Prevent anon/banned/member users from voting (fix #2719).

There was a regression in 6d6d00b; `before_filter :voter_only` was a
no-op in the post vote controller because it merely returned false,
which does not halt the request. The fix is to arrange for a voter_only
method to be defined that properly redirects to the access denied page.

app/controllers/application_controller.rb

@@ -133,9 +133,9 @@ protected
     end
   end
 
-  %w(member banned builder gold platinum janitor moderator admin).each do |level|
+  User::Roles.each do |role|
-    define_method("#{level}_only") do
+    define_method("#{role}_only") do
-      if !CurrentUser.user.is_banned_or_ip_banned? && CurrentUser.user.__send__("is_#{level}?")
+      if !CurrentUser.user.is_banned_or_ip_banned? && CurrentUser.user.__send__("is_#{role}?")
         true
       else
         access_denied()

app/controllers/post_votes_controller.rb

@@ -14,10 +14,4 @@ class PostVotesController < ApplicationController
   rescue PostVote::Error => x
     @error = x
   end
-
-protected
-
-  def voter_only
-    CurrentUser.is_voter?
-  end
 end

app/models/user.rb

@@ -16,6 +16,16 @@ class User < ActiveRecord::Base
     ADMIN = 50
   end
 
+  # Used for `before_filter :<role>_only`. Must have a corresponding `is_<role>?` method.
+  Roles = Levels.constants.map(&:downcase) + [
+    :anonymous,
+    :banned,
+    :approver,
+    :voter,
+    :super_voter,
+    :verified,
+  ]
+
   BOOLEAN_ATTRIBUTES = %w(
     is_banned
     has_mail
@@ -384,6 +394,10 @@ class User < ActiveRecord::Base
       true
     end
 
+    def is_blocked?
+      is_banned?
+    end
+
     def is_builder?
       level >= Levels::BUILDER
     end