From d51b0dfe177eab000eb363ab1ace67df64a72030 Mon Sep 17 00:00:00 2001 From: evazion Date: Fri, 20 Mar 2020 02:28:16 -0500 Subject: [PATCH] pundit: convert moderator/post/posts to pundit. --- .../moderator/post/posts_controller.rb | 13 +++++------- app/policies/post_policy.rb | 20 +++++++++++++++++++ .../posts/partials/show/_options.html.erb | 10 +++++----- .../moderator/post/posts_controller_test.rb | 15 ++++---------- 4 files changed, 34 insertions(+), 24 deletions(-) diff --git a/app/controllers/moderator/post/posts_controller.rb b/app/controllers/moderator/post/posts_controller.rb index 6bc8c88f4..5fac8e5a2 100644 --- a/app/controllers/moderator/post/posts_controller.rb +++ b/app/controllers/moderator/post/posts_controller.rb @@ -1,10 +1,7 @@ module Moderator module Post class PostsController < ApplicationController - before_action :approver_only, :only => [:delete, :move_favorites, :ban, :unban, :confirm_delete, :confirm_move_favorites] - before_action :admin_only, :only => [:expunge] skip_before_action :api_check - respond_to :html, :json, :xml, :js def confirm_delete @@ -12,7 +9,7 @@ module Moderator end def delete - @post = ::Post.find(params[:id]) + @post = authorize ::Post.find(params[:id]) if params[:commit] == "Delete" @post.delete!(params[:reason], :move_favorites => params[:move_favorites].present?) end @@ -24,7 +21,7 @@ module Moderator end def move_favorites - @post = ::Post.find(params[:id]) + @post = authorize ::Post.find(params[:id]) if params[:commit] == "Submit" @post.give_favorites_to_parent end @@ -32,12 +29,12 @@ module Moderator end def expunge - @post = ::Post.find(params[:id]) + @post = authorize ::Post.find(params[:id]) @post.expunge! end def ban - @post = ::Post.find(params[:id]) + @post = authorize ::Post.find(params[:id]) @post.ban! flash[:notice] = "Post was banned" @@ -45,7 +42,7 @@ module Moderator end def unban - @post = ::Post.find(params[:id]) + @post = authorize ::Post.find(params[:id]) @post.unban! flash[:notice] = "Post was banned" diff --git a/app/policies/post_policy.rb b/app/policies/post_policy.rb index c173dc86c..4ddd09250 100644 --- a/app/policies/post_policy.rb +++ b/app/policies/post_policy.rb @@ -23,6 +23,26 @@ class PostPolicy < ApplicationPolicy update? end + def move_favorites? + user.is_approver? && record.fav_count > 0 && record.parent_id.present? + end + + def delete? + user.is_approver? && !record.is_deleted? + end + + def ban? + user.is_approver? && !record.is_banned? + end + + def unban? + user.is_approver? && record.is_banned? + end + + def expunge? + user.is_admin? + end + def visible? record.visible? end diff --git a/app/views/posts/partials/show/_options.html.erb b/app/views/posts/partials/show/_options.html.erb index 8371313c2..b81cf3f56 100644 --- a/app/views/posts/partials/show/_options.html.erb +++ b/app/views/posts/partials/show/_options.html.erb @@ -52,10 +52,10 @@ <% if policy(PostApproval).create? %> <% if post.is_deleted? %>
  • <%= link_to "Undelete", post_approvals_path(post_id: post.id), remote: true, method: :post, "data-confirm": "Are you sure you want to undelete this post?" %>
    • - <% if post.fav_count > 0 && post.parent_id %> + <% if policy(post).move_favorites? %>
  • <%= link_to "Move favorites", confirm_move_favorites_moderator_post_post_path(post_id: post.id) %>
    • <% end %> - <% else %> + <% elsif policy(post).delete? %>
  • <%= link_to "Delete", confirm_delete_moderator_post_post_path(post_id: post.id) %>
    • <% end %> @@ -64,13 +64,13 @@
  • <%= link_to "Hide from queue", post_disapprovals_path(post_disapproval: { post_id: post.id, reason: "disinterest" }), remote: true, method: :post, id: "disapprove" %>
    • <% end %> - <% if post.is_banned? %> + <% if policy(post).unban? %>
  • <%= link_to "Unban", unban_moderator_post_post_path(post), method: :post, "data-confirm": "Are you sure you want to unban this post?" %>
    • - <% else %> + <% elsif policy(post).ban? %>
  • <%= link_to "Ban", ban_moderator_post_post_path(post), method: :post, "data-confirm": "Are you sure you want to ban this post?" %>
    • <% end %> - <% if CurrentUser.is_admin? %> + <% if policy(post).expunge? %>
  • <%= link_to "Expunge", expunge_moderator_post_post_path(post_id: post.id), remote: true, method: :post, "data-confirm": "This will permanently delete this post (meaning the file will be deleted). Are you sure you want to delete this post?" %>
    • <% end %> <% end %> diff --git a/test/functional/moderator/post/posts_controller_test.rb b/test/functional/moderator/post/posts_controller_test.rb index 99220caaf..fa722a906 100644 --- a/test/functional/moderator/post/posts_controller_test.rb +++ b/test/functional/moderator/post/posts_controller_test.rb @@ -37,7 +37,7 @@ module Moderator context "confirm_move_favorites action" do should "render" do - get_auth confirm_ban_moderator_post_post_path(@post), @admin + get_auth confirm_move_favorites_moderator_post_post_path(@post), @admin assert_response :success end end @@ -78,18 +78,11 @@ module Moderator end end - context "confirm_ban action" do - should "render" do - get_auth confirm_ban_moderator_post_post_path(@post), @admin - assert_response :success - end - end - context "ban action" do should "render" do - post_auth ban_moderator_post_post_path(@post), @admin, params: { commit: "Ban", format: "js" } + post_auth ban_moderator_post_post_path(@post), @admin - assert_response :success + assert_redirected_to @post assert_equal(true, @post.reload.is_banned?) end end @@ -97,7 +90,7 @@ module Moderator context "unban action" do should "render" do @post.ban! - post_auth unban_moderator_post_post_path(@post), @admin, params: { format: "js" } + post_auth unban_moderator_post_post_path(@post), @admin assert_redirected_to(@post) assert_equal(false, @post.reload.is_banned?)