pundit: convert forum post votes to pundit.

app/controllers/forum_post_votes_controller.rb

@@ -1,29 +1,23 @@
 class ForumPostVotesController < ApplicationController
   respond_to :html, :xml, :json, :js
-  before_action :member_only, only: [:create, :destroy]
 
   def index
-    @forum_post_votes = ForumPostVote.visible(CurrentUser.user).paginated_search(params, count_pages: true)
+    @forum_post_votes = authorize ForumPostVote.visible(CurrentUser.user).paginated_search(params, count_pages: true)
     @forum_post_votes = @forum_post_votes.includes(:creator, forum_post: [:creator, :topic]) if request.format.html?
 
     respond_with(@forum_post_votes)
   end
 
   def create
-    @forum_post = ForumPost.visible(CurrentUser.user).find(params[:forum_post_id])
-    @forum_post_vote = @forum_post.votes.create(forum_post_vote_params.merge(creator: CurrentUser.user))
+    @forum_post = ForumPost.find(params[:forum_post_id])
+    @forum_post_vote = authorize ForumPostVote.new(creator: CurrentUser.user, forum_post: @forum_post, **permitted_attributes(ForumPostVote))
+    @forum_post_vote.save
     respond_with(@forum_post_vote)
   end
 
   def destroy
-    @forum_post_vote = CurrentUser.user.forum_post_votes.find(params[:id])
+    @forum_post_vote = authorize ForumPostVote.find(params[:id])
     @forum_post_vote.destroy
     respond_with(@forum_post_vote)
   end
-
-  private
-
-  def forum_post_vote_params
-    params.fetch(:forum_post_vote, {}).permit(:score)
-  end
 end

app/models/forum_post.rb

@@ -81,10 +81,6 @@ class ForumPost < ApplicationRecord
     end
   end
 
-  def votable?
-    bulk_update_request.present? && bulk_update_request.is_pending?
-  end
-
   def voted?(user, score)
     votes.where(creator_id: user.id, score: score).exists?
   end

app/policies/forum_post_policy.rb

@@ -19,6 +19,10 @@ class ForumPostPolicy < ApplicationPolicy
     unbanned? && show? && user.is_moderator?
   end
 
+  def votable?
+    unbanned? && show? && record.bulk_update_request.present? && record.bulk_update_request.is_pending?
+  end
+
   def reportable?
     unbanned? && show? && record.creator_id != user.id && !record.creator.is_moderator?
   end

app/policies/forum_post_vote_policy.rb

@@ -0,0 +1,13 @@
+class ForumPostVotePolicy < ApplicationPolicy
+  def create?
+    unbanned? && policy(record.forum_post).votable?
+  end
+
+  def destroy?
+    unbanned? && record.creator_id == user.id
+  end
+
+  def permitted_attributes
+    [:score]
+  end
+end

app/views/forum_post_votes/_list.html.erb

@@ -11,6 +11,6 @@
   <%= render "forum_post_votes/vote", vote: vote, forum_post: forum_post %>
 <% end %>
 
-<% if forum_post.votable? && !votes.by(CurrentUser.user.id).exists? %>
+<% if policy(forum_post).votable? && !votes.by(CurrentUser.user.id).exists? %>
   <%= render "forum_post_votes/add_vote", vote: votes.by(CurrentUser.user.id).first, forum_post: forum_post %>
 <% end %>

app/views/forum_post_votes/_vote.html.erb

@@ -4,7 +4,7 @@
 %>
 
 <li class="vote-score-<%= vote.vote_type %>">
-  <% if forum_post.votable? && vote.creator_id == CurrentUser.id %>
+  <% if policy(forum_post).votable? && vote.creator_id == CurrentUser.id %>
     <%= link_to content_tag(:i, nil, class: "far #{vote.fa_class}"), forum_post_vote_path(vote, format: "js"), remote: true, method: :delete %>
     <%= link_to_user vote.creator %>
   <% else %>

app/views/forum_post_votes/create.js.erb

@@ -2,6 +2,6 @@
   Danbooru.error(<%= raw @forum_post_vote.errors.full_messages.join("; ").to_json %>);
 <% else %>
   Danbooru.notice("Voted");
-  var code = <%= raw render(partial: "forum_post_votes/list", locals: {forum_post: @forum_post, votes: @forum_post.votes}).to_json %>;
-  $("#forum-post-votes-for-<%= @forum_post.id %>").html(code);
+  var code = <%= raw render(partial: "forum_post_votes/list", locals: {forum_post: @forum_post_vote.forum_post, votes: @forum_post_vote.forum_post.votes }).to_json %>;
+  $("#forum-post-votes-for-<%= @forum_post_vote.forum_post.id %>").html(code);
 <% end %>