jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

<role>_only: fix role checking logic to check ip bans last.

Browse Source 
Make <role>_only methods check the role first and ip bans last. This
avoids hitting the database for anonymous users, since they'll always
fail the is_<role>? check before the ip check.
This commit is contained in:
evazion
2018-09-09 20:01:26 -05:00
parent e546e52bd7
commit de10ea66a1
2 changed files with 2 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/controllers/application_controller.rb
View File

@@ -184,11 +184,8 @@ class ApplicationController < ActionController::Base
User::Roles.each do |role| User::Roles.each do |role|
define_method("#{role}_only") do define_method("#{role}_only") do
if !CurrentUser.user.is_banned_or_ip_banned? && CurrentUser.user.__send__("is_#{role}?") if !CurrentUser.user.send("is_#{role}?") || CurrentUser.user.is_banned? || IpBan.is_banned?(CurrentUser.ip_addr)
true access_denied
else
access_denied()
false
end end
end end
end end

4
app/models/user.rb
View File

@@ -113,10 +113,6 @@ class User < ApplicationRecord
accepts_nested_attributes_for :dmail_filter accepts_nested_attributes_for :dmail_filter
module BanMethods module BanMethods
def is_banned_or_ip_banned?
return is_banned? || IpBan.is_banned?(CurrentUser.ip_addr)
end
def validate_ip_addr_is_not_banned def validate_ip_addr_is_not_banned
if IpBan.is_banned?(CurrentUser.ip_addr) if IpBan.is_banned?(CurrentUser.ip_addr)
self.errors[:base] << "IP address is banned" self.errors[:base] << "IP address is banned"