From de10ea66a1ff4f7dd8f0edf3c8abb89fdcd7541a Mon Sep 17 00:00:00 2001 From: evazion Date: Sun, 9 Sep 2018 20:01:26 -0500 Subject: [PATCH] _only: fix role checking logic to check ip bans last. Make _only methods check the role first and ip bans last. This avoids hitting the database for anonymous users, since they'll always fail the is_? check before the ip check. --- app/controllers/application_controller.rb | 7 ++----- app/models/user.rb | 4 ---- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3287d2f5d..31b2fbb0e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -184,11 +184,8 @@ class ApplicationController < ActionController::Base User::Roles.each do |role| define_method("#{role}_only") do - if !CurrentUser.user.is_banned_or_ip_banned? && CurrentUser.user.__send__("is_#{role}?") - true - else - access_denied() - false + if !CurrentUser.user.send("is_#{role}?") || CurrentUser.user.is_banned? || IpBan.is_banned?(CurrentUser.ip_addr) + access_denied end end end diff --git a/app/models/user.rb b/app/models/user.rb index 4731764c9..b24d74ac3 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -113,10 +113,6 @@ class User < ApplicationRecord accepts_nested_attributes_for :dmail_filter module BanMethods - def is_banned_or_ip_banned? - return is_banned? || IpBan.is_banned?(CurrentUser.ip_addr) - end - def validate_ip_addr_is_not_banned if IpBan.is_banned?(CurrentUser.ip_addr) self.errors[:base] << "IP address is banned"