Fail loudly if we forget to whitelist a param instead of silently
ignoring it.
misc models: convert to strong params.
artist commentaries: convert to strong params.
* Disallow changing or setting post_id to a nonexistent post.
artists: convert to strong params.
* Disallow setting `is_banned` in create/update actions. Changing it
this way instead of with the ban/unban actions would leave the artist in
a partially banned state.
bans: convert to strong params.
* Disallow changing the user_id after the ban has been created.
comments: convert to strong params.
favorite groups: convert to strong params.
news updates: convert to strong params.
post appeals: convert to strong params.
post flags: convert to strong params.
* Disallow users from setting the `is_deleted` / `is_resolved` flags.
ip bans: convert to strong params.
user feedbacks: convert to strong params.
* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.
notes: convert to strong params.
wiki pages: convert to strong params.
* Also fix non-Builders being able to delete wiki pages.
saved searches: convert to strong params.
pools: convert to strong params.
* Disallow setting `post_count` or `is_deleted` in create/update actions.
janitor trials: convert to strong params.
post disapprovals: convert to strong params.
* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
of Approve button.
dmail filters: convert to strong params.
password resets: convert to strong params.
user name change requests: convert to strong params.
posts: convert to strong params.
users: convert to strong params.
* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
has_mail, and dmail_filter_attributes[user_id].
* Remove initialize_default_image_size (dead code).
uploads: convert to strong params.
* Remove `initialize_status` because status already defaults to pending
in the database.
tag aliases/implications: convert to strong params.
tags: convert to strong params.
forum posts: convert to strong params.
* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).
forum topics: convert to strong params.
* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references
Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>
add diffs
* Remove file_path_for, cropped_file_url (dead code)
* Remove complete_preview_file_url (preview_file_url now returns absolute links)
* Remove `file_name` (only used for Download link in sidebar)
DEPRECATION WARNING: You are calling a `*_path` helper with the
`only_path` option explicitly set to `false`. This option will stop
working on path helpers in Rails 5. Use the corresponding `*_url` helper
instead.
Mark all tag <input>s with a `data-autocomplete` attribute, instead of
hardcoding a list of html IDs to autocomplete in javascript.
This way should be less error prone. It fixes autocomplete in several places:
* Autocomplete for the search box on /posts didn't work in the
responsive layout. This was because /posts has two search boxes that
both have the id `tags`: one in the normal sidebar, and one in the
responsive tag list. $("#tags") only initialized autocomplete on the
first one.
* Autocomplete didn't work on the aliases or implications pages. This
was due to selecting the wrong html ids.
Eager load post comments' creators and updaters. Fixes an N+1 queries
problem when rendering commenter names at:
views/comments/partials/show/_comment.html.erb:6
views/comments/partials/show/_comment.html.erb:20
while rendering /posts/:id pages.
* Add 'post as moderator' option to comment form. This creates a so-called sticky comment.
* Downvotes have no effect on stickied comments; they're always visible, regardless of comment thresholds.
* Only mods may sticky comments.
* Mods may sticky comments by other users.
