diff --git a/app/controllers/artist_versions_controller.rb b/app/controllers/artist_versions_controller.rb index 1c2efa6c9..ff5a79f7d 100644 --- a/app/controllers/artist_versions_controller.rb +++ b/app/controllers/artist_versions_controller.rb @@ -3,7 +3,7 @@ class ArtistVersionsController < ApplicationController def index set_version_comparison - @artist_versions = ArtistVersion.paginated_search(params) + @artist_versions = authorize ArtistVersion.visible(CurrentUser.user).paginated_search(params) @artist_versions = @artist_versions.includes(:updater, artist: :urls) if request.format.html? respond_with(@artist_versions) diff --git a/app/controllers/artists_controller.rb b/app/controllers/artists_controller.rb index 986250c29..a9390321e 100644 --- a/app/controllers/artists_controller.rb +++ b/app/controllers/artists_controller.rb @@ -30,7 +30,7 @@ class ArtistsController < ApplicationController def index # XXX params[:search][:name] = params.delete(:name) if params[:name] - @artists = authorize Artist.paginated_search(params) + @artists = authorize Artist.visible(CurrentUser.user).paginated_search(params) @artists = @artists.includes(:urls, :tag) if request.format.html? respond_with(@artists) diff --git a/app/models/application_record.rb b/app/models/application_record.rb index 38c49a44d..07779931e 100644 --- a/app/models/application_record.rb +++ b/app/models/application_record.rb @@ -29,6 +29,14 @@ class ApplicationRecord < ActiveRecord::Base def visible(user) all end + + def policy(current_user) + Pundit.policy(current_user, self) + end + end + + def policy(current_user) + Pundit.policy(current_user, self) end end diff --git a/app/models/artist_version.rb b/app/models/artist_version.rb index a743c43ed..8f6f85ec6 100644 --- a/app/models/artist_version.rb +++ b/app/models/artist_version.rb @@ -5,6 +5,14 @@ class ArtistVersion < ApplicationRecord belongs_to_updater belongs_to :artist + def self.visible(user) + if policy(user).can_view_banned? + all + else + where(artist: Artist.unbanned) + end + end + module SearchMethods def search(params) q = search_attributes(params, :id, :created_at, :updated_at, :is_deleted, :is_banned, :name, :group_name, :urls, :other_names, :updater, :artist) diff --git a/app/policies/artist_version_policy.rb b/app/policies/artist_version_policy.rb new file mode 100644 index 000000000..347e5689e --- /dev/null +++ b/app/policies/artist_version_policy.rb @@ -0,0 +1,5 @@ +class ArtistVersionPolicy < ApplicationPolicy + def can_view_banned? + policy(Artist).can_view_banned? + end +end diff --git a/app/views/artists/_secondary_links.html.erb b/app/views/artists/_secondary_links.html.erb index 3931cf4be..0a86e6540 100644 --- a/app/views/artists/_secondary_links.html.erb +++ b/app/views/artists/_secondary_links.html.erb @@ -7,7 +7,7 @@ <% end %> <%= subnav_link_to "Recent changes", artist_versions_path %> <%= subnav_link_to "URLs", artist_urls_path %> - <% if @artist && !@artist.new_record? %> + <% if @artist && !@artist.new_record? && (!@artist.is_banned? || policy(@artist).can_view_banned?) %>
  • |
    • <%= subnav_link_to "Posts (#{@artist.tag.try(:post_count).to_i})", posts_path(:tags => @artist.name) %> <%= subnav_link_to "Show", artist_path(@artist) %>