abce4d2551
Fail loudly if we forget to whitelist a param instead of silently ignoring it. misc models: convert to strong params. artist commentaries: convert to strong params. * Disallow changing or setting post_id to a nonexistent post. artists: convert to strong params. * Disallow setting `is_banned` in create/update actions. Changing it this way instead of with the ban/unban actions would leave the artist in a partially banned state. bans: convert to strong params. * Disallow changing the user_id after the ban has been created. comments: convert to strong params. favorite groups: convert to strong params. news updates: convert to strong params. post appeals: convert to strong params. post flags: convert to strong params. * Disallow users from setting the `is_deleted` / `is_resolved` flags. ip bans: convert to strong params. user feedbacks: convert to strong params. * Disallow users from setting `disable_dmail_notification` when creating feedbacks. * Disallow changing the user_id after the feedback has been created. notes: convert to strong params. wiki pages: convert to strong params. * Also fix non-Builders being able to delete wiki pages. saved searches: convert to strong params. pools: convert to strong params. * Disallow setting `post_count` or `is_deleted` in create/update actions. janitor trials: convert to strong params. post disapprovals: convert to strong params. * Factor out quick-mod bar to shared partial. * Fix quick-mod bar to use `Post#is_approvable?` to determine visibility of Approve button. dmail filters: convert to strong params. password resets: convert to strong params. user name change requests: convert to strong params. posts: convert to strong params. users: convert to strong params. * Disallow setting password_hash, last_logged_in_at, last_forum_read_at, has_mail, and dmail_filter_attributes[user_id]. * Remove initialize_default_image_size (dead code). uploads: convert to strong params. * Remove `initialize_status` because status already defaults to pending in the database. tag aliases/implications: convert to strong params. tags: convert to strong params. forum posts: convert to strong params. * Disallow changing the topic_id after creating the post. * Disallow setting is_deleted (destroy/undelete actions should be used instead). * Remove is_sticky / is_locked (nonexistent attributes). forum topics: convert to strong params. * merges https://github.com/evazion/danbooru/tree/wip-rails-5.1 * lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4) * switch to factorybot and change all references Co-authored-by: r888888888 <r888888888@gmail.com> Co-authored-by: evazion <noizave@gmail.com> add diffs
247 lines
6.4 KiB
Ruby
247 lines
6.4 KiB
Ruby
class WikiPage < ApplicationRecord
|
|
class RevertError < Exception ; end
|
|
|
|
before_save :normalize_title
|
|
before_save :normalize_other_names
|
|
after_save :create_version
|
|
belongs_to_creator
|
|
belongs_to_updater
|
|
validates_uniqueness_of :title, :case_sensitive => false
|
|
validates_presence_of :title
|
|
validates_presence_of :body, :unless => -> { is_deleted? || other_names.present? }
|
|
validate :validate_rename
|
|
validate :validate_not_locked
|
|
attr_accessor :skip_secondary_validations
|
|
has_one :tag, :foreign_key => "name", :primary_key => "title"
|
|
has_one :artist, lambda {where(:is_active => true)}, :foreign_key => "name", :primary_key => "title"
|
|
has_many :versions, lambda {order("wiki_page_versions.id ASC")}, :class_name => "WikiPageVersion", :dependent => :destroy
|
|
|
|
module SearchMethods
|
|
def titled(title)
|
|
where("title = ?", title.mb_chars.downcase.tr(" ", "_"))
|
|
end
|
|
|
|
def title_in(titles)
|
|
where("title in (?)", titles.map{|x| x.mb_chars.downcase.tr(" ", "_")} )
|
|
end
|
|
|
|
def active
|
|
where("is_deleted = false")
|
|
end
|
|
|
|
def recent
|
|
order("updated_at DESC").limit(25)
|
|
end
|
|
|
|
def body_matches(query)
|
|
if query =~ /\*/ && CurrentUser.user.is_builder?
|
|
where("body ILIKE ? ESCAPE E'\\\\'", query.to_escaped_for_sql_like)
|
|
else
|
|
where("body_index @@ plainto_tsquery(?)", query.to_escaped_for_tsquery_split)
|
|
end
|
|
end
|
|
|
|
def other_names_equal(name)
|
|
query_sql = name.unicode_normalize(:nfkc).to_escaped_for_tsquery
|
|
where("other_names_index @@ to_tsquery('danbooru', E?)", query_sql)
|
|
end
|
|
|
|
def other_names_match(name)
|
|
if name =~ /\*/
|
|
subquery = WikiPage.from("unnest(string_to_array(other_names, ' ')) AS other_name").where("other_name ILIKE ?", name.to_escaped_for_sql_like)
|
|
where(id: subquery)
|
|
else
|
|
other_names_equal(name)
|
|
end
|
|
end
|
|
|
|
def default_order
|
|
order(updated_at: :desc)
|
|
end
|
|
|
|
def search(params = {})
|
|
q = super
|
|
|
|
if params[:title].present?
|
|
q = q.where("title LIKE ? ESCAPE E'\\\\'", params[:title].mb_chars.downcase.strip.tr(" ", "_").to_escaped_for_sql_like)
|
|
end
|
|
|
|
if params[:creator_id].present?
|
|
q = q.where("creator_id = ?", params[:creator_id])
|
|
end
|
|
|
|
if params[:body_matches].present?
|
|
q = q.body_matches(params[:body_matches])
|
|
end
|
|
|
|
if params[:other_names_match].present?
|
|
q = q.other_names_match(params[:other_names_match])
|
|
end
|
|
|
|
if params[:creator_name].present?
|
|
q = q.where("creator_id = (select _.id from users _ where lower(_.name) = ?)", params[:creator_name].tr(" ", "_").mb_chars.downcase)
|
|
end
|
|
|
|
if params[:hide_deleted] =~ /y/i
|
|
q = q.where("is_deleted = false")
|
|
end
|
|
|
|
if params[:other_names_present] == "yes"
|
|
q = q.where("other_names is not null and other_names != ''")
|
|
elsif params[:other_names_present] == "no"
|
|
q = q.where("other_names is null or other_names = ''")
|
|
end
|
|
|
|
params[:order] ||= params.delete(:sort)
|
|
case params[:order]
|
|
when "title"
|
|
q = q.order("title")
|
|
when "post_count"
|
|
q = q.includes(:tag).order("tags.post_count desc nulls last").references(:tags)
|
|
else
|
|
q = q.apply_default_order(params)
|
|
end
|
|
|
|
q
|
|
end
|
|
end
|
|
|
|
module ApiMethods
|
|
def hidden_attributes
|
|
super + [:body_index, :other_names_index]
|
|
end
|
|
|
|
def method_attributes
|
|
super + [:creator_name, :category_name]
|
|
end
|
|
end
|
|
|
|
extend SearchMethods
|
|
include ApiMethods
|
|
|
|
def self.find_title_and_id(title)
|
|
titled(title).select("title, id").first
|
|
end
|
|
|
|
def validate_not_locked
|
|
if is_locked? && !CurrentUser.is_builder?
|
|
errors.add(:is_locked, "and cannot be updated")
|
|
return false
|
|
end
|
|
end
|
|
|
|
def validate_rename
|
|
return if !will_save_change_to_title? || skip_secondary_validations
|
|
|
|
tag_was = Tag.find_by_name(Tag.normalize_name(title_was))
|
|
if tag_was.present? && tag_was.post_count > 0
|
|
errors.add(:title, "cannot be changed: '#{tag_was.name}' still has #{tag_was.post_count} posts. Move the posts and update any wikis linking to this page first.")
|
|
end
|
|
end
|
|
|
|
def revert_to(version)
|
|
if id != version.wiki_page_id
|
|
raise RevertError.new("You cannot revert to a previous version of another wiki page.")
|
|
end
|
|
|
|
self.title = version.title
|
|
self.body = version.body
|
|
self.is_locked = version.is_locked
|
|
self.other_names = version.other_names
|
|
end
|
|
|
|
def revert_to!(version)
|
|
revert_to(version)
|
|
save!
|
|
end
|
|
|
|
def normalize_title
|
|
self.title = title.mb_chars.downcase.tr(" ", "_")
|
|
end
|
|
|
|
def normalize_other_names
|
|
normalized_other_names = other_names.to_s.unicode_normalize(:nfkc).scan(/[^[:space:]]+/)
|
|
self.other_names = normalized_other_names.uniq.join(" ")
|
|
end
|
|
|
|
def skip_secondary_validations=(value)
|
|
@skip_secondary_validations = (value == true || value == "1")
|
|
end
|
|
|
|
def category_name
|
|
Tag.category_for(title)
|
|
end
|
|
|
|
def pretty_title
|
|
title.tr("_", " ")
|
|
end
|
|
|
|
def wiki_page_changed?
|
|
saved_change_to_title? || saved_change_to_body? || saved_change_to_is_locked? || saved_change_to_is_deleted? || saved_change_to_other_names?
|
|
end
|
|
|
|
def merge_version
|
|
prev = versions.last
|
|
prev.update_attributes(
|
|
:title => title,
|
|
:body => body,
|
|
:is_locked => is_locked,
|
|
:is_deleted => is_deleted,
|
|
:other_names => other_names
|
|
)
|
|
end
|
|
|
|
def merge_version?
|
|
prev = versions.last
|
|
prev && prev.updater_id == CurrentUser.user.id && prev.updated_at > 1.hour.ago
|
|
end
|
|
|
|
def create_new_version
|
|
versions.create(
|
|
:updater_id => CurrentUser.user.id,
|
|
:updater_ip_addr => CurrentUser.ip_addr,
|
|
:title => title,
|
|
:body => body,
|
|
:is_locked => is_locked,
|
|
:is_deleted => is_deleted,
|
|
:other_names => other_names
|
|
)
|
|
end
|
|
|
|
def create_version
|
|
if wiki_page_changed?
|
|
if merge_version?
|
|
merge_version
|
|
else
|
|
create_new_version
|
|
end
|
|
end
|
|
end
|
|
|
|
def post_set
|
|
@post_set ||= PostSets::WikiPage.new(title, 1, 4)
|
|
end
|
|
|
|
def presenter
|
|
@presenter ||= WikiPagePresenter.new(self)
|
|
end
|
|
|
|
def tags
|
|
body.scan(/\[\[(.+?)\]\]/).flatten.map do |match|
|
|
if match =~ /^(.+?)\|(.+)/
|
|
$1
|
|
else
|
|
match
|
|
end
|
|
end.map {|x| x.mb_chars.downcase.tr(" ", "_").to_s}.uniq
|
|
end
|
|
|
|
def visible?
|
|
artist.blank? || !artist.is_banned? || CurrentUser.is_builder?
|
|
end
|
|
|
|
def other_names_array
|
|
other_names.to_s.scan(/\S+/)
|
|
end
|
|
end
|