Fail loudly if we forget to whitelist a param instead of silently
ignoring it.
misc models: convert to strong params.
artist commentaries: convert to strong params.
* Disallow changing or setting post_id to a nonexistent post.
artists: convert to strong params.
* Disallow setting `is_banned` in create/update actions. Changing it
this way instead of with the ban/unban actions would leave the artist in
a partially banned state.
bans: convert to strong params.
* Disallow changing the user_id after the ban has been created.
comments: convert to strong params.
favorite groups: convert to strong params.
news updates: convert to strong params.
post appeals: convert to strong params.
post flags: convert to strong params.
* Disallow users from setting the `is_deleted` / `is_resolved` flags.
ip bans: convert to strong params.
user feedbacks: convert to strong params.
* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.
notes: convert to strong params.
wiki pages: convert to strong params.
* Also fix non-Builders being able to delete wiki pages.
saved searches: convert to strong params.
pools: convert to strong params.
* Disallow setting `post_count` or `is_deleted` in create/update actions.
janitor trials: convert to strong params.
post disapprovals: convert to strong params.
* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
of Approve button.
dmail filters: convert to strong params.
password resets: convert to strong params.
user name change requests: convert to strong params.
posts: convert to strong params.
users: convert to strong params.
* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
has_mail, and dmail_filter_attributes[user_id].
* Remove initialize_default_image_size (dead code).
uploads: convert to strong params.
* Remove `initialize_status` because status already defaults to pending
in the database.
tag aliases/implications: convert to strong params.
tags: convert to strong params.
forum posts: convert to strong params.
* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).
forum topics: convert to strong params.
* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references
Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>
add diffs
* Change Post#pools to return all pools, including deleted pools. This
fixes remove_all_from_pools to remove the post from deleted pools too.
* Change other users of Post#pools to explicitly select undeleted pools.
* Fix routing error in respond_with (didn't use /moderator namespace).
* Fix /moderator/posts/approvals.json response to return full
PostApproval object, not just a success/failure message.
* Simplify the javascript a bit (use $.post instead of $.ajax).
Mark all tag <input>s with a `data-autocomplete` attribute, instead of
hardcoding a list of html IDs to autocomplete in javascript.
This way should be less error prone. It fixes autocomplete in several places:
* Autocomplete for the search box on /posts didn't work in the
responsive layout. This was because /posts has two search boxes that
both have the id `tags`: one in the normal sidebar, and one in the
responsive tag list. $("#tags") only initialized autocomplete on the
first one.
* Autocomplete didn't work on the aliases or implications pages. This
was due to selecting the wrong html ids.
* Converts queries to use active record instead of raw sql. This ensures
that user objects are loaded by rails in the join, so that we
don't have to issue `User.find` calls to load users one-by-one.
* Use `.includes` to preload associations used in the view, to avoid
additional N+1 query problems (primarily, calls to link_to_user
also causing users to be loaded one-by-one).
Fix pool_versions exception if PoolArchive db isn't set up. Prefer
ActiveRecord over raw sql so we can get real user objects so that the
view can use link_to_user.
