Files

evazion 7d503f088e posts: stop using pool_string attribute.

Stop using the pool_string attribute on posts:

* Stop updating it when adding or removing posts from pools.
* Stop returning pool_string in the /posts.json API.
* Stop including the `data-pools` attribute on thumbnails.

The pool_string attribute was used in the past to facilitate pool:X
searches. Posts had a hidden pool_string attribute that contained a list
of every pool the post belonged to. These pools were treated like fake
hidden tags on the post and a search for `pool:X` was treated like a tag
search.

The pool_string has no longer been used for this purpose for a long time
now, and was only maintained for API compatibility purposes. Getting rid
of it eliminates a bunch of legacy cruft relating to adding and removing
posts from pools.

If you need to see which pools a post belongs to, do this:

* https://danbooru.donmai.us/pools.json?search[post_ids_include_any]=318550

The `data-pools` attribute on thumbnails was used by some people to add
custom borders to pooled posts with custom CSS. This will no longer
work. This was already broken because it included things like collection
pools and deleted pools, which you probably didn't want. Use a
userscript to add this attribute back to thumbnails if you need it.

2021-10-07 05:55:43 -05:00

admin

Remove /admin/dashboard page.

2021-01-16 03:32:11 -06:00

explore

api: add /explore/posts/searches.json, /explore/posts/missed_searches.json.

2020-06-27 02:09:51 -05:00

maintenance/user

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

moderator

rate limits: adjust limits for various actions.

2021-03-05 16:02:57 -06:00

api_keys_controller.rb

api keys: require reauthentication when working with API keys.

2021-02-15 00:17:31 -06:00

application_controller.rb

puma: add rack-timeout gem.

2021-09-12 09:32:12 -05:00

artist_commentaries_controller.rb

pundit: convert artist commentaries to pundit.

2020-03-20 18:03:01 -05:00

artist_commentary_versions_controller.rb

Add alternate comparison types to versions

2020-03-17 18:31:20 +00:00

artist_urls_controller.rb

reltags: remove mark inactive button from artist urls.

2020-03-20 17:55:08 -05:00

artist_versions_controller.rb

artists: redact version histories of banned artists.

2021-02-07 23:28:50 -06:00

artists_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

autocomplete_controller.rb

autocomplete: rework cache policy.

2020-12-13 00:45:22 -06:00

bans_controller.rb

bans: change expires_at field to duration.

2021-03-11 02:59:58 -06:00

bulk_update_requests_controller.rb

pundit: convert bulk update requests to pundit.

2020-03-20 18:03:00 -05:00

comment_votes_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

comments_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

counts_controller.rb

discord: fix tag search commands being limited to 2 tags.

2021-03-14 16:42:07 -05:00

delayed_jobs_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

dmails_controller.rb

dmails, emails: refactor to use Rails signed_id.

2021-01-17 00:24:02 -06:00

dtext_links_controller.rb

views: replace .category-N css classes with .tag-type-N

2020-02-16 04:35:37 -06:00

dtext_previews_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

emails_controller.rb

users: use sudo mode when changing email addresses.

2021-05-19 01:10:03 -05:00

favorite_group_orders_controller.rb

pundit: convert favorite groups to pundit.

2020-03-20 18:03:01 -05:00

favorite_groups_controller.rb

Fix #4670 : Replace RequestStore with AS::CurrentAttributes.

2021-01-16 12:43:20 -06:00

favorites_controller.rb

rate limits: adjust limits for various actions.

2021-03-05 16:02:57 -06:00

forum_post_votes_controller.rb

pundit: convert forum post votes to pundit.

2020-03-20 18:03:01 -05:00

forum_posts_controller.rb

rate limits: adjust limits for various actions.

2021-03-05 16:02:57 -06:00

forum_topic_visits_controller.rb

Fix saved searces, news updates, ip bans being dumped to BigQuery.

2021-03-10 03:08:49 -06:00

forum_topics_controller.rb

Fix #4895 : Deleted forum topics visible by default in index.

2021-10-01 17:14:48 -05:00

ip_addresses_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

ip_bans_controller.rb

ip bans: add hit counter, deleted flag, new ban type.

2020-04-06 14:13:22 -05:00

ip_geolocations_controller.rb

users: track logins, signups, and other user events.

2021-01-08 22:34:37 -06:00

iqdb_queries_controller.rb

iqdb: allow searching images by iqdb hash.

2021-09-02 03:37:36 -05:00

legacy_controller.rb

routes: remove legacy /user/index and /artist/index API endpoints.

2020-12-24 00:17:26 -06:00

media_assets_controller.rb

/media_assets: add basic index and show pages.

2021-09-29 07:46:11 -05:00

media_metadata_controller.rb

Add MediaMetadata model.

2021-09-08 05:00:54 -05:00

mock_services_controller.rb

iqdb: update API client to use new version of IQDB.

2021-06-16 05:36:24 -05:00

mod_actions_controller.rb

models: refactor search visibility methods.

2020-02-19 17:08:59 -06:00

moderation_reports_controller.rb

pundit: convert moderation reports to pundit.

2020-03-20 18:03:01 -05:00

modqueue_controller.rb

Fixup regression in 2eb89a835.

2021-09-29 06:28:53 -05:00

news_updates_controller.rb

Fix saved searces, news updates, ip bans being dumped to BigQuery.

2021-03-10 03:08:49 -06:00

note_previews_controller.rb

notes: move sanitization from d_text.rb to note_sanitizer.rb.

2017-06-15 22:58:13 -05:00

note_versions_controller.rb

Add alternate comparison types to versions

2020-03-17 18:31:20 +00:00

notes_controller.rb

notes: include search form on search results page.

2020-12-18 01:59:39 -06:00

password_resets_controller.rb

users: track logins, signups, and other user events.

2021-01-08 22:34:37 -06:00

passwords_controller.rb

users: track logins, signups, and other user events.

2021-01-08 22:34:37 -06:00

pixiv_ugoira_frame_data_controller.rb

Add /pixiv_ugoira_frame_data.json endpoint.

2020-02-24 22:43:03 -06:00

pool_elements_controller.rb

pundit: convert pools to pundit.

2020-03-20 18:03:01 -05:00

pool_orders_controller.rb

pundit: convert pools to pundit.

2020-03-20 18:03:01 -05:00

pool_versions_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

pools_controller.rb

posts: stop using pool_string attribute.

2021-10-07 05:55:43 -05:00

post_appeals_controller.rb

make appeals editable

2021-06-29 14:43:27 -03:00

post_approvals_controller.rb

pundit: convert post approvals to pundit.

2020-03-20 18:03:01 -05:00

post_disapprovals_controller.rb

rate limits: adjust limits for various actions.

2021-03-05 16:02:57 -06:00

post_events_controller.rb

Make more pages publicly accessible to logged out users.

2016-10-17 05:57:05 -05:00

post_flags_controller.rb

Fix #4770 : Allow flaggers to update flag reason.

2021-03-23 01:27:16 -05:00

post_regenerations_controller.rb

post regenerations: regenerate posts asynchronously.

2021-01-04 21:43:27 -06:00

post_replacements_controller.rb

pundit: convert post replacements to pundit.

2020-03-20 18:03:01 -05:00

post_versions_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

post_votes_controller.rb

rate limits: adjust limits for various actions.

2021-03-05 16:02:57 -06:00

posts_controller.rb

Fix various rubocop warnings.

2021-09-27 00:46:13 -05:00

rate_limits_controller.rb

rate limits: add /rate_limits endpoint.

2021-03-05 16:47:20 -06:00

README.md

docs add more docs to app/{jobs,logical}.

2021-06-28 05:09:19 -05:00

recommended_posts_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

related_tags_controller.rb

Add support for using any of the current related tag types

2020-03-06 08:10:26 +00:00

robots_controller.rb

/robots.txt: enable HTTP caching.

2021-03-07 18:35:37 -06:00

saved_searches_controller.rb

Fix saved searces, news updates, ip bans being dumped to BigQuery.

2021-03-10 03:08:49 -06:00

sessions_controller.rb

logins: don't return api_token field in API.

2021-02-15 14:28:31 -06:00

sources_controller.rb

Render "Fetch source data" box html server-side.

2018-09-08 15:42:16 -05:00

static_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

status_controller.rb

/status: show HTTP request headers and client IP.

2021-05-06 00:32:24 -05:00

tag_aliases_controller.rb

aliases/implications: log manual deletions by admins.

2021-09-06 03:25:02 -05:00

tag_implications_controller.rb

aliases/implications: log manual deletions by admins.

2021-09-06 03:25:02 -05:00

tags_controller.rb

Fix #4601 : Hide deleted pools by default in pool search.

2021-09-29 05:44:59 -05:00

uploads_controller.rb

rubocop: fix various Rubocop warnings.

2021-06-17 04:17:53 -05:00

user_events_controller.rb

users: track logins, signups, and other user events.

2021-01-08 22:34:37 -06:00

user_feedbacks_controller.rb

pundit: convert user feedbacks to pundit.

2020-03-20 18:03:00 -05:00

user_name_change_requests_controller.rb

Fix #4670 : Replace RequestStore with AS::CurrentAttributes.

2021-01-16 12:43:20 -06:00

user_sessions_controller.rb

users: track logins, signups, and other user events.

2021-01-08 22:34:37 -06:00

user_upgrades_controller.rb

user upgrades: allow using promo codes during checkout.

2021-01-01 04:24:24 -06:00

users_controller.rb

custom css: don't add !important to every line.

2021-03-16 20:04:09 -05:00

webhooks_controller.rb

discord: add initial slash command integration.

2021-03-11 03:04:10 -06:00

wiki_page_versions_controller.rb

Add alternate comparison types to versions

2020-03-17 18:31:20 +00:00

wiki_pages_controller.rb

wikis: redirect legacy title param to show page.

2020-03-31 18:13:41 -05:00

README.md

Controllers

Controllers are the entry points to Danbooru. Every URL on the site corresponds to a controller action. When a request for an URL is made, the corresponding controller action is called to handle the request.

Controllers follow a convention where, for example, the URL https://danbooru.donmai.us/posts/1234 is handled by the #show method inside the PostsController living at app/controllers/posts_controller.rb. https://danbooru.donmai.us/posts?tags=touhou is handled by the #index method in the PostsController. The HTML template for the response lives at app/views/posts/index.html.erb. See below for more examples.

Controllers are responsible for taking the URL parameters, checking whether the user is authorized to perform the action, actually performing the action, then returning the response. Most controllers simply fetch or update a model, then render an HTML template from app/views in response.

Example

A standard controller looks something like this:

class BansController < ApplicationController
  def new
    @ban = authorize Ban.new(permitted_attributes(Ban))
    respond_with(@ban)
  end

  def edit
    @ban = authorize Ban.find(params[:id])
    respond_with(@ban)
  end

  def index
    @bans = authorize Ban.paginated_search(params, count_pages: true)
    respond_with(@bans)
  end

  def show
    @ban = authorize Ban.find(params[:id])
    respond_with(@ban)
  end

  def create
    @ban = authorize Ban.new(banner: CurrentUser.user, **permitted_attributes(Ban))
    @ban.save
    respond_with(@ban, location: bans_path)
  end

  def update
    @ban = authorize Ban.find(params[:id])
    @ban.update(permitted_attributes(@ban))
    respond_with(@ban)
  end

  def destroy
    @ban = authorize Ban.find(params[:id])
    @ban.destroy
    respond_with(@ban)
  end
end

Routes

Each controller action above corresponds to an URL:

Controller Action	URL	Route	Route Helper	View
BansController#new	https://danbooru.donmai.us/bans/new	GET /bans/new	new_ban_path	app/views/bans/new.html.erb
BansController#edit	https://danbooru.donmai.us/bans/1234/edit	GET /bans/:id/edit	edit_ban_path(@ban)	app/views/bans/edit.html.erb
BansController#index	https://danbooru.donmai.us/bans	GET /bans	bans_path	app/views/bans/index.html.erb
BansController#show	https://danbooru.donmai.us/bans/1234	GET /bans/:id	ban_path(@ban)	app/views/bans/show.html.erb
BansController#create	POST https://danbooru.donmai.us/bans	POST /bans
BansController#update	PUT https://danbooru.donmai.us/bans/1234	PUT /bans/:id
BansController#destroy	DELETE https://danbooru.donmai.us/bans/1234	DELETE /bans/:id

These routes are defined in config/routes.rb.

Authorization

Most permission checks for whether a user has permission to do something happen inside controllers, using authorize calls.

The authorize method comes from the Pundit framework. This method checks whether the current user is authorized to perform the current action. If not, it raises a Pundit::NotAuthorizedError, which is caught in the ApplicationController.

The actual authorization logic for these calls lives in app/policies. They follow a convention where the authorization logic for the BansController#create action lives in BanPolicy#create?, which lives in app/policies/ban_policy.rb. The call to authorize in the controller simply finds and calls the ban policy.

The #create, #new, and #update actions also use permitted_attributes to check that the user is allowed to update the model attributes they're trying to update. This also comes from the Pundit framework. See the permitted_attributes_for_create and permitted_attributes_for_update methods in app/policies.

Responses

Controllers use respond_with(@post) to generate a response. This comes from the Responders gem. respond_with does the following:

Detects whether the user wants an HTML, JSON, or XML response.
Renders an HTML template from app/views for HTML requests.
Renders JSON or XML for API requests.
Handles universal URL parameters, like only or includes.
Handles universal behavior, like returning 200 OK for successful responses, or returning an error if trying to save a model with validation errors.

HTML Responses

The HTML templates for controller actions live in app/views. For example, the template for PostsController#show, which corresponds to https://danbooru.donmai.us/posts/1234, lives in app/views/posts/show.html.erb.

Instance variables set by controllers are automatically inherited by views. For example, if a controller sets @post, then the @post variable will be available in the view.

API Responses

All URLs support JSON or XML responses. This is handled by respond_with.

The response format can be chosen in several ways. First, by adding a .json or .xml file extension:

Second, by setting the format URL parameter:

Third, by setting the Accept HTTP header:

curl -H "Accept: application/json" https://danbooru.donmai.us/posts
curl -H "Accept: application/xml" https://danbooru.donmai.us/posts

When generating API responses, respond_with uses the api_attributes method inside app/policies to determine which attributes are visible to the current user.

Application Controller

Global behavior that runs on every request lives inside the ApplicationController. This includes the following:

Setting the current user based on their session cookies or API keys.
Checking rate limits.
Checking for IP bans.
Adding certain HTTP headers.
Handling exceptions.

README.md

Controllers

Example

Routes

Authorization

Responses

HTML Responses

API Responses

Application Controller

See also

External links