From 5d4592e0e0752323d551d815df5c91dbc11f6252 Mon Sep 17 00:00:00 2001 From: Type-kun Date: Tue, 13 Jun 2017 00:15:49 +0500 Subject: [PATCH 1/4] Add "flagger:" and "appealer:" metatags (fixes #3142) --- app/logical/post_query_builder.rb | 38 +++++++++++++++++++++++++++++ app/models/tag.rb | 40 ++++++++++++++++++++++++++++--- 2 files changed, 75 insertions(+), 3 deletions(-) diff --git a/app/logical/post_query_builder.rb b/app/logical/post_query_builder.rb index 8a0fa072e..9cc22f854 100644 --- a/app/logical/post_query_builder.rb +++ b/app/logical/post_query_builder.rb @@ -236,6 +236,44 @@ class PostQueryBuilder has_constraints! end + if q[:flagger_ids_neg] + q[:flagger_ids_neg].each do |flagger_id| + relation = relation.where("posts.id NOT IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct) + end + end + + if q[:flagger_ids] + q[:flagger_ids].each do |flagger_id| + if flagger_id == "any" + relation = relation.where('EXISTS (' + PostFlag.unscoped.search({:category => "normal"}).where('post_id = posts.id').reorder('').select('1').to_sql + ')') + elsif flagger_id == "none" + relation = relation.where('NOT EXISTS (' + PostFlag.unscoped.search({:category => "normal"}).where('post_id = posts.id').reorder('').select('1').to_sql + ')') + else + relation = relation.where("posts.id IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct) + end + end + has_constraints! + end + + if q[:appealer_ids_neg] + q[:appealer_ids_neg].each do |appealer_id| + relation = relation.where("posts.id NOT IN (?)", PostAppeal.unscoped.where(creator_id: appealer_id).select(:post_id).distinct) + end + end + + if q[:appealer_ids] + q[:appealer_ids].each do |appealer_id| + if appealer_id == "any" + relation = relation.where('EXISTS (' + PostAppeal.unscoped.where('post_id = posts.id').select('1').to_sql + ')') + elsif appealer_id == "none" + relation = relation.where('NOT EXISTS (' + PostAppeal.unscoped.where('post_id = posts.id').select('1').to_sql + ')') + else + relation = relation.where("posts.id IN (?)", PostAppeal.unscoped.where(creator_id: appealer_id).select(:post_id).distinct) + end + end + has_constraints! + end + if q[:commenter_ids] q[:commenter_ids].each do |commenter_id| if commenter_id == "any" diff --git a/app/models/tag.rb b/app/models/tag.rb index ddfe9e9cb..32d7189ea 100644 --- a/app/models/tag.rb +++ b/app/models/tag.rb @@ -1,7 +1,7 @@ class Tag < ActiveRecord::Base COSINE_SIMILARITY_RELATED_TAG_THRESHOLD = 1000 - METATAGS = "-user|user|-approver|approver|commenter|comm|noter|noteupdater|artcomm|-pool|pool|ordpool|-favgroup|favgroup|-fav|fav|ordfav|sub|md5|-rating|rating|-locked|locked|width|height|mpixels|ratio|score|favcount|filesize|source|-source|id|-id|date|age|order|limit|-status|status|tagcount|gentags|arttags|chartags|copytags|parent|-parent|child|pixiv_id|pixiv|search|upvote|downvote|filetype|-filetype" - SUBQUERY_METATAGS = "commenter|comm|noter|noteupdater|artcomm" + METATAGS = "-user|user|-approver|approver|commenter|comm|noter|noteupdater|artcomm|-pool|pool|ordpool|-favgroup|favgroup|-fav|fav|ordfav|sub|md5|-rating|rating|-locked|locked|width|height|mpixels|ratio|score|favcount|filesize|source|-source|id|-id|date|age|order|limit|-status|status|tagcount|gentags|arttags|chartags|copytags|parent|-parent|child|pixiv_id|pixiv|search|upvote|downvote|filetype|-filetype|flagger|-flagger|appealer|-appealer" + SUBQUERY_METATAGS = "commenter|comm|noter|noteupdater|artcomm|flagger|-flagger|appealer|-appealer" attr_accessible :category, :as => [:moderator, :gold, :platinum, :member, :anonymous, :default, :builder, :admin] attr_accessible :is_locked, :as => [:moderator, :admin] has_one :wiki_page, :foreign_key => "title", :primary_key => "name" @@ -442,7 +442,7 @@ class Tag < ActiveRecord::Base when "approver" if $2 == "none" - q[:approver_id] = "none" + q[:approver_id] = "none" elsif $2 == "any" q[:approver_id] = "any" else @@ -450,6 +450,40 @@ class Tag < ActiveRecord::Base q[:approver_id] = user_id unless user_id.blank? end + when "flagger" + q[:flagger_ids] ||= [] + + if $2 == "none" + q[:flagger_ids] << "none" + elsif $2 == "any" + q[:flagger_ids] << "any" + else + user_id = User.name_to_id($2) + q[:flagger_ids] << user_id unless user_id.blank? + end + + when "-flagger" + q[:flagger_ids_neg] ||= [] + user_id = User.name_to_id($2) + q[:flagger_ids_neg] << user_id unless user_id.blank? + + when "appealer" + q[:appealer_ids] ||= [] + + if $2 == "none" + q[:appealer_ids] << "none" + elsif $2 == "any" + q[:appealer_ids] << "any" + else + user_id = User.name_to_id($2) + q[:appealer_ids] << user_id unless user_id.blank? + end + + when "-appealer" + q[:appealer_ids_neg] ||= [] + user_id = User.name_to_id($2) + q[:appealer_ids_neg] << user_id unless user_id.blank? + when "commenter", "comm" q[:commenter_ids] ||= [] From 1375cc53078dd646c2b67daccaa262af3b66a33e Mon Sep 17 00:00:00 2001 From: Type-kun Date: Wed, 14 Jun 2017 20:43:25 +0500 Subject: [PATCH 2/4] Added privilege check for seeing flagger usernames Also reworked all places dealing with flagger names to use said privilege --- app/helpers/post_flags_helper.rb | 7 +++++-- app/logical/anonymous_user.rb | 4 ++++ app/logical/post_query_builder.rb | 8 +++++--- app/models/post_event.rb | 10 ++++++++++ app/models/post_flag.rb | 9 ++++++--- app/models/user.rb | 4 ++++ app/views/post_events/index.html.erb | 14 +++++++------- app/views/post_flags/index.html.erb | 2 +- 8 files changed, 42 insertions(+), 16 deletions(-) diff --git a/app/helpers/post_flags_helper.rb b/app/helpers/post_flags_helper.rb index e3762cff2..ba83fe84e 100644 --- a/app/helpers/post_flags_helper.rb +++ b/app/helpers/post_flags_helper.rb @@ -7,8 +7,11 @@ module PostFlagsHelper html << '
  • ' html << DText.parse_inline(flag.reason).html_safe - if CurrentUser.is_moderator? - html << " - #{link_to_user(flag.creator)} (#{link_to_ip(flag.creator_ip_addr)})" + if CurrentUser.can_view_flagger?(flag.creator_id) + html << " - #{link_to_user(flag.creator)}" + if CurrentUser.is_moderator? + html << " (#{link_to_ip(flag.creator_ip_addr)})" + end end html << ' - ' + time_ago_in_words_tagged(flag.created_at) diff --git a/app/logical/anonymous_user.rb b/app/logical/anonymous_user.rb index 65b458049..45dee91e4 100644 --- a/app/logical/anonymous_user.rb +++ b/app/logical/anonymous_user.rb @@ -116,6 +116,10 @@ class AnonymousUser false end + def can_view_flagger?(flagger_id) + false + end + def can_approve_posts? false end diff --git a/app/logical/post_query_builder.rb b/app/logical/post_query_builder.rb index 9cc22f854..68d866bf7 100644 --- a/app/logical/post_query_builder.rb +++ b/app/logical/post_query_builder.rb @@ -238,7 +238,9 @@ class PostQueryBuilder if q[:flagger_ids_neg] q[:flagger_ids_neg].each do |flagger_id| - relation = relation.where("posts.id NOT IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct) + if CurrentUser.can_view_flagger?(flagger_id) + relation = relation.where("posts.id NOT IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct) + end end end @@ -248,8 +250,8 @@ class PostQueryBuilder relation = relation.where('EXISTS (' + PostFlag.unscoped.search({:category => "normal"}).where('post_id = posts.id').reorder('').select('1').to_sql + ')') elsif flagger_id == "none" relation = relation.where('NOT EXISTS (' + PostFlag.unscoped.search({:category => "normal"}).where('post_id = posts.id').reorder('').select('1').to_sql + ')') - else - relation = relation.where("posts.id IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct) + elsif CurrentUser.can_view_flagger?(flagger_id) + relation = relation.where("posts.id IN (?)", PostFlag.unscoped.search({:creator_id => flagger_id, :category => "normal"}).reorder("").select(:post_id).distinct) end end has_constraints! diff --git a/app/models/post_event.rb b/app/models/post_event.rb index 39d7529a8..09c9193f8 100644 --- a/app/models/post_event.rb +++ b/app/models/post_event.rb @@ -24,6 +24,16 @@ class PostEvent type_name.first end + def is_creator_visible?(user = CurrentUser.user) + case event + when PostAppeal + true + when PostFlag + flag = event + user.can_view_flagger?(flag.creator_id) + end + end + def attributes { "creator_id": nil, diff --git a/app/models/post_flag.rb b/app/models/post_flag.rb index 9b640cdcc..504ceeebb 100644 --- a/app/models/post_flag.rb +++ b/app/models/post_flag.rb @@ -65,12 +65,15 @@ class PostFlag < ActiveRecord::Base q = q.reason_matches(params[:reason_matches]) end - if params[:creator_id].present? && (CurrentUser.is_moderator? || params[:creator_id].to_i == CurrentUser.user.id) + if params[:creator_id].present? && CurrentUser.can_view_flagger?(params[:creator_id].to_i) q = q.where("creator_id = ?", params[:creator_id].to_i) end - if params[:creator_name].present? && (CurrentUser.is_moderator? || params[:creator_name].mb_chars.downcase.strip.tr(" ", "_") == CurrentUser.user.name.downcase) - q = q.where("creator_id = (select _.id from users _ where lower(_.name) = ?)", params[:creator_name].mb_chars.downcase.strip.tr(" ", "_")) + if params[:creator_name].present? + creator_id = User.name_to_id(params[:creator_name].strip) + if CurrentUser.can_view_flagger?(creator_id) + q = q.where("creator_id = ?", creator_id) + end end if params[:post_id].present? diff --git a/app/models/user.rb b/app/models/user.rb index 290fb8304..ae31fbfa0 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -545,6 +545,10 @@ class User < ActiveRecord::Base created_at <= 1.week.ago end + def can_view_flagger?(flagger_id) + CurrentUser.is_moderator? || flagger_id == CurrentUser.user.id + end + def base_upload_limit if created_at >= 1.month.ago 10 diff --git a/app/views/post_events/index.html.erb b/app/views/post_events/index.html.erb index b4a97d6ff..4a39215ee 100644 --- a/app/views/post_events/index.html.erb +++ b/app/views/post_events/index.html.erb @@ -6,9 +6,7 @@ Type - <% if CurrentUser.is_moderator? %> - Creator - <% end %> + Creator Reason Resolved? Date @@ -18,11 +16,13 @@ <% @events.each do |event| %> <%= event.type_name %> - <% if CurrentUser.is_moderator? %> - + + <% if event.is_creator_visible? %> <%= link_to_user event.creator %> - - <% end %> + <% else %> + hidden + <% end %> + <%= format_text event.reason, :ragel => true %> <% if event.is_resolved %> diff --git a/app/views/post_flags/index.html.erb b/app/views/post_flags/index.html.erb index 4259117e2..3cb77c545 100644 --- a/app/views/post_flags/index.html.erb +++ b/app/views/post_flags/index.html.erb @@ -39,7 +39,7 @@ <%= compact_time post_flag.created_at %> - <% if CurrentUser.user.is_moderator? %> + <% if CurrentUser.can_view_flagger?(post_flag.creator_id) %>
    by <%= link_to_user post_flag.creator %> <%= link_to "ยป", post_flags_path(search: params[:search].merge(creator_name: post_flag.creator.name)) %> <% end %> From d4944d6c118aab727a9dff34f0e7a223f2ba20fe Mon Sep 17 00:00:00 2001 From: Type-kun Date: Wed, 14 Jun 2017 20:56:02 +0500 Subject: [PATCH 3/4] Avoid using `creator_id` as a local variable in flag model --- app/models/post_flag.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/models/post_flag.rb b/app/models/post_flag.rb index 504ceeebb..8ed70ef88 100644 --- a/app/models/post_flag.rb +++ b/app/models/post_flag.rb @@ -70,9 +70,9 @@ class PostFlag < ActiveRecord::Base end if params[:creator_name].present? - creator_id = User.name_to_id(params[:creator_name].strip) - if CurrentUser.can_view_flagger?(creator_id) - q = q.where("creator_id = ?", creator_id) + flagger_id = User.name_to_id(params[:creator_name].strip) + if CurrentUser.can_view_flagger?(flagger_id) + q = q.where("creator_id = ?", flagger_id) end end From 1ffc9d286c958b849606fc5ef04181f33548951b Mon Sep 17 00:00:00 2001 From: evazion Date: Wed, 14 Jun 2017 12:07:36 -0500 Subject: [PATCH 4/4] Fix `User#can_view_flagger?`. --- app/models/user.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index ae31fbfa0..44a8358f2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -546,7 +546,7 @@ class User < ActiveRecord::Base end def can_view_flagger?(flagger_id) - CurrentUser.is_moderator? || flagger_id == CurrentUser.user.id + is_moderator? || flagger_id == id end def base_upload_limit