jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pundit: convert forum post votes to pundit.

Browse Source
This commit is contained in:
evazion
2020-03-18 02:43:45 -05:00
parent be59e85d25
commit cc2b4abd09
8 changed files with 54 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/controllers/forum_post_votes_controller.rb
View File

@@ -1,29 +1,23 @@
class ForumPostVotesController < ApplicationController class ForumPostVotesController < ApplicationController
respond_to :html, :xml, :json, :js respond_to :html, :xml, :json, :js
before_action :member_only, only: [:create, :destroy]
def index def index
@forum_post_votes = ForumPostVote.visible(CurrentUser.user).paginated_search(params, count_pages: true) @forum_post_votes = authorize ForumPostVote.visible(CurrentUser.user).paginated_search(params, count_pages: true)
@forum_post_votes = @forum_post_votes.includes(:creator, forum_post: [:creator, :topic]) if request.format.html? @forum_post_votes = @forum_post_votes.includes(:creator, forum_post: [:creator, :topic]) if request.format.html?
respond_with(@forum_post_votes) respond_with(@forum_post_votes)
end end
def create def create
@forum_post = ForumPost.visible(CurrentUser.user).find(params[:forum_post_id]) @forum_post = ForumPost.find(params[:forum_post_id])
@forum_post_vote = @forum_post.votes.create(forum_post_vote_params.merge(creator: CurrentUser.user)) @forum_post_vote = authorize ForumPostVote.new(creator: CurrentUser.user, forum_post: @forum_post, **permitted_attributes(ForumPostVote))
@forum_post_vote.save
respond_with(@forum_post_vote) respond_with(@forum_post_vote)
end end
def destroy def destroy
@forum_post_vote = CurrentUser.user.forum_post_votes.find(params[:id]) @forum_post_vote = authorize ForumPostVote.find(params[:id])
@forum_post_vote.destroy @forum_post_vote.destroy
respond_with(@forum_post_vote) respond_with(@forum_post_vote)
end end
private
def forum_post_vote_params
params.fetch(:forum_post_vote, {}).permit(:score)
end
end end

4
app/models/forum_post.rb
View File

@@ -81,10 +81,6 @@ class ForumPost < ApplicationRecord
end end
end end
def votable?
bulk_update_request.present? && bulk_update_request.is_pending?
end
def voted?(user, score) def voted?(user, score)
votes.where(creator_id: user.id, score: score).exists? votes.where(creator_id: user.id, score: score).exists?
end end

4
app/policies/forum_post_policy.rb
View File

@@ -19,6 +19,10 @@ class ForumPostPolicy < ApplicationPolicy
unbanned? && show? && user.is_moderator? unbanned? && show? && user.is_moderator?
end end
def votable?
unbanned? && show? && record.bulk_update_request.present? && record.bulk_update_request.is_pending?
end
def reportable? def reportable?
unbanned? && show? && record.creator_id != user.id && !record.creator.is_moderator? unbanned? && show? && record.creator_id != user.id && !record.creator.is_moderator?
end end

13
app/policies/forum_post_vote_policy.rb Normal file
View File

@@ -0,0 +1,13 @@
class ForumPostVotePolicy < ApplicationPolicy
def create?
unbanned? && policy(record.forum_post).votable?
end
def destroy?
unbanned? && record.creator_id == user.id
end
def permitted_attributes
[:score]
end
end

2
app/views/forum_post_votes/_list.html.erb
View File

@@ -11,6 +11,6 @@
<%= render "forum_post_votes/vote", vote: vote, forum_post: forum_post %> <%= render "forum_post_votes/vote", vote: vote, forum_post: forum_post %>
<% end %> <% end %>
<% if forum_post.votable? && !votes.by(CurrentUser.user.id).exists? %> <% if policy(forum_post).votable? && !votes.by(CurrentUser.user.id).exists? %>
<%= render "forum_post_votes/add_vote", vote: votes.by(CurrentUser.user.id).first, forum_post: forum_post %> <%= render "forum_post_votes/add_vote", vote: votes.by(CurrentUser.user.id).first, forum_post: forum_post %>
<% end %> <% end %>

2
app/views/forum_post_votes/_vote.html.erb
View File

@@ -4,7 +4,7 @@
%> %>
<li class="vote-score-<%= vote.vote_type %>"> <li class="vote-score-<%= vote.vote_type %>">
<% if forum_post.votable? && vote.creator_id == CurrentUser.id %> <% if policy(forum_post).votable? && vote.creator_id == CurrentUser.id %>
<%= link_to content_tag(:i, nil, class: "far #{vote.fa_class}"), forum_post_vote_path(vote, format: "js"), remote: true, method: :delete %> <%= link_to content_tag(:i, nil, class: "far #{vote.fa_class}"), forum_post_vote_path(vote, format: "js"), remote: true, method: :delete %>
<%= link_to_user vote.creator %> <%= link_to_user vote.creator %>
<% else %> <% else %>

4
app/views/forum_post_votes/create.js.erb
View File

@@ -2,6 +2,6 @@
Danbooru.error(<%= raw @forum_post_vote.errors.full_messages.join("; ").to_json %>); Danbooru.error(<%= raw @forum_post_vote.errors.full_messages.join("; ").to_json %>);
<% else %> <% else %>
Danbooru.notice("Voted"); Danbooru.notice("Voted");
var code = <%= raw render(partial: "forum_post_votes/list", locals: {forum_post: @forum_post, votes: @forum_post.votes}).to_json %>; var code = <%= raw render(partial: "forum_post_votes/list", locals: {forum_post: @forum_post_vote.forum_post, votes: @forum_post_vote.forum_post.votes }).to_json %>;
$("#forum-post-votes-for-<%= @forum_post.id %>").html(code); $("#forum-post-votes-for-<%= @forum_post_vote.forum_post.id %>").html(code);
<% end %> <% end %>

36
test/functional/forum_post_votes_controller_test.rb
View File

@@ -4,10 +4,12 @@ class ForumPostVotesControllerTest < ActionDispatch::IntegrationTest
context "The forum post votes controller" do context "The forum post votes controller" do
setup do setup do
@user = create(:user) @user = create(:user)
@other_user = create(:user)
as(@user) do as(@user) do
@forum_topic = create(:forum_topic) @forum_topic = create(:forum_topic)
@forum_post = create(:forum_post, topic: @forum_topic) @forum_post = create(:forum_post, topic: @forum_topic)
@bulk_update_request = create(:bulk_update_request, forum_post: @forum_post)
end end
end end
@@ -15,26 +17,44 @@ class ForumPostVotesControllerTest < ActionDispatch::IntegrationTest
should "render" do should "render" do
@forum_post_vote = create(:forum_post_vote, creator: @user, forum_post: @forum_post) @forum_post_vote = create(:forum_post_vote, creator: @user, forum_post: @forum_post)
get forum_post_votes_path get forum_post_votes_path
assert_response :success assert_response :success
end end
end end
should "allow voting" do context "create action" do
assert_difference("ForumPostVote.count") do should "allow members to vote" do
post_auth forum_post_votes_path(format: :js), @user, params: { forum_post_id: @forum_post.id, forum_post_vote: { score: 1 }} assert_difference("ForumPostVote.count", 1) do
post_auth forum_post_votes_path(format: :js), @user, params: { forum_post_id: @forum_post.id, forum_post_vote: { score: 1 }}
assert_response :success
end
end
should "not allow privileged users to vote on private forum posts" do
as(@user) { @forum_post.topic.update!(min_level: User::Levels::ADMIN) }
assert_difference("ForumPostVote.count", 0) do
post_auth forum_post_votes_path(format: :js), @user, params: { forum_post_id: @forum_post.id, forum_post_vote: { score: 1 }}
assert_response 403
end
end end
assert_response :success
end end
context "when deleting" do context "destroy action" do
should "allow removal" do setup do
@forum_post_vote = create(:forum_post_vote, creator: @user, forum_post: @forum_post) @forum_post_vote = create(:forum_post_vote, creator: @user, forum_post: @forum_post)
end
should "allow members to destroy their own votes" do
assert_difference("ForumPostVote.count", -1) do assert_difference("ForumPostVote.count", -1) do
delete_auth forum_post_vote_path(@forum_post_vote.id, format: :js), @user delete_auth forum_post_vote_path(@forum_post_vote.id, format: :js), @user
assert_response :success
end end
end
assert_response :success should "not allow members to destroy other people's votes" do
assert_difference("ForumPostVote.count", 0) do
delete_auth forum_post_vote_path(@forum_post_vote.id, format: :js), @other_user
assert_response 403
end
end end
end end
end end