diff --git a/app/controllers/moderator/post/posts_controller.rb b/app/controllers/moderator/post/posts_controller.rb
index 6bc8c88f4..5fac8e5a2 100644
--- a/app/controllers/moderator/post/posts_controller.rb
+++ b/app/controllers/moderator/post/posts_controller.rb
@@ -1,10 +1,7 @@
module Moderator
module Post
class PostsController < ApplicationController
- before_action :approver_only, :only => [:delete, :move_favorites, :ban, :unban, :confirm_delete, :confirm_move_favorites]
- before_action :admin_only, :only => [:expunge]
skip_before_action :api_check
-
respond_to :html, :json, :xml, :js
def confirm_delete
@@ -12,7 +9,7 @@ module Moderator
end
def delete
- @post = ::Post.find(params[:id])
+ @post = authorize ::Post.find(params[:id])
if params[:commit] == "Delete"
@post.delete!(params[:reason], :move_favorites => params[:move_favorites].present?)
end
@@ -24,7 +21,7 @@ module Moderator
end
def move_favorites
- @post = ::Post.find(params[:id])
+ @post = authorize ::Post.find(params[:id])
if params[:commit] == "Submit"
@post.give_favorites_to_parent
end
@@ -32,12 +29,12 @@ module Moderator
end
def expunge
- @post = ::Post.find(params[:id])
+ @post = authorize ::Post.find(params[:id])
@post.expunge!
end
def ban
- @post = ::Post.find(params[:id])
+ @post = authorize ::Post.find(params[:id])
@post.ban!
flash[:notice] = "Post was banned"
@@ -45,7 +42,7 @@ module Moderator
end
def unban
- @post = ::Post.find(params[:id])
+ @post = authorize ::Post.find(params[:id])
@post.unban!
flash[:notice] = "Post was banned"
diff --git a/app/policies/post_policy.rb b/app/policies/post_policy.rb
index c173dc86c..4ddd09250 100644
--- a/app/policies/post_policy.rb
+++ b/app/policies/post_policy.rb
@@ -23,6 +23,26 @@ class PostPolicy < ApplicationPolicy
update?
end
+ def move_favorites?
+ user.is_approver? && record.fav_count > 0 && record.parent_id.present?
+ end
+
+ def delete?
+ user.is_approver? && !record.is_deleted?
+ end
+
+ def ban?
+ user.is_approver? && !record.is_banned?
+ end
+
+ def unban?
+ user.is_approver? && record.is_banned?
+ end
+
+ def expunge?
+ user.is_admin?
+ end
+
def visible?
record.visible?
end
diff --git a/app/views/posts/partials/show/_options.html.erb b/app/views/posts/partials/show/_options.html.erb
index 8371313c2..b81cf3f56 100644
--- a/app/views/posts/partials/show/_options.html.erb
+++ b/app/views/posts/partials/show/_options.html.erb
@@ -52,10 +52,10 @@
<% if policy(PostApproval).create? %>
<% if post.is_deleted? %>
<%= link_to "Undelete", post_approvals_path(post_id: post.id), remote: true, method: :post, "data-confirm": "Are you sure you want to undelete this post?" %>
- <% if post.fav_count > 0 && post.parent_id %>
+ <% if policy(post).move_favorites? %>
<%= link_to "Move favorites", confirm_move_favorites_moderator_post_post_path(post_id: post.id) %>
<% end %>
- <% else %>
+ <% elsif policy(post).delete? %>
<%= link_to "Delete", confirm_delete_moderator_post_post_path(post_id: post.id) %>
<% end %>
@@ -64,13 +64,13 @@
<%= link_to "Hide from queue", post_disapprovals_path(post_disapproval: { post_id: post.id, reason: "disinterest" }), remote: true, method: :post, id: "disapprove" %>
<% end %>
- <% if post.is_banned? %>
+ <% if policy(post).unban? %>
<%= link_to "Unban", unban_moderator_post_post_path(post), method: :post, "data-confirm": "Are you sure you want to unban this post?" %>
- <% else %>
+ <% elsif policy(post).ban? %>
<%= link_to "Ban", ban_moderator_post_post_path(post), method: :post, "data-confirm": "Are you sure you want to ban this post?" %>
<% end %>
- <% if CurrentUser.is_admin? %>
+ <% if policy(post).expunge? %>
<%= link_to "Expunge", expunge_moderator_post_post_path(post_id: post.id), remote: true, method: :post, "data-confirm": "This will permanently delete this post (meaning the file will be deleted). Are you sure you want to delete this post?" %>
<% end %>
<% end %>
diff --git a/test/functional/moderator/post/posts_controller_test.rb b/test/functional/moderator/post/posts_controller_test.rb
index 99220caaf..fa722a906 100644
--- a/test/functional/moderator/post/posts_controller_test.rb
+++ b/test/functional/moderator/post/posts_controller_test.rb
@@ -37,7 +37,7 @@ module Moderator
context "confirm_move_favorites action" do
should "render" do
- get_auth confirm_ban_moderator_post_post_path(@post), @admin
+ get_auth confirm_move_favorites_moderator_post_post_path(@post), @admin
assert_response :success
end
end
@@ -78,18 +78,11 @@ module Moderator
end
end
- context "confirm_ban action" do
- should "render" do
- get_auth confirm_ban_moderator_post_post_path(@post), @admin
- assert_response :success
- end
- end
-
context "ban action" do
should "render" do
- post_auth ban_moderator_post_post_path(@post), @admin, params: { commit: "Ban", format: "js" }
+ post_auth ban_moderator_post_post_path(@post), @admin
- assert_response :success
+ assert_redirected_to @post
assert_equal(true, @post.reload.is_banned?)
end
end
@@ -97,7 +90,7 @@ module Moderator
context "unban action" do
should "render" do
@post.ban!
- post_auth unban_moderator_post_post_path(@post), @admin, params: { format: "js" }
+ post_auth unban_moderator_post_post_path(@post), @admin
assert_redirected_to(@post)
assert_equal(false, @post.reload.is_banned?)