users: add stricter checks for user promotions.
New rules for user promotions: * Moderators can no longer promote other users to moderator level. Only Admins can promote users to Mod level. Mods can only promote up to Builder level. * Admins can no longer promote other users to Admin level. Only Owners can promote users to Admin. Admins can only promote up to Mod level. * Admins can no longer demote themselves or other admins. These rules are being changed to account for the new Owner user level. Also change it so that when a user upgrades their account, the promotion is done by DanbooruBot. This means that the inviter and the mod action will show DanbooruBot as the promoter instead of the user themselves.
This commit is contained in:
evazion
@@ -6,7 +6,13 @@ module Admin
|
||||
|
||||
def update
|
||||
@user = authorize User.find(params[:id]), :promote?
|
||||
@user.promote_to!(params[:user][:level], params[:user])
|
||||
|
||||
@level = params.dig(:user, :level)
|
||||
@can_upload_free = params.dig(:user, :can_upload_free)
|
||||
@can_approve_posts = params.dig(:user, :can_approve_posts)
|
||||
|
||||
@user.promote_to!(@level, CurrentUser.user, can_upload_free: @can_upload_free, can_approve_posts: @can_approve_posts)
|
||||
|
||||
redirect_to edit_admin_user_path(@user), :notice => "User updated"
|
||||
end
|
||||
end
|
||||
|
||||
@@ -48,7 +48,7 @@ class UserUpgradesController < ApplicationController
|
||||
:card => params[:stripeToken],
|
||||
:description => params[:desc]
|
||||
)
|
||||
@user.promote_to!(level, is_upgrade: true)
|
||||
@user.promote_to!(level, User.system, is_upgrade: true)
|
||||
flash[:success] = true
|
||||
rescue Stripe::CardError => e
|
||||
DanbooruLogger.log(e)
|
||||
|
||||
@@ -1,33 +1,28 @@
|
||||
class UserPromotion
|
||||
attr_reader :user, :promoter, :new_level, :options, :old_can_approve_posts, :old_can_upload_free
|
||||
attr_reader :user, :promoter, :new_level, :old_can_approve_posts, :old_can_upload_free, :can_upload_free, :can_approve_posts, :is_upgrade
|
||||
|
||||
def initialize(user, promoter, new_level, options = {})
|
||||
def initialize(user, promoter, new_level, can_upload_free: nil, can_approve_posts: nil, is_upgrade: false)
|
||||
@user = user
|
||||
@promoter = promoter
|
||||
@new_level = new_level
|
||||
@options = options
|
||||
@new_level = new_level.to_i
|
||||
@can_upload_free = can_upload_free
|
||||
@can_approve_posts = can_approve_posts
|
||||
@is_upgrade = is_upgrade
|
||||
end
|
||||
|
||||
def promote!
|
||||
validate
|
||||
validate!
|
||||
|
||||
@old_can_approve_posts = user.can_approve_posts?
|
||||
@old_can_upload_free = user.can_upload_free?
|
||||
|
||||
user.level = new_level
|
||||
user.can_upload_free = can_upload_free unless can_upload_free.nil?
|
||||
user.can_approve_posts = can_approve_posts unless can_approve_posts.nil?
|
||||
user.inviter = promoter
|
||||
|
||||
if options.key?(:can_approve_posts)
|
||||
user.can_approve_posts = options[:can_approve_posts]
|
||||
end
|
||||
|
||||
if options.key?(:can_upload_free)
|
||||
user.can_upload_free = options[:can_upload_free]
|
||||
end
|
||||
|
||||
user.inviter_id = promoter.id
|
||||
|
||||
create_user_feedback unless options[:is_upgrade]
|
||||
create_dmail unless options[:skip_dmail]
|
||||
create_user_feedback unless is_upgrade
|
||||
create_dmail
|
||||
create_mod_actions
|
||||
|
||||
user.save
|
||||
@@ -45,20 +40,21 @@ class UserPromotion
|
||||
end
|
||||
|
||||
if user.level_changed?
|
||||
category = options[:is_upgrade] ? :user_account_upgrade : :user_level_change
|
||||
category = is_upgrade ? :user_account_upgrade : :user_level_change
|
||||
ModAction.log(%{"#{user.name}":/users/#{user.id} level changed #{user.level_string_was} -> #{user.level_string}}, category)
|
||||
end
|
||||
end
|
||||
|
||||
def validate
|
||||
# admins can do anything
|
||||
return if promoter.is_admin?
|
||||
|
||||
# can't promote/demote moderators
|
||||
raise User::PrivilegeError if user.is_moderator?
|
||||
|
||||
# can't promote to admin
|
||||
raise User::PrivilegeError if new_level.to_i >= User::Levels::ADMIN
|
||||
def validate!
|
||||
if !promoter.is_moderator?
|
||||
raise User::PrivilegeError, "You can't promote or demote other users"
|
||||
elsif promoter == user
|
||||
raise User::PrivilegeError, "You can't promote or demote yourself"
|
||||
elsif new_level >= promoter.level
|
||||
raise User::PrivilegeError, "You can't promote other users to your rank or above"
|
||||
elsif user.level >= promoter.level
|
||||
raise User::PrivilegeError, "You can't promote or demote other users at your rank or above"
|
||||
end
|
||||
end
|
||||
|
||||
def build_messages
|
||||
|
||||
@@ -250,8 +250,8 @@ class User < ApplicationRecord
|
||||
end
|
||||
end
|
||||
|
||||
def promote_to!(new_level, options = {})
|
||||
UserPromotion.new(self, CurrentUser.user, new_level, options).promote!
|
||||
def promote_to!(new_level, promoter = CurrentUser.user, **options)
|
||||
UserPromotion.new(self, promoter, new_level, **options).promote!
|
||||
end
|
||||
|
||||
def promote_to_admin_if_first_user
|
||||
|
||||
Reference in New Issue
Block a user