f38c38f26e
When doing a tag search, we have to be careful about which user we're running the search as because the results depend on the current user. Specifically, things like private favorites, private favorite groups, post votes, saved searches, and flagger names depend on the user's permissions, and whether non-safe or deleted posts are filtered out depend on whether the user has safe mode on or the hide deleted posts setting enabled. * Refactor internal searches to explicitly state whether they're running as the system user (DanbooruBot) or as the current user. * Explicitly pass in the current user to PostQueryBuilder instead of implicitly relying on the CurrentUser global. * Get rid of CurrentUser.admin_mode? (used to ignore the hide deleted post setting) and CurrentUser.without_safe_mode (used to ignore safe mode). * Change the /counts/posts.json endpoint to ignore safe mode and the hide deleted posts settings when counting posts. * Fix searches not correctly overriding the hide deleted posts setting when multiple status: metatags were used (e.g. `status:banned status:active`) * Fix fast_count not respecting the hide deleted posts setting when the status:banned metatag was used.
122 lines
3.5 KiB
Ruby
122 lines
3.5 KiB
Ruby
class PostsController < ApplicationController
|
|
respond_to :html, :xml, :json, :js
|
|
layout "sidebar"
|
|
|
|
def index
|
|
if params[:md5].present?
|
|
@post = authorize Post.find_by!(md5: params[:md5])
|
|
respond_with(@post) do |format|
|
|
format.html { redirect_to(@post) }
|
|
end
|
|
else
|
|
tag_query = params[:tags] || params.dig(:post, :tags)
|
|
@post_set = PostSets::Post.new(tag_query, params[:page], params[:limit], random: params[:random], format: params[:format])
|
|
@posts = authorize @post_set.posts, policy_class: PostPolicy
|
|
respond_with(@posts) do |format|
|
|
format.atom
|
|
end
|
|
end
|
|
end
|
|
|
|
def show
|
|
@post = authorize Post.find(params[:id])
|
|
|
|
if request.format.html?
|
|
@comments = @post.comments
|
|
@comments = @comments.includes(:creator)
|
|
@comments = @comments.includes(:votes) if CurrentUser.is_member?
|
|
@comments = @comments.visible(CurrentUser.user)
|
|
|
|
include_deleted = @post.is_deleted? || (@post.parent_id.present? && @post.parent.is_deleted?) || CurrentUser.user.show_deleted_children?
|
|
@sibling_posts = @post.parent.present? ? @post.parent.children : Post.none
|
|
@sibling_posts = @sibling_posts.undeleted unless include_deleted
|
|
|
|
@child_posts = @post.children
|
|
@child_posts = @child_posts.undeleted unless include_deleted
|
|
end
|
|
|
|
respond_with(@post) do |format|
|
|
format.html.tooltip { render layout: false }
|
|
end
|
|
end
|
|
|
|
def show_seq
|
|
authorize Post
|
|
context = PostSearchContext.new(params)
|
|
if context.post_id
|
|
redirect_to(post_path(context.post_id, q: params[:q]))
|
|
else
|
|
redirect_to(post_path(params[:id], q: params[:q]))
|
|
end
|
|
end
|
|
|
|
def update
|
|
@post = authorize Post.find(params[:id])
|
|
@post.update(permitted_attributes(@post))
|
|
respond_with_post_after_update(@post)
|
|
end
|
|
|
|
def revert
|
|
@post = authorize Post.find(params[:id])
|
|
@version = @post.versions.find(params[:version_id])
|
|
@post.revert_to!(@version)
|
|
|
|
respond_with(@post) do |format|
|
|
format.js
|
|
end
|
|
end
|
|
|
|
def copy_notes
|
|
@post = Post.find(params[:id])
|
|
@other_post = authorize Post.find(params[:other_post_id].to_i)
|
|
@post.copy_notes_to(@other_post)
|
|
|
|
if @post.errors.any?
|
|
@error_message = @post.errors.full_messages.join("; ")
|
|
render :json => {:success => false, :reason => @error_message}.to_json, :status => 400
|
|
else
|
|
head :no_content
|
|
end
|
|
end
|
|
|
|
def random
|
|
@post = Post.user_tag_match(params[:tags]).random
|
|
raise ActiveRecord::RecordNotFound if @post.nil?
|
|
authorize @post
|
|
respond_with(@post) do |format|
|
|
format.html { redirect_to post_path(@post, :tags => params[:tags]) }
|
|
end
|
|
end
|
|
|
|
def mark_as_translated
|
|
@post = authorize Post.find(params[:id])
|
|
@post.mark_as_translated(params[:post])
|
|
respond_with_post_after_update(@post)
|
|
end
|
|
|
|
private
|
|
|
|
def respond_with_post_after_update(post)
|
|
respond_with(post) do |format|
|
|
format.html do
|
|
if post.warnings.any?
|
|
flash[:notice] = post.warnings.full_messages.join(".\n \n")
|
|
end
|
|
|
|
if post.errors.any?
|
|
@error_message = post.errors.full_messages.join("; ")
|
|
render :template => "static/error", :status => 500
|
|
else
|
|
response_params = {:q => params[:tags_query], :pool_id => params[:pool_id], :favgroup_id => params[:favgroup_id]}
|
|
response_params.reject! {|key, value| value.blank?}
|
|
redirect_to post_path(post, response_params)
|
|
end
|
|
end
|
|
|
|
format.json do
|
|
render :json => post.to_json
|
|
end
|
|
end
|
|
end
|
|
end
|