pundit: convert moderator/post/posts to pundit.

app/controllers/moderator/post/posts_controller.rb

@@ -1,10 +1,7 @@
 module Moderator
   module Post
     class PostsController < ApplicationController
-      before_action :approver_only, :only => [:delete, :move_favorites, :ban, :unban, :confirm_delete, :confirm_move_favorites]
-      before_action :admin_only, :only => [:expunge]
       skip_before_action :api_check
-
       respond_to :html, :json, :xml, :js
 
       def confirm_delete
@@ -12,7 +9,7 @@ module Moderator
       end
 
       def delete
-        @post = ::Post.find(params[:id])
+        @post = authorize ::Post.find(params[:id])
         if params[:commit] == "Delete"
           @post.delete!(params[:reason], :move_favorites => params[:move_favorites].present?)
         end
@@ -24,7 +21,7 @@ module Moderator
       end
 
       def move_favorites
-        @post = ::Post.find(params[:id])
+        @post = authorize ::Post.find(params[:id])
         if params[:commit] == "Submit"
           @post.give_favorites_to_parent
         end
@@ -32,12 +29,12 @@ module Moderator
       end
 
       def expunge
-        @post = ::Post.find(params[:id])
+        @post = authorize ::Post.find(params[:id])
         @post.expunge!
       end
 
       def ban
-        @post = ::Post.find(params[:id])
+        @post = authorize ::Post.find(params[:id])
         @post.ban!
         flash[:notice] = "Post was banned"
 
@@ -45,7 +42,7 @@ module Moderator
       end
 
       def unban
-        @post = ::Post.find(params[:id])
+        @post = authorize ::Post.find(params[:id])
         @post.unban!
         flash[:notice] = "Post was banned"
 

app/policies/post_policy.rb

@@ -23,6 +23,26 @@ class PostPolicy < ApplicationPolicy
     update?
   end
 
+  def move_favorites?
+    user.is_approver? && record.fav_count > 0 && record.parent_id.present?
+  end
+
+  def delete?
+    user.is_approver? && !record.is_deleted?
+  end
+
+  def ban?
+    user.is_approver? && !record.is_banned?
+  end
+
+  def unban?
+    user.is_approver? && record.is_banned?
+  end
+
+  def expunge?
+    user.is_admin?
+  end
+
   def visible?
     record.visible?
   end

app/views/posts/partials/show/_options.html.erb

@@ -52,10 +52,10 @@
       <% if policy(PostApproval).create? %>
         <% if post.is_deleted? %>
           <li id="post-option-undelete"><%= link_to "Undelete", post_approvals_path(post_id: post.id), remote: true, method: :post, "data-confirm": "Are you sure you want to undelete this post?" %></li>
-          <% if post.fav_count > 0 && post.parent_id %>
+          <% if policy(post).move_favorites? %>
             <li id="post-option-move-favorites"><%= link_to "Move favorites", confirm_move_favorites_moderator_post_post_path(post_id: post.id) %></li>
           <% end %>
-        <% else %>
+        <% elsif policy(post).delete? %>
           <li id="post-option-delete"><%= link_to "Delete", confirm_delete_moderator_post_post_path(post_id: post.id) %></li>
         <% end %>
 
@@ -64,13 +64,13 @@
           <li id="post-option-disapprove"><%= link_to "Hide from queue", post_disapprovals_path(post_disapproval: { post_id: post.id, reason: "disinterest" }), remote: true, method: :post, id: "disapprove" %></li>
         <% end %>
 
-        <% if post.is_banned? %>
+        <% if policy(post).unban? %>
           <li id="post-option-unban"><%= link_to "Unban", unban_moderator_post_post_path(post), method: :post, "data-confirm": "Are you sure you want to unban this post?" %></li>
-        <% else %>
+        <% elsif policy(post).ban? %>
           <li id="post-option-ban"><%= link_to "Ban", ban_moderator_post_post_path(post), method: :post, "data-confirm": "Are you sure you want to ban this post?" %></li>
         <% end %>
 
-        <% if CurrentUser.is_admin? %>
+        <% if policy(post).expunge? %>
           <li id="post-option-expunge"><%= link_to "Expunge", expunge_moderator_post_post_path(post_id: post.id), remote: true, method: :post, "data-confirm": "This will permanently delete this post (meaning the file will be deleted). Are you sure you want to delete this post?" %></li>
         <% end %>
       <% end %>

test/functional/moderator/post/posts_controller_test.rb

@@ -37,7 +37,7 @@ module Moderator
 
         context "confirm_move_favorites action" do
           should "render" do
-            get_auth confirm_ban_moderator_post_post_path(@post), @admin
+            get_auth confirm_move_favorites_moderator_post_post_path(@post), @admin
             assert_response :success
           end
         end
@@ -78,18 +78,11 @@ module Moderator
           end
         end
 
-        context "confirm_ban action" do
-          should "render" do
-            get_auth confirm_ban_moderator_post_post_path(@post), @admin
-            assert_response :success
-          end
-        end
-
         context "ban action" do
           should "render" do
-            post_auth ban_moderator_post_post_path(@post), @admin, params: { commit: "Ban", format: "js" }
+            post_auth ban_moderator_post_post_path(@post), @admin
 
-            assert_response :success
+            assert_redirected_to @post
             assert_equal(true, @post.reload.is_banned?)
           end
         end
@@ -97,7 +90,7 @@ module Moderator
         context "unban action" do
           should "render" do
             @post.ban!
-            post_auth unban_moderator_post_post_path(@post), @admin, params: { format: "js" }
+            post_auth unban_moderator_post_post_path(@post), @admin
 
             assert_redirected_to(@post)
             assert_equal(false, @post.reload.is_banned?)