artists: redact version histories of banned artists.

Fix names and urls of banned artists being visible in Google through artist version pages.
2021-02-07 22:19:26 -06:00
parent 30b7345900
commit e23f09235e
6 changed files with 24 additions and 3 deletions
--- a/app/controllers/artist_versions_controller.rb
+++ b/app/controllers/artist_versions_controller.rb
@@ -3,7 +3,7 @@ class ArtistVersionsController < ApplicationController

  def index
    set_version_comparison
-    @artist_versions = ArtistVersion.paginated_search(params)
+    @artist_versions = authorize ArtistVersion.visible(CurrentUser.user).paginated_search(params)
    @artist_versions = @artist_versions.includes(:updater, artist: :urls) if request.format.html?

    respond_with(@artist_versions)
--- a/app/controllers/artists_controller.rb
+++ b/app/controllers/artists_controller.rb
@@ -30,7 +30,7 @@ class ArtistsController < ApplicationController
  def index
    # XXX
    params[:search][:name] = params.delete(:name) if params[:name]
-    @artists = authorize Artist.paginated_search(params)
+    @artists = authorize Artist.visible(CurrentUser.user).paginated_search(params)
    @artists = @artists.includes(:urls, :tag) if request.format.html?

    respond_with(@artists)
--- a/app/models/application_record.rb
+++ b/app/models/application_record.rb
@@ -29,6 +29,14 @@ class ApplicationRecord < ActiveRecord::Base
      def visible(user)
        all
      end
+
+      def policy(current_user)
+        Pundit.policy(current_user, self)
+      end
+    end
+
+    def policy(current_user)
+      Pundit.policy(current_user, self)
    end
  end

--- a/app/models/artist_version.rb
+++ b/app/models/artist_version.rb
@@ -5,6 +5,14 @@ class ArtistVersion < ApplicationRecord
  belongs_to_updater
  belongs_to :artist

+  def self.visible(user)
+    if policy(user).can_view_banned?
+      all
+    else
+      where(artist: Artist.unbanned)
+    end
+  end
+
  module SearchMethods
    def search(params)
      q = search_attributes(params, :id, :created_at, :updated_at, :is_deleted, :is_banned, :name, :group_name, :urls, :other_names, :updater, :artist)
--- a/app/policies/artist_version_policy.rb
+++ b/app/policies/artist_version_policy.rb
@@ -0,0 +1,5 @@
+class ArtistVersionPolicy < ApplicationPolicy
+  def can_view_banned?
+    policy(Artist).can_view_banned?
+  end
+end
--- a/app/views/artists/_secondary_links.html.erb
+++ b/app/views/artists/_secondary_links.html.erb
@@ -7,7 +7,7 @@
  <% end %>
  <%= subnav_link_to "Recent changes", artist_versions_path %>
  <%= subnav_link_to "URLs", artist_urls_path %>
-  <% if @artist && !@artist.new_record? %>
+  <% if @artist && !@artist.new_record? && (!@artist.is_banned? || policy(@artist).can_view_banned?) %>
    <li>|</li>
    <%= subnav_link_to "Posts (#{@artist.tag.try(:post_count).to_i})", posts_path(:tags => @artist.name) %>
    <%= subnav_link_to "Show", artist_path(@artist) %>