Fail loudly if we forget to whitelist a param instead of silently
ignoring it.
misc models: convert to strong params.
artist commentaries: convert to strong params.
* Disallow changing or setting post_id to a nonexistent post.
artists: convert to strong params.
* Disallow setting `is_banned` in create/update actions. Changing it
this way instead of with the ban/unban actions would leave the artist in
a partially banned state.
bans: convert to strong params.
* Disallow changing the user_id after the ban has been created.
comments: convert to strong params.
favorite groups: convert to strong params.
news updates: convert to strong params.
post appeals: convert to strong params.
post flags: convert to strong params.
* Disallow users from setting the `is_deleted` / `is_resolved` flags.
ip bans: convert to strong params.
user feedbacks: convert to strong params.
* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.
notes: convert to strong params.
wiki pages: convert to strong params.
* Also fix non-Builders being able to delete wiki pages.
saved searches: convert to strong params.
pools: convert to strong params.
* Disallow setting `post_count` or `is_deleted` in create/update actions.
janitor trials: convert to strong params.
post disapprovals: convert to strong params.
* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
of Approve button.
dmail filters: convert to strong params.
password resets: convert to strong params.
user name change requests: convert to strong params.
posts: convert to strong params.
users: convert to strong params.
* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
has_mail, and dmail_filter_attributes[user_id].
* Remove initialize_default_image_size (dead code).
uploads: convert to strong params.
* Remove `initialize_status` because status already defaults to pending
in the database.
tag aliases/implications: convert to strong params.
tags: convert to strong params.
forum posts: convert to strong params.
* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).
forum topics: convert to strong params.
* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references
Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>
add diffs
The Rails convention is for test/helpers to be used for testing the view
helpers in app/helpers. We were using it to store certain utility
methods instead. Move these to test/test_helpers so that test/helpers
can be used for its intended purpose.
Bug: when deleting a child post and the "Move favorites to parent?" option is
set, the parent's has_active_children flag is not cleared.
`give_favorites_to_parent` moves the votes, and moving the votes has the
side effect of reloading the post (to get the new score). But reloading
the post wipes out the is_deleted_changed? flag, which is used by `update_parent_on_save`.
Fix: update the `is_deleted` flag *before* moving favorites, so that the
`update_parent_on_save` callback runs before `give_favorite_to_parent` runs.
Adding or removing a post id to a favgroup's post_ids string is
non-atomic. Lock it to prevent simultaneous updates to the same favgroup
from clobbering each other.
Same bug as #3091.
Fixup for a bug in 134958d1. `Post.fast_count("pool:1537")` still
returned zero because `Tag.is_simple_tag?` incorrectly parsed
"pool:1537" as a simple tag, so Post.fast_count still looked for it in
the tags table and found the empty "pool:1537" tag.
Fixes Post#get_count_from_cache to only lookup the count in the tags
table when the search is for a single "simple" tag.
Check memcache when the search is not a simple tag:
* multi-tag searches (touhou rating:s)
* single metatag searches (rating:s, source:"foo bar")
* negated tags (-touhou)
* wildcard tags (*touhou*)
* or searches (~touhou)
* Set parent IDs with `update` instead of `update_column` /
`update_all` when reparenting children. This fixes it so that new post
versions are saved and the has_children flag is set on the new parent.
* Slightly simplify logic of update_children_on_destroy: the single
child case is subsumed by the multi-child case.
Don't silently ignore attempts to remove posts from deleted pools.
Remove the restriction on removing posts from deleted pools instead (ref: #1109).
Fixes failure to remove posts from deleted pools during expungement.
