jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

app controller: replace calls to access_denied with PrivilegeError.

Browse Source 
Standardize controllers to raise User::PrivilegeError instead of calling
`access_denied` directly.
This commit is contained in:
evazion
2019-08-24 22:55:36 -05:00
parent fda9843a55
commit d4c43af1dd
5 changed files with 19 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/application_controller.rb
View File

@@ -14,11 +14,6 @@ class ApplicationController < ActionController::Base
rescue_from Exception, :with => :rescue_exception rescue_from Exception, :with => :rescue_exception
rescue_from User::PrivilegeError, :with => :access_denied rescue_from User::PrivilegeError, :with => :access_denied
rescue_from ActionController::UnpermittedParameters, :with => :access_denied
# This is raised on requests to `/blah.js`. Rails has already rendered StaticController#not_found
# here, so calling `rescue_exception` would cause a double render error.
rescue_from ActionController::InvalidCrossOriginRequest, with: -> {}
protected protected
@@ -62,7 +57,7 @@ class ApplicationController < ActionController::Base
render_error_page(400, exception) render_error_page(400, exception)
when SessionLoader::AuthenticationFailure when SessionLoader::AuthenticationFailure
render_error_page(401, exception) render_error_page(401, exception)
when ActionController::InvalidAuthenticityToken when ActionController::InvalidAuthenticityToken, ActionController::UnpermittedParameters, ActionController::InvalidCrossOriginRequest
render_error_page(403, exception) render_error_page(403, exception)
when ActiveRecord::RecordNotFound when ActiveRecord::RecordNotFound
render_error_page(404, exception, message: "That record was not found.") render_error_page(404, exception, message: "That record was not found.")
@@ -144,7 +139,7 @@ class ApplicationController < ActionController::Base
User::Roles.each do |role| User::Roles.each do |role|
define_method("#{role}_only") do define_method("#{role}_only") do
if !CurrentUser.user.send("is_#{role}?") || CurrentUser.user.is_banned? || IpBan.is_banned?(CurrentUser.ip_addr) if !CurrentUser.user.send("is_#{role}?") || CurrentUser.user.is_banned? || IpBan.is_banned?(CurrentUser.ip_addr)
access_denied raise User::PrivilegeError
end end
end end
end end

22
app/controllers/bulk_update_requests_controller.rb
View File

@@ -23,13 +23,10 @@ class BulkUpdateRequestsController < ApplicationController
end end
def update def update
if @bulk_update_request.editable?(CurrentUser.user) raise User::PrivilegeError unless @bulk_update_request.editable?(CurrentUser.user)
@bulk_update_request.update(bur_params(:update))
flash[:notice] = "Bulk update request updated" @bulk_update_request.update(bur_params(:update))
respond_with(@bulk_update_request, :location => bulk_update_requests_path) respond_with(@bulk_update_request, location: bulk_update_requests_path, notice: "Bulk update request updated")
else
access_denied()
end
end end
def approve def approve
@@ -38,13 +35,10 @@ class BulkUpdateRequestsController < ApplicationController
end end
def destroy def destroy
if @bulk_update_request.rejectable?(CurrentUser.user) raise User::PrivilegeError unless @bulk_update_request.rejectable?(CurrentUser.user)
@bulk_update_request.reject!(CurrentUser.user)
flash[:notice] = "Bulk update request rejected" @bulk_update_request.reject!(CurrentUser.user)
respond_with(@bulk_update_request, :location => bulk_update_requests_path) respond_with(@bulk_update_request, location: bulk_update_requests_path, notice: "Bulk update request rejected")
else
access_denied()
end
end end
def index def index

10
app/controllers/tag_aliases_controller.rb
View File

@@ -32,12 +32,10 @@ class TagAliasesController < ApplicationController
def destroy def destroy
@tag_alias = TagAlias.find(params[:id]) @tag_alias = TagAlias.find(params[:id])
if @tag_alias.deletable_by?(CurrentUser.user) raise User::PrivilegeError unless @tag_alias.deletable_by?(CurrentUser.user)
@tag_alias.reject!
respond_with(@tag_alias, :location => tag_aliases_path) @tag_alias.reject!
else respond_with(@tag_alias, location: tag_aliases_path, notice: "Tag alias was deleted")
access_denied
end
end end
def approve def approve

15
app/controllers/tag_implications_controller.rb
View File

@@ -32,17 +32,10 @@ class TagImplicationsController < ApplicationController
def destroy def destroy
@tag_implication = TagImplication.find(params[:id]) @tag_implication = TagImplication.find(params[:id])
if @tag_implication.deletable_by?(CurrentUser.user) raise User::PrivilegeError unless @tag_implication.deletable_by?(CurrentUser.user)
@tag_implication.reject!
respond_with(@tag_implication) do |format| @tag_implication.reject!
format.html do respond_with(@tag_implication, location: tag_implications_path, notice: "Tag implication was deleted")
flash[:notice] = "Tag implication was deleted"
redirect_to(tag_implications_path)
end
end
else
access_denied
end
end end
def approve def approve

2
test/functional/comments_controller_test.rb
View File

@@ -23,7 +23,7 @@ class CommentsControllerTest < ActionDispatch::IntegrationTest
context "index action" do context "index action" do
should "render for post" do should "render for post" do
get comments_path(post_id: @post.id, group_by: "post", format: "js") get comments_path(post_id: @post.id, group_by: "post", format: "js"), xhr: true
assert_response :success assert_response :success
end end