jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
e4e79c027efcb6bfbcbb85b382bf5f54291900fd
danbooru/app/models/application_record.rb
r888888888 abce4d2551 Raise error on unpermitted params. 
Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs
2018-04-06 18:09:57 -07:00

185 lines
5.1 KiB
Ruby
Raw Blame History

class ApplicationRecord < ActiveRecord::Base
self.abstract_class = true
include Danbooru::Paginator::ActiveRecordExtension
concerning :SearchMethods do
class_methods do
# range: "5", ">5", "<5", ">=5", "<=5", "5..10", "5,6,7"
def attribute_matches(attribute, range)
return all if range.blank?
column = column_for_attribute(attribute)
qualified_column = "#{table_name}.#{column.name}"
parsed_range = Tag.parse_helper(range, column.type)
PostQueryBuilder.new(nil).add_range_relation(parsed_range, qualified_column, self)
end
def apply_default_order(params)
if params[:order] == "custom"
parse_ids = Tag.parse_helper(params[:id])
if parse_ids[0] == :in
return find_ordered(parse_ids[1])
end
end
return default_order
end
def default_order
order(id: :desc)
end
def find_ordered(ids)
order_clause = []
ids.each do |id|
order_clause << sanitize_sql_array(["ID=? DESC", id])
end
where(id: ids).order(order_clause.join(', '))
end
def search(params = {})
params ||= {}
q = all
q = q.attribute_matches(:id, params[:id])
q = q.attribute_matches(:created_at, params[:created_at]) if attribute_names.include?("created_at")
q = q.attribute_matches(:updated_at, params[:updated_at]) if attribute_names.include?("updated_at")
q
end
end
end
module ApiMethods
extend ActiveSupport::Concern
def as_json(options = {})
options ||= {}
options[:except] ||= []
options[:except] += hidden_attributes
options[:methods] ||= []
options[:methods] += method_attributes
super(options)
end
def to_xml(options = {}, &block)
options ||= {}
options[:except] ||= []
options[:except] += hidden_attributes
options[:methods] ||= []
options[:methods] += method_attributes
super(options, &block)
end
def serializable_hash(*args)
hash = super(*args)
hash.transform_keys { |key| key.delete("?") }
end
protected
def hidden_attributes
[:uploader_ip_addr, :updater_ip_addr, :creator_ip_addr, :ip_addr]
end
def method_attributes
[]
end
end
concerning :ActiveRecordExtensions do
class_methods do
def without_timeout
connection.execute("SET STATEMENT_TIMEOUT = 0") unless Rails.env == "test"
yield
ensure
connection.execute("SET STATEMENT_TIMEOUT = #{CurrentUser.user.try(:statement_timeout) || 3_000}") unless Rails.env == "test"
end
def with_timeout(n, default_value = nil, new_relic_params = {})
connection.execute("SET STATEMENT_TIMEOUT = #{n}") unless Rails.env == "test"
yield
rescue ::ActiveRecord::StatementInvalid => x
if Rails.env.production?
NewRelic::Agent.notice_error(x, :custom_params => new_relic_params.merge(:user_id => CurrentUser.id, :user_ip_addr => CurrentUser.ip_addr))
end
return default_value
ensure
connection.execute("SET STATEMENT_TIMEOUT = #{CurrentUser.user.try(:statement_timeout) || 3_000}") unless Rails.env == "test"
end
end
%w(execute select_value select_values select_all).each do |method_name|
define_method("#{method_name}_sql") do |sql, *params|
self.class.connection.__send__(method_name, self.class.send(:sanitize_sql_array, [sql, *params]))
end
self.class.__send__(:define_method, "#{method_name}_sql") do |sql, *params|
connection.__send__(method_name, send(:sanitize_sql_array, [sql, *params]))
end
end
end
concerning :PostgresExtensions do
class_methods do
def columns(*params)
super.reject {|x| x.sql_type == "tsvector"}
end
def test_connection
limit(1).select(:id)
return true
rescue PG::Error
return false
end
end
end
concerning :UserMethods do
class_methods do
def belongs_to_creator(options = {})
class_eval do
belongs_to :creator, options.merge(class_name: "User")
before_validation(on: :create) do |rec|
if rec.creator_id.nil?
rec.creator_id = CurrentUser.id
rec.creator_ip_addr = CurrentUser.ip_addr if rec.respond_to?(:creator_ip_addr=)
rec.ip_addr = CurrentUser.ip_addr if rec.respond_to?(:ip_addr=)
end
end
define_method :creator_name do
User.id_to_name(creator_id)
end
end
end
def belongs_to_updater(options = {})
class_eval do
belongs_to :updater, options.merge(class_name: "User")
before_validation do |rec|
rec.updater_id = CurrentUser.id
rec.updater_ip_addr = CurrentUser.ip_addr if rec.respond_to?(:updater_ip_addr=)
end
define_method :updater_name do
User.id_to_name(updater_id)
end
end
end
end
end
def warnings
@warnings ||= ActiveModel::Errors.new(self)
end
include ApiMethods
end
Reference in New Issue View Git Blame Copy Permalink