* Use ApplicationRecord#attribute_matches to handle boolean attributes
consistently in search methods.
* Add support for searching various boolean attributes that previously
weren't supported.
* Add `truthy?` and `falsy?` core extensions to String.
* Use `truthy?` and `falsy?` to replace ad-hoc parsing of boolean
parameters in various places.
Fail loudly if we forget to whitelist a param instead of silently
ignoring it.
misc models: convert to strong params.
artist commentaries: convert to strong params.
* Disallow changing or setting post_id to a nonexistent post.
artists: convert to strong params.
* Disallow setting `is_banned` in create/update actions. Changing it
this way instead of with the ban/unban actions would leave the artist in
a partially banned state.
bans: convert to strong params.
* Disallow changing the user_id after the ban has been created.
comments: convert to strong params.
favorite groups: convert to strong params.
news updates: convert to strong params.
post appeals: convert to strong params.
post flags: convert to strong params.
* Disallow users from setting the `is_deleted` / `is_resolved` flags.
ip bans: convert to strong params.
user feedbacks: convert to strong params.
* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.
notes: convert to strong params.
wiki pages: convert to strong params.
* Also fix non-Builders being able to delete wiki pages.
saved searches: convert to strong params.
pools: convert to strong params.
* Disallow setting `post_count` or `is_deleted` in create/update actions.
janitor trials: convert to strong params.
post disapprovals: convert to strong params.
* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
of Approve button.
dmail filters: convert to strong params.
password resets: convert to strong params.
user name change requests: convert to strong params.
posts: convert to strong params.
users: convert to strong params.
* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
has_mail, and dmail_filter_attributes[user_id].
* Remove initialize_default_image_size (dead code).
uploads: convert to strong params.
* Remove `initialize_status` because status already defaults to pending
in the database.
tag aliases/implications: convert to strong params.
tags: convert to strong params.
forum posts: convert to strong params.
* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).
forum topics: convert to strong params.
* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references
Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>
add diffs
* Allow every controller to take the `search[id]` param.
* Parse the `search[id]` param the same way that the `id:<N>` metatag is
parsed. So `search[id]=1,2,3`, `search[id]=<42`, `search[id]=1..10`, for
example, are all accepted.
Bug: if the url_string had leading spaces, when it was split the
resulting array contained the empty string, which led to a validation
error when trying to save the urls.
Fixup for #3247.
/wiki_pages?search[order]=post_count didn't include wiki pages that
didn't belong to a tag. This was due to doing an inner join on the tags
table instead of a left outer join.
* Add search[order]=post_count param to /artists.
* Make autocomplete do a prefix match ordered by post count, so that it
works the same way that tag autocomplete does elsewhere.
Using `search[empty_only]=true` caused certain queries to throw an
exception due to ambiguous column references after joining on the tags
table.
Example:
https://danbooru.donmai.us/artists?search[empty_only]=true&search[name]=hammer*
PG::AmbiguousColumn exception raised
ERROR: column reference "name" is ambiguous LINE 1: ...ags"."name" = "artists"."name" WHERE (true) AND ((name LIKE ... ^
lib/danbooru/paginator/active_record_extension.rb:108:in `total_count'
lib/danbooru/paginator/active_record_extension.rb:63:in `block in paginate_numbered'
lib/danbooru/paginator/active_record_extension.rb:60:in `tap'
lib/danbooru/paginator/active_record_extension.rb:60:in `paginate_numbered'
lib/danbooru/paginator/active_record_extension.rb:15:in `paginate'
app/controllers/artists_controller.rb:41:in `index'
