From 7486bb0add4bcdb6db12fe08dc73ca02bbb111fd Mon Sep 17 00:00:00 2001 From: evazion Date: Thu, 19 Jan 2017 22:24:53 +0000 Subject: [PATCH] Fix #2851: Account deletion should remove name change requests. Hides name change requests for deleted users (username matches /user_[0-9]+~*/). --- app/controllers/user_feedbacks_controller.rb | 10 +++++----- app/models/user.rb | 10 ++++++++++ app/models/user_feedback.rb | 9 +++++++++ app/models/user_name_change_request.rb | 8 ++++---- 4 files changed, 28 insertions(+), 9 deletions(-) diff --git a/app/controllers/user_feedbacks_controller.rb b/app/controllers/user_feedbacks_controller.rb index 815abbb38..ecd33dc0f 100644 --- a/app/controllers/user_feedbacks_controller.rb +++ b/app/controllers/user_feedbacks_controller.rb @@ -8,18 +8,18 @@ class UserFeedbacksController < ApplicationController end def edit - @user_feedback = UserFeedback.find(params[:id]) + @user_feedback = UserFeedback.visible.find(params[:id]) check_privilege(@user_feedback) respond_with(@user_feedback) end def show - @user_feedback = UserFeedback.find(params[:id]) + @user_feedback = UserFeedback.visible.find(params[:id]) respond_with(@user_feedback) end def index - @search = UserFeedback.search(params[:search]) + @search = UserFeedback.visible.search(params[:search]) @user_feedbacks = @search.paginate(params[:page], :limit => params[:limit]).order("created_at desc") respond_with(@user_feedbacks) do |format| format.xml do @@ -34,14 +34,14 @@ class UserFeedbacksController < ApplicationController end def update - @user_feedback = UserFeedback.find(params[:id]) + @user_feedback = UserFeedback.visible.find(params[:id]) check_privilege(@user_feedback) @user_feedback.update_attributes(params[:user_feedback]) respond_with(@user_feedback) end def destroy - @user_feedback = UserFeedback.find(params[:id]) + @user_feedback = UserFeedback.visible.find(params[:id]) check_privilege(@user_feedback) @user_feedback.destroy respond_with(@user_feedback) diff --git a/app/models/user.rb b/app/models/user.rb index d3491955f..73a29581d 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -729,6 +729,16 @@ class User < ActiveRecord::Base where("level = ?", Levels::ADMIN) end + # UserDeletion#rename renames deleted users to `user_<1234>~`. Tildes + # are appended if the username is taken. + def deleted + where("name ~ 'user_[0-9]+~*'") + end + + def undeleted + where("name !~ 'user_[0-9]+~*'") + end + def with_email(email) if email.blank? where("FALSE") diff --git a/app/models/user_feedback.rb b/app/models/user_feedback.rb index ef266af63..a2e06b102 100644 --- a/app/models/user_feedback.rb +++ b/app/models/user_feedback.rb @@ -34,6 +34,15 @@ class UserFeedback < ActiveRecord::Base where("user_id = ?", user_id) end + def visible(viewer = CurrentUser.user) + if viewer.is_admin? + all + else + # joins(:user).merge(User.undeleted).or(where("body !~ 'Name changed from [^\s:]+ to [^\s:]+'")) + joins(:user).where.not("users.name ~ 'user_[0-9]+~*' AND user_feedback.body ~ 'Name changed from [^\s:]+ to [^\s:]+'") + end + end + def search(params) q = where("true") return q if params.blank? diff --git a/app/models/user_name_change_request.rb b/app/models/user_name_change_request.rb index 10c1ff795..51345d0ee 100644 --- a/app/models/user_name_change_request.rb +++ b/app/models/user_name_change_request.rb @@ -19,11 +19,11 @@ class UserNameChangeRequest < ActiveRecord::Base where(:status => "approved") end - def self.visible - if CurrentUser.is_admin? + def self.visible(viewer = CurrentUser.user) + if viewer.is_admin? all - elsif CurrentUser.is_member? - where("user_name_change_requests.status = 'approved' OR user_name_change_requests.user_id = ?", CurrentUser.id) + elsif viewer.is_member? + joins(:user).merge(User.undeleted).where("user_name_change_requests.status = 'approved' OR user_name_change_requests.user_id = ?", viewer.id) else none end