers/moderator/post/queues_controller.rb
View File

@@ -4,8 +4,8 @@ module Moderator
RANDOM_COUNT = 12
respond_to :html, :json
before_filter :approver_only
skip_before_filter :api_check
before_action :approver_only
skip_before_action :api_check
def show
cookies.permanent[:moderated] = Time.now.to_i

2
app/controllers/moderator/tags_controller.rb
View File

@@ -1,6 +1,6 @@
module Moderator
class TagsController < ApplicationController
before_filter :moderator_only
before_action :moderator_only
rescue_from TagBatchChange::Error, :with => :error
def edit

12
app/controllers/news_updates_controller.rb
View File

@@ -1,5 +1,5 @@
class NewsUpdatesController < ApplicationController
before_filter :admin_only
before_action :admin_only
respond_to :html
def index
@@ -14,7 +14,7 @@ class NewsUpdatesController < ApplicationController
def update
@news_update = NewsUpdate.find(params[:id])
@news_update.update_attributes(params[:news_update])
@news_update.update(news_update_params)
respond_with(@news_update, :location => news_updates_path)
end
@@ -24,7 +24,7 @@ class NewsUpdatesController < ApplicationController
end
def create
@news_update = NewsUpdate.create(params[:news_update])
@news_update = NewsUpdate.create(news_update_params)
respond_with(@news_update, :location => news_updates_path)
end
@@ -35,4 +35,10 @@ class NewsUpdatesController < ApplicationController
format.js
end
end
private
def news_update_params
params.require(:news_update).permit([:message])
end
end

2
app/controllers/note_versions_controller.rb
View File

@@ -2,7 +2,7 @@ class NoteVersionsController < ApplicationController
respond_to :html, :xml, :json
def index
@note_versions = NoteVersion.search(params[:search]).paginate(params[:page], :limit => params[:limit])
@note_versions = NoteVersion.search(search_params).paginate(params[:page], :limit => params[:limit])
respond_with(@note_versions) do |format|
format.html { @note_versions = @note_versions.includes(:updater) }
format.xml do

20
app/controllers/notes_controller.rb
View File

@@ -1,12 +1,12 @@
class NotesController < ApplicationController
respond_to :html, :xml, :json, :js
before_filter :member_only, :except => [:index, :show, :search]
before_action :member_only, :except => [:index, :show, :search]
def search
end
def index
@notes = Note.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@notes = Note.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@notes) do |format|
format.html { @notes = @notes.includes(:creator) }
format.xml do
@@ -23,7 +23,7 @@ class NotesController < ApplicationController
end
def create
@note = Note.create(create_params)
@note = Note.create(note_params(:create))
respond_with(@note) do |fmt|
fmt.json do
if @note.errors.any?
@@ -37,7 +37,7 @@ class NotesController < ApplicationController
def update
@note = Note.find(params[:id])
@note.update_attributes(update_params)
@note.update(note_params(:update))
respond_with(@note) do |format|
format.json do
if @note.errors.any?
@@ -62,12 +62,12 @@ class NotesController < ApplicationController
respond_with(@note)
end
private
def update_params
params.require(:note).permit(:x, :y, :width, :height, :body)
end
private
def create_params
params.require(:note).permit(:x, :y, :width, :height, :body, :post_id, :html_id)
def note_params(context)
permitted_params = %i[x y width height body]
permitted_params += %i[post_id html_id] if context == :create
params.require(:note).permit(permitted_params)
end
end

2
app/controllers/pool_elements_controller.rb
View File

@@ -1,6 +1,6 @@
class PoolElementsController < ApplicationController
respond_to :html, :xml, :json, :js
before_filter :member_only
before_action :member_only
def create
@pool = Pool.find_by_name(params[:pool_name]) || Pool.find_by_id(params[:pool_id])

2
app/controllers/pool_orders_controller.rb
View File

@@ -1,6 +1,6 @@
class PoolOrdersController < ApplicationController
respond_to :html, :xml, :json, :js
before_filter :member_only
before_action :member_only
def edit
@pool = Pool.find(params[:pool_id])

4
app/controllers/pool_versions_controller.rb
View File

@@ -1,13 +1,13 @@
class PoolVersionsController < ApplicationController
respond_to :html, :xml, :json
before_filter :check_availabililty
before_action :check_availabililty
def index
if params[:search] && params[:search][:pool_id].present?
@pool = Pool.find(params[:search][:pool_id])
end
@pool_versions = PoolArchive.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@pool_versions = PoolArchive.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@pool_versions) do |format|
format.xml do
render :xml => @pool_versions.to_xml(:root => "pool-versions")

19
app/controllers/pools_controller.rb
View File

@@ -1,7 +1,7 @@
class PoolsController < ApplicationController
respond_to :html, :xml, :json, :js
before_filter :member_only, :except => [:index, :show, :gallery]
before_filter :builder_only, :only => [:destroy]
before_action :member_only, :except => [:index, :show, :gallery]
before_action :builder_only, :only => [:destroy]
def new
@pool = Pool.new
@@ -17,7 +17,7 @@ class PoolsController < ApplicationController
end
def index
@pools = Pool.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@pools = Pool.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@pools) do |format|
format.xml do
render :xml => @pools.to_xml(:root => "pools")
@@ -27,7 +27,7 @@ class PoolsController < ApplicationController
def gallery
limit = params[:limit] || CurrentUser.user.per_page
@pools = Pool.series.search(params[:search]).reorder("updated_at desc").paginate(params[:page], :limit => limit, :search_count => params[:search])
@pools = Pool.series.search(search_params).reorder("updated_at desc").paginate(params[:page], :limit => limit, :search_count => params[:search])
@post_set = PostSets::PoolGallery.new(@pools)
end
@@ -38,7 +38,7 @@ class PoolsController < ApplicationController
end
def create
@pool = Pool.create(params[:pool])
@pool = Pool.create(pool_params)
flash[:notice] = @pool.valid? ? "Pool created" : @pool.errors.full_messages.join("; ")
respond_with(@pool)
end
@@ -46,7 +46,7 @@ class PoolsController < ApplicationController
def update
# need to do this in order for synchronize! to work correctly
@pool = Pool.find(params[:id])
@pool.attributes = params[:pool]
@pool.attributes = pool_params
@pool.synchronize
@pool.save
unless @pool.errors.any?
@@ -86,4 +86,11 @@ class PoolsController < ApplicationController
format.js
end
end
private
def pool_params
permitted_params = %i[name description category is_active post_ids]
params.require(:pool).permit(permitted_params)
end
end

12
app/controllers/post_appeals_controller.rb
View File

@@ -1,5 +1,5 @@
class PostAppealsController < ApplicationController
before_filter :member_only, :except => [:index, :show]
before_action :member_only, :except => [:index, :show]
respond_to :html, :xml, :json, :js
def new
@@ -8,7 +8,7 @@ class PostAppealsController < ApplicationController
end
def index
@post_appeals = PostAppeal.includes(:creator).search(params[:search]).includes(post: [:appeals, :uploader, :approver])
@post_appeals = PostAppeal.includes(:creator).search(search_params).includes(post: [:appeals, :uploader, :approver])
@post_appeals = @post_appeals.paginate(params[:page], limit: params[:limit])
respond_with(@post_appeals) do |format|
format.xml do
@@ -18,7 +18,7 @@ class PostAppealsController < ApplicationController
end
def create
@post_appeal = PostAppeal.create(params[:post_appeal])
@post_appeal = PostAppeal.create(post_appeal_params)
respond_with(@post_appeal)
end
@@ -26,4 +26,10 @@ class PostAppealsController < ApplicationController
@post_appeal = PostAppeal.find(params[:id])
respond_with(@post_appeal)
end
private
def post_appeal_params
params.fetch(:post_appeal, {}).permit(%i[post_id reason])
end
end

12
app/controllers/post_flags_controller.rb
View File

@@ -1,5 +1,5 @@
class PostFlagsController < ApplicationController
before_filter :member_only, :except => [:index, :show]
before_action :member_only, :except => [:index, :show]
respond_to :html, :xml, :json, :js
def new
@@ -8,7 +8,7 @@ class PostFlagsController < ApplicationController
end
def index
@post_flags = PostFlag.search(params[:search]).includes(:creator, post: [:flags, :uploader, :approver])
@post_flags = PostFlag.search(search_params).includes(:creator, post: [:flags, :uploader, :approver])
@post_flags = @post_flags.paginate(params[:page], limit: params[:limit])
respond_with(@post_flags) do |format|
format.xml do
@@ -18,7 +18,7 @@ class PostFlagsController < ApplicationController
end
def create
@post_flag = PostFlag.create(params[:post_flag].merge(:is_resolved => false))
@post_flag = PostFlag.create(post_flag_params)
respond_with(@post_flag)
end
@@ -26,4 +26,10 @@ class PostFlagsController < ApplicationController
@post_flag = PostFlag.find(params[:id])
respond_with(@post_flag)
end
private
def post_flag_params
params.require(:post_flag).permit(%i[post_id reason])
end
end

4
app/controllers/post_replacements_controller.rb
View File

@@ -1,6 +1,6 @@
class PostReplacementsController < ApplicationController
respond_to :html, :xml, :json
before_filter :moderator_only, except: [:index]
before_action :moderator_only, except: [:index]
def new
@post = Post.find(params[:post_id])
@@ -23,7 +23,7 @@ class PostReplacementsController < ApplicationController
def index
params[:search][:post_id] = params.delete(:post_id) if params.has_key?(:post_id)
@post_replacements = PostReplacement.search(params[:search]).paginate(params[:page], limit: params[:limit])
@post_replacements = PostReplacement.search(search_params).paginate(params[:page], limit: params[:limit])
respond_with(@post_replacements)
end

6
app/controllers/post_versions_controller.rb
View File

@@ -1,10 +1,10 @@
class PostVersionsController < ApplicationController
before_filter :member_only
before_filter :check_availabililty
before_action :member_only
before_action :check_availabililty
respond_to :html, :xml, :json
def index
@post_versions = PostArchive.includes(:updater, post: [:versions]).search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@post_versions = PostArchive.includes(:updater, post: [:versions]).search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@post_versions) do |format|
format.xml do
render :xml => @post_versions.to_xml(:root => "post-versions")

4
app/controllers/post_votes_controller.rb
View File

@@ -1,6 +1,6 @@
class PostVotesController < ApplicationController
before_filter :voter_only
skip_before_filter :api_check
before_action :voter_only
skip_before_action :api_check
def create
@post = Post.find(params[:post_id])

23
app/controllers/posts_controller.rb
View File

@@ -1,6 +1,6 @@
class PostsController < ApplicationController
before_filter :member_only, :except => [:show, :show_seq, :index, :home, :random]
before_filter :builder_only, :only => [:copy_notes]
before_action :member_only, :except => [:show, :show_seq, :index, :home, :random]
before_action :builder_only, :only => [:copy_notes]
respond_to :html, :xml, :json
def index
@@ -46,10 +46,7 @@ class PostsController < ApplicationController
def update
@post = Post.find(params[:id])
if @post.visible?
@post.update_attributes(params[:post], :as => CurrentUser.role)
end
@post.update(post_params) if @post.visible?
save_recent_tags
respond_with_post_after_update(@post)
end
@@ -131,4 +128,18 @@ private
end
end
end
def post_params
permitted_params = %i[
tag_string old_tag_string
parent_id old_parent_id
source old_source
rating old_rating
has_embedded_notes
]
permitted_params += %i[is_rating_locked is_note_locked] if CurrentUser.is_builder?
permitted_params += %i[is_status_locked] if CurrentUser.is_admin?
params.require(:post).permit(permitted_params)
end
end

2
app/controllers/related_tags_controller.rb
View File

@@ -1,7 +1,7 @@
class RelatedTagsController < ApplicationController
respond_to :json
respond_to :html, :only=>[:show]
before_filter :require_reportbooru_key, only: [:update]
before_action :require_reportbooru_key, only: [:update]
def show
@query = RelatedTagQuery.new(params[:query].to_s.downcase, params[:category])

6
app/controllers/reports_controller.rb
View File

@@ -1,7 +1,7 @@
class ReportsController < ApplicationController
before_filter :member_only, :except => [:upload_tags]
before_filter :gold_only, :only => [:similar_users]
before_filter :moderator_only, :only => [:post_versions, :post_versions_create, :down_voting_post_report, :down_voting_post_report_create]
before_action :member_only, :except => [:upload_tags]
before_action :gold_only, :only => [:similar_users]
before_action :moderator_only, :only => [:post_versions, :post_versions_create, :down_voting_post_report, :down_voting_post_report_create]
def uploads
@report = Reports::Uploads.new(params[:min_date], params[:max_date], params[:queries])

17
app/controllers/saved_searches_controller.rb
View File

@@ -1,5 +1,5 @@
class SavedSearchesController < ApplicationController
before_filter :check_availability
before_action :check_availability
respond_to :html, :xml, :json, :js
def index
@@ -22,11 +22,7 @@ class SavedSearchesController < ApplicationController
end
def create
@saved_search = saved_searches.create!(:query => params[:saved_search_tags], :label_string => params[:saved_search_labels])
if params[:saved_search_disable_labels]
CurrentUser.disable_categorized_saved_searches = true
CurrentUser.save
end
@saved_search = saved_searches.create(saved_search_params)
respond_with(@saved_search)
end
@@ -42,11 +38,12 @@ class SavedSearchesController < ApplicationController
def update
@saved_search = saved_searches.find(params[:id])
@saved_search.update_attributes(params[:saved_search])
@saved_search.update(saved_search_params)
respond_with(@saved_search, :location => saved_searches_path)
end
private
private
def saved_searches
CurrentUser.user.saved_searches
end
@@ -56,4 +53,8 @@ private
raise NotImplementedError.new("Listbooru service is not configured. Saved searches are not available.")
end
end
def saved_search_params
params.require(:saved_search).permit(%i[query label_string disable_labels])
end
end

2
app/controllers/tag_alias_corrections_controller.rb
View File

@@ -1,5 +1,5 @@
class TagAliasCorrectionsController < ApplicationController
before_filter :builder_only
before_action :builder_only
def create
@correction = TagAliasCorrection.new(params[:tag_alias_id])

10
app/controllers/tag_alias_requests_controller.rb
View File

@@ -1,11 +1,11 @@
class TagAliasRequestsController < ApplicationController
before_filter :member_only
before_action :member_only
def new
end
def create
@tag_alias_request = TagAliasRequest.new(params[:tag_alias_request])
@tag_alias_request = TagAliasRequest.new(tar_params)
@tag_alias_request.create
if @tag_alias_request.invalid?
@@ -14,4 +14,10 @@ class TagAliasRequestsController < ApplicationController
redirect_to forum_topic_path(@tag_alias_request.forum_topic)
end
end
private
def tar_params
params.require(:tag_alias_request).permit(:antecedent_name, :consequent_name, :reason, :skip_secondary_validations)
end
end

10
app/controllers/tag_aliases_controller.rb
View File

@@ -1,5 +1,5 @@
class TagAliasesController < ApplicationController
before_filter :admin_only, :only => [:approve, :new, :create]
before_action :admin_only, :only => [:approve, :new, :create]
respond_to :html, :xml, :json, :js
def show
@@ -15,14 +15,14 @@ class TagAliasesController < ApplicationController
@tag_alias = TagAlias.find(params[:id])
if @tag_alias.is_pending? && @tag_alias.editable_by?(CurrentUser.user)
@tag_alias.update_attributes(update_params)
@tag_alias.update(tag_alias_params)
end
respond_with(@tag_alias)
end
def index
@tag_aliases = TagAlias.search(params[:search]).paginate(params[:page], :limit => params[:limit])
@tag_aliases = TagAlias.search(search_params).paginate(params[:page], :limit => params[:limit])
respond_with(@tag_aliases) do |format|
format.xml do
render :xml => @tag_aliases.to_xml(:root => "tag-aliases")
@@ -48,7 +48,7 @@ class TagAliasesController < ApplicationController
private
def update_params
params.require(:tag_alias).permit(:antecedent_name, :consequent_name, :forum_topic_id)
def tag_alias_params
params.require(:tag_alias).permit(%i[antecedent_name consequent_name forum_topic_id skip_secondary_validations])
end
end

2
app/controllers/tag_corrections_controller.rb
View File

@@ -1,5 +1,5 @@
class TagCorrectionsController < ApplicationController
before_filter :builder_only
before_action :builder_only
def new
@correction = TagCorrection.new(params[:tag_id])

10
app/controllers/tag_implication_requests_controller.rb
View File

@@ -1,11 +1,11 @@
class TagImplicationRequestsController < ApplicationController
before_filter :member_only
before_action :member_only
def new
end
def create
@tag_implication_request = TagImplicationRequest.new(params[:tag_implication_request])
@tag_implication_request = TagImplicationRequest.new(tir_params)
@tag_implication_request.create
if @tag_implication_request.invalid?
@@ -14,4 +14,10 @@ class TagImplicationRequestsController < ApplicationController
redirect_to forum_topic_path(@tag_implication_request.forum_topic)
end
end
private
def tir_params
params.require(:tag_implication_request).permit(:antecedent_name, :consequent_name, :reason, :skip_secondary_validations)
end
end

10
app/controllers/tag_implications_controller.rb
View File

@@ -1,5 +1,5 @@
class TagImplicationsController < ApplicationController
before_filter :admin_only, :only => [:new, :create, :approve]
before_action :admin_only, :only => [:new, :create, :approve]
respond_to :html, :xml, :json, :js
def show
@@ -15,14 +15,14 @@ class TagImplicationsController < ApplicationController
@tag_implication = TagImplication.find(params[:id])
if @tag_implication.is_pending? && @tag_implication.editable_by?(CurrentUser.user)
@tag_implication.update_attributes(update_params)
@tag_implication.update(tag_implication_params)
end
respond_with(@tag_implication)
end
def index
@tag_implications = TagImplication.search(params[:search]).paginate(params[:page], :limit => params[:limit])
@tag_implications = TagImplication.search(search_params).paginate(params[:page], :limit => params[:limit])
respond_with(@tag_implications) do |format|
format.xml do
render :xml => @tag_implications.to_xml(:root => "tag-implications")
@@ -53,7 +53,7 @@ class TagImplicationsController < ApplicationController
private
def update_params
params.require(:tag_implication).permit(:antecedent_name, :consequent_name, :forum_topic_id)
def tag_implication_params
params.require(:tag_implication).permit(%i[antecedent_name consequent_name forum_topic_id skip_secondary_validations])
end
end

13
app/controllers/tags_controller.rb
View File

@@ -1,5 +1,5 @@
class TagsController < ApplicationController
before_filter :member_only, :only => [:edit, :update]
before_action :member_only, :only => [:edit, :update]
respond_to :html, :xml, :json
def edit
@@ -9,7 +9,7 @@ class TagsController < ApplicationController
end
def index
@tags = Tag.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@tags = Tag.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@tags) do |format|
format.xml do
render :xml => @tags.to_xml(:root => "tags")
@@ -35,7 +35,7 @@ class TagsController < ApplicationController
def update
@tag = Tag.find(params[:id])
check_privilege(@tag)
@tag.update_attributes(params[:tag], :as => CurrentUser.role)
@tag.update(tag_params)
respond_with(@tag)
end
@@ -43,4 +43,11 @@ private
def check_privilege(tag)
raise User::PrivilegeError unless tag.editable_by?(CurrentUser.user)
end
def tag_params
permitted_params = [:category]
permitted_params << :is_locked if CurrentUser.is_moderator?
params.require(:tag).permit(permitted_params)
end
end

19
app/controllers/uploads_controller.rb
View File

@@ -1,5 +1,5 @@
class UploadsController < ApplicationController
before_filter :member_only, except: [:index, :show]
before_action :member_only, except: [:index, :show]
respond_to :html, :xml, :json, :js
def new
@@ -31,7 +31,7 @@ class UploadsController < ApplicationController
end
def index
@search = Upload.search(params[:search])
@search = Upload.search(search_params)
@uploads = @search.paginate(params[:page], :limit => params[:limit])
respond_with(@uploads) do |format|
format.xml do
@@ -52,7 +52,7 @@ class UploadsController < ApplicationController
end
def create
@upload = Upload.create(params[:upload].merge(:server => Socket.gethostname))
@upload = Upload.create(upload_params)
if @upload.errors.empty?
post = @upload.process!
@@ -72,7 +72,8 @@ class UploadsController < ApplicationController
respond_with(@upload)
end
protected
private
def find_post_by_url(normalized_url)
if normalized_url.nil?
Post.where("SourcePattern(lower(posts.source)) = ?", params[:url]).first
@@ -89,4 +90,14 @@ protected
cookies[:recent_tags_with_categories] = Tag.categories_for(tags).to_a.flatten.join(" ")
end
end
def upload_params
permitted_params = %i[
file source tag_string rating status parent_id artist_commentary_title
artist_commentary_desc include_artist_commentary referer_url
md5_confirmation as_pending
]
params.require(:upload).permit(permitted_params)
end
end

20
app/controllers/user_feedbacks_controller.rb
View File

@@ -1,9 +1,9 @@
class UserFeedbacksController < ApplicationController
before_filter :gold_only, :only => [:new, :edit, :create, :update, :destroy]
before_action :gold_only, :only => [:new, :edit, :create, :update, :destroy]
respond_to :html, :xml, :json
def new
@user_feedback = UserFeedback.new(params[:user_feedback])
@user_feedback = UserFeedback.new(user_feedback_params(:create))
respond_with(@user_feedback)
end
@@ -19,7 +19,7 @@ class UserFeedbacksController < ApplicationController
end
def index
@search = UserFeedback.visible.search(params[:search])
@search = UserFeedback.visible.search(search_params)
@user_feedbacks = @search.paginate(params[:page], :limit => params[:limit])
respond_with(@user_feedbacks) do |format|
format.xml do
@@ -29,14 +29,14 @@ class UserFeedbacksController < ApplicationController
end
def create
@user_feedback = UserFeedback.create(params[:user_feedback])
@user_feedback = UserFeedback.create(user_feedback_params(:create))
respond_with(@user_feedback)
end
def update
@user_feedback = UserFeedback.visible.find(params[:id])
check_privilege(@user_feedback)
@user_feedback.update_attributes(params[:user_feedback])
@user_feedback.update(user_feedback_params(:update))
respond_with(@user_feedback)
end
@@ -47,8 +47,16 @@ class UserFeedbacksController < ApplicationController
respond_with(@user_feedback)
end
private
private
def check_privilege(user_feedback)
raise User::PrivilegeError unless user_feedback.editable_by?(CurrentUser.user)
end
def user_feedback_params(context)
permitted_params = %i[body category]
permitted_params += %i[user_id user_name] if context == :create
params.require(:user_feedback).permit(permitted_params)
end
end

23
app/controllers/user_name_change_requests_controller.rb
View File

@@ -1,20 +1,16 @@
class UserNameChangeRequestsController < ApplicationController
before_filter :member_only, :only => [:index, :show]
before_filter :gold_only, :only => [:new, :create]
before_filter :admin_only, :only => [:approve, :reject]
before_action :member_only, :only => [:index, :show]
before_action :gold_only, :only => [:new, :create]
before_action :admin_only, :only => [:approve, :reject]
respond_to :html, :json, :xml
def new
@change_request = UserNameChangeRequest.new(change_request_params)
respond_with(@change_request)
end
def create
@change_request = UserNameChangeRequest.create(
:user_id => CurrentUser.user.id,
:original_name => CurrentUser.user.name,
:status => "pending",
:change_reason => params[:reason],
:desired_name => params[:desired_name]
)
@change_request = UserNameChangeRequest.create(change_request_params)
if @change_request.errors.any?
render :action => "new"
@@ -47,9 +43,14 @@ class UserNameChangeRequestsController < ApplicationController
redirect_to user_name_change_request_path(@change_request), :notice => "Name change request rejected"
end
private
private
def check_privileges!(change_request)
return if CurrentUser.is_admin?
raise User::PrivilegeError if change_request.user_id != CurrentUser.user.id
end
def change_request_params
params.fetch(:user_name_change_request, {}).permit(%i[desired_name change_reason])
end
end

2
app/controllers/user_reverts_controller.rb
View File

@@ -1,5 +1,5 @@
class UserRevertsController < ApplicationController
before_filter :moderator_only
before_action :moderator_only
def new
@user = User.find(params[:user_id])

2
app/controllers/user_upgrades_controller.rb
View File

@@ -1,5 +1,5 @@
class UserUpgradesController < ApplicationController
before_filter :member_only, :only => [:new, :show]
before_action :member_only, :only => [:new, :show]
helper_method :user
force_ssl :if => :ssl_enabled?
skip_before_action :verify_authenticity_token, only: [:create]

35
app/controllers/users_controller.rb
View File

@@ -1,6 +1,6 @@
class UsersController < ApplicationController
respond_to :html, :xml, :json
skip_before_filter :api_check
skip_before_action :api_check
def new
@user = User.new
@@ -22,7 +22,7 @@ class UsersController < ApplicationController
redirect_to user_path(@user)
end
else
@users = User.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@users = User.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@users) do |format|
format.xml do
render :xml => @users.to_xml(:root => "users")
@@ -41,8 +41,7 @@ class UsersController < ApplicationController
end
def create
@user = User.new(params[:user], :as => CurrentUser.role)
@user.last_ip_addr = request.remote_ip
@user = User.new(user_params(:create))
if !Danbooru.config.enable_recaptcha? || verify_recaptcha(model: @user)
@user.save
if @user.errors.empty?
@@ -61,7 +60,7 @@ class UsersController < ApplicationController
def update
@user = User.find(params[:id])
check_privilege(@user)
@user.update_attributes(params[:user].except(:name), :as => CurrentUser.role)
@user.update(user_params(:update))
cookies.delete(:favorite_tags)
cookies.delete(:favorite_tags_with_categories)
if @user.errors.any?
@@ -75,12 +74,34 @@ class UsersController < ApplicationController
def cache
@user = User.find(params[:id])
@user.update_cache
render :nothing => true
render plain: ""
end
private
private
def check_privilege(user)
raise User::PrivilegeError unless (user.id == CurrentUser.id || CurrentUser.is_admin?)
end
def user_params(context)
permitted_params = %i[
password old_password password_confirmation email
comment_threshold default_image_size favorite_tags blacklisted_tags
time_zone per_page custom_style
receive_email_notifications always_resize_images enable_post_navigation
new_post_navigation_layout enable_privacy_mode
enable_sequential_post_navigation hide_deleted_posts style_usernames
enable_auto_complete show_deleted_children
disable_categorized_saved_searches disable_tagged_filenames
enable_recent_searches disable_cropped_thumbnails disable_mobile_gestures
enable_safe_mode disable_responsive_mode
]
permitted_params += [dmail_filter_attributes: %i[id words]]
permitted_params << :name if context == :create
permitted_params << :level if CurrentUser.is_admin?
params.require(:user).permit(permitted_params)
end
end

2
app/controllers/wiki_page_versions_controller.rb
View File

@@ -2,7 +2,7 @@ class WikiPageVersionsController < ApplicationController
respond_to :html, :xml, :json
def index
@wiki_page_versions = WikiPageVersion.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@wiki_page_versions = WikiPageVersion.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@wiki_page_versions) do |format|
format.xml do
render :xml => @wiki_page_versions.to_xml(:root => "wiki-page-versions")

24
app/controllers/wiki_pages_controller.rb
View File

@@ -1,11 +1,11 @@
class WikiPagesController < ApplicationController
respond_to :html, :xml, :json, :js
before_filter :member_only, :except => [:index, :search, :show, :show_or_new]
before_filter :builder_only, :only => [:destroy]
before_filter :normalize_search_params, :only => [:index]
before_action :member_only, :except => [:index, :search, :show, :show_or_new]
before_action :builder_only, :only => [:destroy]
before_action :normalize_search_params, :only => [:index]
def new
@wiki_page = WikiPage.new(params[:wiki_page])
@wiki_page = WikiPage.new(wiki_page_params)
respond_with(@wiki_page)
end
@@ -15,7 +15,7 @@ class WikiPagesController < ApplicationController
end
def index
@wiki_pages = WikiPage.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
@wiki_pages = WikiPage.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
respond_with(@wiki_pages) do |format|
format.html do
if params[:page].nil? || params[:page].to_i == 1
@@ -50,13 +50,13 @@ class WikiPagesController < ApplicationController
end
def create
@wiki_page = WikiPage.create(params[:wiki_page])
@wiki_page = WikiPage.create(wiki_page_params)
respond_with(@wiki_page)
end
def update
@wiki_page = WikiPage.find(params[:id])
@wiki_page.update_attributes(params[:wiki_page])
@wiki_page.update(wiki_page_params)
respond_with(@wiki_page)
end
@@ -85,11 +85,19 @@ class WikiPagesController < ApplicationController
end
end
private
private
def normalize_search_params
if params[:title]
params[:search] ||= {}
params[:search][:title] = params.delete(:title)
end
end
def wiki_page_params
permitted_params = %i[title body other_names skip_secondary_validations]
permitted_params += %i[is_locked is_deleted] if CurrentUser.is_builder?
params.require(:wiki_page).permit(permitted_params)
end
end

2
app/logical/anonymous_user.rb
View File

@@ -230,7 +230,7 @@ class AnonymousUser
end
def saved_searches
[]
SavedSearch.where(false)
end
def has_saved_searches?

10
app/logical/current_user.rb
View File

@@ -14,6 +14,10 @@ class CurrentUser
end
end
def self.as(user, &block)
scoped(user, &block)
end
def self.as_admin(&block)
if block_given?
scoped(User.admins.first, "127.0.0.1", &block)
@@ -83,10 +87,6 @@ class CurrentUser
end
def self.method_missing(method, *params, &block)
if user.respond_to?(method)
user.__send__(method, *params, &block)
else
super
end
user.__send__(method, *params, &block)
end
end

7
app/logical/forum_updater.rb
View File

@@ -21,10 +21,7 @@ class ForumUpdater
end
def create_response(body)
forum_topic.posts.create({
:body => body,
:skip_mention_notifications => true
}, :without_protection => true)
forum_topic.posts.create(body: body, skip_mention_notifications: true)
end
def update_title(title_tag)
@@ -34,6 +31,6 @@ class ForumUpdater
end
def update_post(body)
forum_post.update({:body => "#{forum_post.body}\n\nEDIT: #{body}", :skip_mention_notifications => true }, :without_protection => true)
forum_post.update(body: "#{forum_post.body}\n\nEDIT: #{body}", skip_mention_notifications: true)
end
end

4
app/logical/mentionable.rb
View File

@@ -23,11 +23,11 @@ module Mentionable
def queue_mention_messages
message_field = self.class.mentionable_option(:message_field)
return if !send("#{message_field}_changed?")
return if !send(:saved_change_to_attribute?, message_field)
return if self.skip_mention_notifications
text = send(message_field)
text_was = send("#{message_field}_was")
text_was = send(:attribute_before_last_save, message_field)
names = DText.parse_mentions(text) - DText.parse_mentions(text_was)

2
app/logical/post_pruner.rb
View File

@@ -36,6 +36,6 @@ protected
end
def prune_mod_actions!
ModAction.destroy_all(["creator_id = ? and description like ?", User.system.id, "deleted post %"])
ModAction.where(["creator_id = ? and description like ?", User.system.id, "deleted post %"]).destroy_all
end
end

4
app/logical/post_query_builder.rb
View File

@@ -291,13 +291,13 @@ class PostQueryBuilder
if q[:note_updater_ids]
q[:note_updater_ids].each do |note_updater_id|
relation = relation.where("posts.id IN (?)", NoteVersion.unscoped.where("updater_id = ?", note_updater_id).select("post_id").uniq)
relation = relation.where("posts.id IN (?)", NoteVersion.unscoped.where("updater_id = ?", note_updater_id).select("post_id").distinct)
end
end
if q[:artcomm_ids]
q[:artcomm_ids].each do |artcomm_id|
relation = relation.where("posts.id IN (?)", ArtistCommentaryVersion.unscoped.where("updater_id = ?", artcomm_id).select("post_id").uniq)
relation = relation.where("posts.id IN (?)", ArtistCommentaryVersion.unscoped.where("updater_id = ?", artcomm_id).select("post_id").distinct)
end
end

9
app/logical/session_loader.rb
View File

@@ -14,7 +14,9 @@ class SessionLoader
CurrentUser.user = AnonymousUser.new
CurrentUser.ip_addr = request.remote_ip
if session[:user_id]
if Rails.env.test? && Thread.current[:test_user_id]
load_for_test(Thread.current[:test_user_id])
elsif session[:user_id]
load_session_user
elsif cookie_password_hash_valid?
load_cookie_user
@@ -32,6 +34,11 @@ class SessionLoader
private
def load_for_test(user_id)
CurrentUser.user = User.find(user_id)
CurrentUser.ip_addr = "127.0.0.1"
end
def set_statement_timeout
timeout = CurrentUser.user.statement_timeout
ActiveRecord::Base.connection.execute("set statement_timeout = #{timeout}")

2
app/logical/sources/strategies/twitter.rb
View File

@@ -69,7 +69,7 @@ module Sources::Strategies
# https://twitter.com/motty08111213/status/943446161586733056
def self.status_id_from_url(url)
if url =~ %r{\Ahttps?://(?:mobile\.)?twitter\.com/(?:i/web|\w+)/status/(\d+)}i
$1.to_i
$1
else
nil
end

2
app/logical/tag_alias_request.rb
View File

@@ -75,7 +75,7 @@ class TagAliasRequest
end
def skip_secondary_validations=(v)
if v == "1" or v == true
if v == "1" or v == true or v =~ /t/
@skip_secondary_validations = true
else
@skip_secondary_validations = false

2
app/logical/tag_implication_request.rb
View File

@@ -75,7 +75,7 @@ class TagImplicationRequest
end
def skip_secondary_validations=(v)
if v == "1" or v == true
if v == "1" or v == true or v =~ /t/
@skip_secondary_validations = true
else
@skip_secondary_validations = false

2
app/logical/twitter_service.rb
View File

@@ -3,7 +3,7 @@ class TwitterService
raise "Twitter API keys not set" if Danbooru.config.twitter_api_key.nil?
@client ||= begin
rest_client = Twitter::REST::Client.new do |config|
rest_client = ::Twitter::REST::Client.new do |config|
config.consumer_key = Danbooru.config.twitter_api_key
config.consumer_secret = Danbooru.config.twitter_api_secret
if bearer_token = Cache.get("twitter-api-token")

2
app/models/amazon_backup.rb
View File

@@ -4,8 +4,6 @@ require 'base64'
require 'digest/md5'
class AmazonBackup < ApplicationRecord
attr_accessible :last_id
def self.last_id
first.last_id
end

1
app/models/api_key.rb
View File

@@ -2,7 +2,6 @@ class ApiKey < ApplicationRecord
belongs_to :user
validates_uniqueness_of :user_id
validates_uniqueness_of :key
attr_accessible :user_id, :key
def self.generate!(user)
create(:user_id => user.id, :key => SecureRandom.urlsafe_base64(32))

35
app/models/application_record.rb
View File

@@ -141,6 +141,41 @@ class ApplicationRecord < ActiveRecord::Base
end
end
concerning :UserMethods do
class_methods do
def belongs_to_creator(options = {})
class_eval do
belongs_to :creator, options.merge(class_name: "User")
before_validation(on: :create) do |rec|
if rec.creator_id.nil?
rec.creator_id = CurrentUser.id
rec.creator_ip_addr = CurrentUser.ip_addr if rec.respond_to?(:creator_ip_addr=)
rec.ip_addr = CurrentUser.ip_addr if rec.respond_to?(:ip_addr=)
end
end
define_method :creator_name do
User.id_to_name(creator_id)
end
end
end
def belongs_to_updater(options = {})
class_eval do
belongs_to :updater, options.merge(class_name: "User")
before_validation do |rec|
rec.updater_id = CurrentUser.id
rec.updater_ip_addr = CurrentUser.ip_addr if rec.respond_to?(:updater_ip_addr=)
end
define_method :updater_name do
User.id_to_name(updater_id)
end
end
end
end
end
def warnings
@warnings ||= ActiveModel::Errors.new(self)
end

42
app/models/artist.rb
View File

@@ -2,25 +2,25 @@ class Artist < ApplicationRecord
extend Memoist
class RevertError < Exception ; end
before_create :initialize_creator
attribute :url_string, :string, default: ""
before_validation :normalize_name
after_save :create_version
after_save :categorize_tag
after_save :update_wiki
after_save :save_urls
validates_uniqueness_of :name
validates_associated :urls
validates :name, tag_name: true
validate :validate_wiki, :on => :create
after_validation :merge_validation_errors
belongs_to :creator, :class_name => "User"
belongs_to_creator
has_many :members, :class_name => "Artist", :foreign_key => "group_name", :primary_key => "name"
has_many :urls, :dependent => :destroy, :class_name => "ArtistUrl"
has_many :versions, lambda {order("artist_versions.id ASC")}, :class_name => "ArtistVersion"
has_one :wiki_page, :foreign_key => "title", :primary_key => "name"
has_one :tag_alias, :foreign_key => "antecedent_name", :primary_key => "name"
has_one :tag, :foreign_key => "name", :primary_key => "name"
attr_accessible :body, :notes, :name, :url_string, :other_names, :other_names_comma, :group_name, :notes, :as => [:member, :gold, :builder, :platinum, :moderator, :default, :admin]
attr_accessible :is_active, :as => [:builder, :moderator, :default, :admin]
attr_accessible :is_banned, :as => :admin
attribute :notes, :string
scope :active, lambda { where(is_active: true) }
scope :deleted, lambda { where(is_active: false) }
@@ -178,22 +178,12 @@ class Artist < ApplicationRecord
urls.map(&:url)
end
def url_string=(string)
@url_string_was = url_string
self.urls = string.scan(/[^[:space:]]+/).uniq.map do |url|
self.urls.find_or_initialize_by(url: url)
def save_urls
self.urls = url_string.scan(/[^[:space:]]+/).uniq.map do |url|
self.urls.find_or_create_by(url: url)
end
end
def url_string
url_array.join("\n")
end
def url_string_changed?
@url_string_was != url_string
end
def map_domain(x)
case x
when "pximg.net"
@@ -258,7 +248,7 @@ class Artist < ApplicationRecord
module VersionMethods
def create_version(force=false)
if name_changed? || url_string_changed? || is_active_changed? || is_banned_changed? || other_names_changed? || group_name_changed? || notes_changed? || force
if saved_change_to_name? || saved_change_to_url_string? || saved_change_to_is_active? || saved_change_to_is_banned? || saved_change_to_other_names? || saved_change_to_group_name? || saved_change_to_notes? || force
if merge_version?
merge_version
else
@@ -271,7 +261,7 @@ class Artist < ApplicationRecord
ArtistVersion.create(
:artist_id => id,
:name => name,
:updater_id => CurrentUser.user.id,
:updater_id => CurrentUser.id,
:updater_ip_addr => CurrentUser.ip_addr,
:url_string => url_string,
:is_active => is_active,
@@ -369,9 +359,9 @@ class Artist < ApplicationRecord
end
def update_wiki
if persisted? && name_changed? && name_was.present? && WikiPage.titled(name_was).exists?
if persisted? && saved_change_to_name? && attribute_before_last_save("name").present? && WikiPage.titled(attribute_before_last_save("name")).exists?
# we're renaming the artist, so rename the corresponding wiki page
old_page = WikiPage.titled(name_was).first
old_page = WikiPage.titled(name_before_last_save).first
if wiki_page.present?
# a wiki page with the new name already exists, so update the content
@@ -383,7 +373,7 @@ class Artist < ApplicationRecord
elsif wiki_page.nil?
# if there are any notes, we need to create a new wiki page
if @notes.present?
create_wiki_page(body: @notes, title: name)
wp = create_wiki_page(body: @notes, title: name)
end
elsif (!@notes.nil? && (wiki_page.body != @notes)) || wiki_page.title != name
# if anything changed, we need to update the wiki page
@@ -415,7 +405,7 @@ class Artist < ApplicationRecord
end
def categorize_tag
if new_record? || name_changed?
if new_record? || saved_change_to_name?
Tag.find_or_create_by_name("artist:#{name}")
end
end
@@ -666,10 +656,6 @@ class Artist < ApplicationRecord
end
end
def initialize_creator
self.creator_id = CurrentUser.user.id
end
def deletable_by?(user)
user.is_builder?
end

7
app/models/artist_commentary.rb
View File

@@ -3,10 +3,9 @@ class ArtistCommentary < ApplicationRecord
attr_accessor :remove_commentary_tag, :remove_commentary_request_tag, :remove_commentary_check_tag
attr_accessor :add_commentary_tag, :add_commentary_request_tag, :add_commentary_check_tag
attr_accessible :post_id, :original_description, :original_title, :translated_description, :translated_title, :remove_commentary_tag, :remove_commentary_request_tag, :add_commentary_tag, :add_commentary_request_tag, :add_commentary_check_tag, :remove_commentary_check_tag
before_validation :trim_whitespace
validates_uniqueness_of :post_id
belongs_to :post
belongs_to :post, required: true
has_many :versions, lambda {order("artist_commentary_versions.id ASC")}, :class_name => "ArtistCommentaryVersion", :dependent => :destroy, :foreign_key => :post_id, :primary_key => :post_id
has_one :previous_version, lambda {order(id: :desc)}, :class_name => "ArtistCommentaryVersion", :foreign_key => :post_id, :primary_key => :post_id
after_save :create_version
@@ -109,12 +108,12 @@ class ArtistCommentary < ApplicationRecord
post.add_tag("check_commentary")
end
post.save if post.tag_string_changed?
post.save if post.saved_change_to_tag_string?
end
module VersionMethods
def create_version
return unless changed?
return unless saved_changes?
if merge_version?
merge_version

13
app/models/artist_commentary_version.rb
View File

@@ -1,9 +1,7 @@
class ArtistCommentaryVersion < ApplicationRecord
before_validation :initialize_updater
belongs_to :post
belongs_to :updater, :class_name => "User"
belongs_to_updater
scope :for_user, lambda {|user_id| where("updater_id = ?", user_id)}
attr_accessible :post_id, :original_title, :original_description, :translated_title, :translated_description
def self.search(params)
q = super
@@ -18,13 +16,4 @@ class ArtistCommentaryVersion < ApplicationRecord
q.apply_default_order(params)
end
def initialize_updater
self.updater_id = CurrentUser.id
self.updater_ip_addr = CurrentUser.ip_addr
end
def updater_name
User.id_to_name(updater_id)
end
end

5
app/models/artist_url.rb
View File

@@ -4,7 +4,6 @@ class ArtistUrl < ApplicationRecord
validates_presence_of :url
validate :validate_url_format
belongs_to :artist, :touch => true
attr_accessible :url, :artist_id, :normalized_url
def self.normalize(url)
if url.nil?
@@ -93,8 +92,8 @@ class ArtistUrl < ApplicationRecord
def validate_url_format
uri = Addressable::URI.parse(url)
errors[:base] << "'#{url}' must begin with http:// or https://" if !uri.scheme.in?(%w[http https])
errors[:url] << "must begin with http:// or https://" if !uri.scheme.in?(%w[http https])
rescue Addressable::URI::InvalidURIError => error
errors[:base] << "'#{url}' is malformed: #{error}"
errors[:url] << "is malformed: #{error}"
end
end

7
app/models/artist_version.rb
View File

@@ -1,7 +1,6 @@
class ArtistVersion < ApplicationRecord
belongs_to :updater, :class_name => "User"
belongs_to_updater
belongs_to :artist
attr_accessible :artist_id, :name, :is_active, :other_names, :group_name, :url_string, :is_banned, :updater_id, :updater_ip_addr
delegate :visible?, :to => :artist
module SearchMethods
@@ -106,8 +105,4 @@ class ArtistVersion < ApplicationRecord
def previous
ArtistVersion.where("artist_id = ? and created_at < ?", artist_id, created_at).order("created_at desc").first
end
def updater_name
User.id_to_name(updater_id)
end
end

1
app/models/ban.rb
View File

@@ -5,7 +5,6 @@ class Ban < ApplicationRecord
after_destroy :update_user_on_destroy
belongs_to :user
belongs_to :banner, :class_name => "User"
attr_accessible :reason, :duration, :user_id, :user_name
validate :user_is_inferior
validates_presence_of :user_id, :reason, :duration
before_validation :initialize_banner_id, :on => :create

20
app/models/bulk_update_request.rb
View File

@@ -2,9 +2,9 @@ class BulkUpdateRequest < ApplicationRecord
attr_accessor :reason, :skip_secondary_validations
belongs_to :user
belongs_to :forum_topic
belongs_to :forum_post
belongs_to :approver, :class_name => "User"
belongs_to :forum_topic, optional: true
belongs_to :forum_post, optional: true
belongs_to :approver, optional: true, class_name: "User"
validates_presence_of :user
validates_presence_of :script
@@ -112,10 +112,12 @@ class BulkUpdateRequest < ApplicationRecord
def create_forum_topic
if forum_topic_id
forum_post = forum_topic.posts.create(body: reason_with_link)
update_attributes(:forum_post_id => forum_post.id)
update(forum_post_id: forum_post.id)
else
forum_topic = ForumTopic.create(:title => title, :category_id => 1, :original_post_attributes => {:body => reason_with_link})
update_attributes(:forum_topic_id => forum_topic.id, :forum_post_id => forum_topic.posts.first.id)
forum_topic = ForumTopic.create(title: title, category_id: 1, original_post_attributes: {body: reason_with_link})
puts forum_topic.errors.full_messages
puts forum_topic.original_post.errors.full_messages
update(forum_topic_id: forum_topic.id, forum_post_id: forum_topic.posts.first.id)
end
end
@@ -136,13 +138,13 @@ class BulkUpdateRequest < ApplicationRecord
AliasAndImplicationImporter.tokenize(script)
return true
rescue StandardError => e
errors.add(:base, e.message)
errors[:base] << e.message
return false
end
def forum_topic_id_not_invalid
if forum_topic_id && !forum_topic
errors.add(:base, "Forum topic ID is invalid")
errors[:base] << "Forum topic ID is invalid"
end
end
@@ -150,7 +152,7 @@ class BulkUpdateRequest < ApplicationRecord
begin
AliasAndImplicationImporter.new(script, forum_topic_id, "1", skip_secondary_validations).validate!
rescue RuntimeError => e
self.errors[:base] = e.message
self.errors[:base] << e.message
return false
end

36
app/models/comment.rb
View File

@@ -5,21 +5,17 @@ class Comment < ApplicationRecord
validate :validate_creator_is_not_limited, :on => :create
validates_format_of :body, :with => /\S/, :message => 'has no content'
belongs_to :post
belongs_to :creator, :class_name => "User"
belongs_to :updater, :class_name => "User"
belongs_to_creator
belongs_to_updater
has_many :votes, :class_name => "CommentVote", :dependent => :destroy
before_validation :initialize_creator, :on => :create
before_validation :initialize_updater
after_create :update_last_commented_at_on_create
after_update(:if => lambda {|rec| (!rec.is_deleted? || !rec.is_deleted_changed?) && CurrentUser.id != rec.creator_id}) do |rec|
after_update(:if => lambda {|rec| (!rec.is_deleted? || !rec.saved_change_to_is_deleted?) && CurrentUser.id != rec.creator_id}) do |rec|
ModAction.log("comment ##{rec.id} updated by #{CurrentUser.name}",:comment_update)
end
after_save :update_last_commented_at_on_destroy, :if => lambda {|rec| rec.is_deleted? && rec.is_deleted_changed?}
after_save(:if => lambda {|rec| rec.is_deleted? && rec.is_deleted_changed? && CurrentUser.id != rec.creator_id}) do |rec|
after_save :update_last_commented_at_on_destroy, :if => lambda {|rec| rec.is_deleted? && rec.saved_change_to_is_deleted?}
after_save(:if => lambda {|rec| rec.is_deleted? && rec.saved_change_to_is_deleted? && CurrentUser.id != rec.creator_id}) do |rec|
ModAction.log("comment ##{rec.id} deleted by #{CurrentUser.name}",:comment_delete)
end
attr_accessible :body, :post_id, :do_not_bump_post, :is_deleted, :as => [:member, :gold, :platinum, :builder, :moderator, :admin]
attr_accessible :is_sticky, :as => [:moderator, :admin]
mentionable(
:message_field => :body,
:title => lambda {|user_name| "#{creator_name} mentioned you in a comment on post ##{post_id}"},
@@ -172,24 +168,6 @@ class Comment < ApplicationRecord
extend SearchMethods
include VoteMethods
def initialize_creator
self.creator_id ||= CurrentUser.user.id
self.ip_addr ||= CurrentUser.ip_addr
end
def initialize_updater
self.updater_id = CurrentUser.user.id
self.updater_ip_addr = CurrentUser.ip_addr
end
def creator_name
User.id_to_name(creator_id)
end
def updater_name
User.id_to_name(updater_id)
end
def validate_post_exists
errors.add(:post, "must exist") unless Post.exists?(post_id)
end
@@ -245,11 +223,11 @@ class Comment < ApplicationRecord
end
def delete!
update({ :is_deleted => true }, :as => CurrentUser.role)
update(is_deleted: true)
end
def undelete!
update({ :is_deleted => false }, :as => CurrentUser.role)
update(is_deleted: false)
end
def quoted_response

1
app/models/comment_vote.rb
View File

@@ -9,7 +9,6 @@ class CommentVote < ApplicationRecord
validate :validate_user_can_vote
validate :validate_comment_can_be_down_voted
validates_inclusion_of :score, :in => [-1, 1], :message => "must be 1 or -1"
attr_accessible :comment_id, :user_id, :score
def self.prune!
where("created_at < ?", 14.days.ago).delete_all

2
app/models/dmail.rb
View File

@@ -235,7 +235,7 @@ class Dmail < ApplicationRecord
def validate_sender_is_not_banned
if from.is_banned?
errors[:base] = "Sender is banned and cannot send messages"
errors[:base] << "Sender is banned and cannot send messages"
return false
else
return true

1
app/models/dmail_filter.rb
View File

@@ -1,6 +1,5 @@
class DmailFilter < ApplicationRecord
belongs_to :user
attr_accessible :words, :as => [:moderator, :gold, :platinum, :member, :anonymous, :default, :builder, :admin]
validates_presence_of :user
before_validation :initialize_user

3
app/models/favorite.rb
View File

@@ -2,7 +2,6 @@ class Favorite < ApplicationRecord
belongs_to :post
belongs_to :user
scope :for_user, lambda {|user_id| where("user_id % 100 = #{user_id.to_i % 100} and user_id = #{user_id.to_i}")}
attr_accessible :user_id, :post_id
def self.add(post:, user:)
Favorite.transaction do
@@ -26,7 +25,7 @@ class Favorite < ApplicationRecord
User.where(:id => user.id).select("id").lock("FOR UPDATE NOWAIT").first
return unless Favorite.for_user(user.id).where(:user_id => user.id, :post_id => post_id).exists?
Favorite.for_user(user.id).delete_all(post_id: post_id)
Favorite.for_user(user.id).where(post_id: post_id).delete_all
Post.where(:id => post_id).update_all("fav_count = fav_count - 1")
post.delete_user_from_fav_string(user.id) if post
User.where(:id => user.id).update_all("favorite_count = favorite_count - 1")

8
app/models/favorite_group.rb
View File

@@ -3,15 +3,13 @@ require 'ostruct'
class FavoriteGroup < ApplicationRecord
validates_uniqueness_of :name, :case_sensitive => false, :scope => :creator_id
validates_format_of :name, :with => /\A[^,]+\Z/, :message => "cannot have commas"
belongs_to :creator, :class_name => "User"
belongs_to_creator
before_validation :normalize_post_ids
before_validation :normalize_name
before_validation :initialize_creator, :on => :create
before_validation :strip_name
validate :creator_can_create_favorite_groups, :on => :create
validate :validate_number_of_posts
before_save :update_post_count
attr_accessible :name, :post_ids, :post_id_array, :is_public, :as => [:member, :gold, :platinum, :builder, :moderator, :admin, :default]
module SearchMethods
def for_creator(user_id)
@@ -125,10 +123,6 @@ class FavoriteGroup < ApplicationRecord
end
end
def initialize_creator
self.creator_id ||= CurrentUser.id
end
def strip_name
self.name = name.to_s.strip
end

32
app/models/forum_post.rb
View File

@@ -1,14 +1,10 @@
class ForumPost < ApplicationRecord
include Mentionable
attr_accessible :body, :topic_id, :as => [:member, :builder, :gold, :platinum, :admin, :moderator, :default]
attr_accessible :is_locked, :is_sticky, :is_deleted, :as => [:admin, :moderator]
attr_readonly :topic_id
belongs_to :creator, :class_name => "User"
belongs_to :updater, :class_name => "User"
belongs_to_creator
belongs_to_updater
belongs_to :topic, :class_name => "ForumTopic"
before_validation :initialize_creator, :on => :create
before_validation :initialize_updater
before_validation :initialize_is_deleted, :on => :create
after_create :update_topic_updated_at_on_create
after_update :update_topic_updated_at_on_update_for_original_posts
@@ -137,22 +133,22 @@ class ForumPost < ApplicationRecord
return if topic.nil?
if topic.is_locked?
errors.add(:topic, "is locked")
return false
else
return true
errors[:topic] << "is locked"
throw :abort
end
end
def topic_id_not_invalid
if topic_id && !topic
errors.add(:base, "Topic ID is invalid")
errors[:base] << "Topic ID is invalid"
return false
end
end
def topic_is_not_restricted
if topic && !topic.visible?(creator)
errors.add(:topic, "restricted")
errors[:topic] << "is restricted"
return false
end
end
@@ -179,12 +175,12 @@ class ForumPost < ApplicationRecord
end
def delete!
update_attributes({:is_deleted => true}, :as => CurrentUser.role)
update(is_deleted: true)
update_topic_updated_at_on_delete
end
def undelete!
update_attributes({:is_deleted => false}, :as => CurrentUser.role)
update(is_deleted: false)
update_topic_updated_at_on_undelete
end
@@ -212,14 +208,6 @@ class ForumPost < ApplicationRecord
end
end
def initialize_creator
self.creator_id = CurrentUser.id
end
def initialize_updater
self.updater_id = CurrentUser.id
end
def initialize_is_deleted
self.is_deleted = false if is_deleted.nil?
end

Some files were not shown because too many files have changed in this diff Show More