eBooru/app/controllers/favorites_controller.rb

# frozen_string_literal: true

class FavoritesController < ApplicationController
  before_action :member_only, except: [:index]
  before_action :ensure_lockdown_disabled, except: %i[index]
  respond_to :html, :json
  skip_before_action :api_check

  def index
    if params[:tags]
      redirect_to(posts_path(tags: params[:tags]))
    else
      user_id = params[:user_id] || CurrentUser.user.id
      @user = User.find(user_id)

      if @user.hide_favorites?
        raise Favorite::HiddenError
      end

      @post_set = PostSets::Favorites.new(@user, params[:page], limit: params[:limit])
      @posts = PostsDecorator.decorate_collection(@post_set.posts)
      respond_with(@posts) do |fmt|
        fmt.json do
          render json: @post_set.api_posts, root: "posts"
        end
      end
    end
  end

  def create
    @post = Post.find(params[:post_id])
    FavoriteManager.add!(user: CurrentUser.user, post: @post)
    flash.now[:notice] = "You have favorited this post"

    respond_with(@post)
  rescue Favorite::Error, ActiveRecord::RecordInvalid => x
    render_expected_error(422, x.message)
  end

  def destroy
    @post = Post.find(params[:id])
    FavoriteManager.remove!(user: CurrentUser.user, post: @post)

    flash.now[:notice] = "You have unfavorited this post"
    respond_with(@post)
  rescue Favorite::Error => x
    render_expected_error(422, x.message)
  end

  def ensure_lockdown_disabled
    access_denied if Security::Lockdown.favorites_disabled? && !CurrentUser.is_staff?
  end
end
[RuboCop] Enable `Style/FrozenStringLiteralComment` This reduces allocations on the posts page by about 5%, from basic testing 2024-02-25 12:15:55 -05:00			`# frozen_string_literal: true`

stubbed in blank controllers/helpers/functional tests 2010-03-10 18:21:43 -05:00			`class FavoritesController < ApplicationController`
Raise error on unpermitted params. Fail loudly if we forget to whitelist a param instead of silently ignoring it. misc models: convert to strong params. artist commentaries: convert to strong params. * Disallow changing or setting post_id to a nonexistent post. artists: convert to strong params. * Disallow setting `is_banned` in create/update actions. Changing it this way instead of with the ban/unban actions would leave the artist in a partially banned state. bans: convert to strong params. * Disallow changing the user_id after the ban has been created. comments: convert to strong params. favorite groups: convert to strong params. news updates: convert to strong params. post appeals: convert to strong params. post flags: convert to strong params. * Disallow users from setting the `is_deleted` / `is_resolved` flags. ip bans: convert to strong params. user feedbacks: convert to strong params. * Disallow users from setting `disable_dmail_notification` when creating feedbacks. * Disallow changing the user_id after the feedback has been created. notes: convert to strong params. wiki pages: convert to strong params. * Also fix non-Builders being able to delete wiki pages. saved searches: convert to strong params. pools: convert to strong params. * Disallow setting `post_count` or `is_deleted` in create/update actions. janitor trials: convert to strong params. post disapprovals: convert to strong params. * Factor out quick-mod bar to shared partial. * Fix quick-mod bar to use `Post#is_approvable?` to determine visibility of Approve button. dmail filters: convert to strong params. password resets: convert to strong params. user name change requests: convert to strong params. posts: convert to strong params. users: convert to strong params. * Disallow setting password_hash, last_logged_in_at, last_forum_read_at, has_mail, and dmail_filter_attributes[user_id]. * Remove initialize_default_image_size (dead code). uploads: convert to strong params. * Remove `initialize_status` because status already defaults to pending in the database. tag aliases/implications: convert to strong params. tags: convert to strong params. forum posts: convert to strong params. * Disallow changing the topic_id after creating the post. * Disallow setting is_deleted (destroy/undelete actions should be used instead). * Remove is_sticky / is_locked (nonexistent attributes). forum topics: convert to strong params. * merges https://github.com/evazion/danbooru/tree/wip-rails-5.1 * lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4) * switch to factorybot and change all references Co-authored-by: r888888888 <r888888888@gmail.com> Co-authored-by: evazion <noizave@gmail.com> add diffs 2018-04-02 13:51:26 -04:00			`before_action :member_only, except: [:index]`
[Security] Implement read only mode (#821) 2024-12-08 22:28:31 -05:00			`before_action :ensure_lockdown_disabled, except: %i[index]`
Confirmed deletion conversions 2020-02-14 23:17:19 -05:00			`respond_to :html, :json`
Raise error on unpermitted params. Fail loudly if we forget to whitelist a param instead of silently ignoring it. misc models: convert to strong params. artist commentaries: convert to strong params. * Disallow changing or setting post_id to a nonexistent post. artists: convert to strong params. * Disallow setting `is_banned` in create/update actions. Changing it this way instead of with the ban/unban actions would leave the artist in a partially banned state. bans: convert to strong params. * Disallow changing the user_id after the ban has been created. comments: convert to strong params. favorite groups: convert to strong params. news updates: convert to strong params. post appeals: convert to strong params. post flags: convert to strong params. * Disallow users from setting the `is_deleted` / `is_resolved` flags. ip bans: convert to strong params. user feedbacks: convert to strong params. * Disallow users from setting `disable_dmail_notification` when creating feedbacks. * Disallow changing the user_id after the feedback has been created. notes: convert to strong params. wiki pages: convert to strong params. * Also fix non-Builders being able to delete wiki pages. saved searches: convert to strong params. pools: convert to strong params. * Disallow setting `post_count` or `is_deleted` in create/update actions. janitor trials: convert to strong params. post disapprovals: convert to strong params. * Factor out quick-mod bar to shared partial. * Fix quick-mod bar to use `Post#is_approvable?` to determine visibility of Approve button. dmail filters: convert to strong params. password resets: convert to strong params. user name change requests: convert to strong params. posts: convert to strong params. users: convert to strong params. * Disallow setting password_hash, last_logged_in_at, last_forum_read_at, has_mail, and dmail_filter_attributes[user_id]. * Remove initialize_default_image_size (dead code). uploads: convert to strong params. * Remove `initialize_status` because status already defaults to pending in the database. tag aliases/implications: convert to strong params. tags: convert to strong params. forum posts: convert to strong params. * Disallow changing the topic_id after creating the post. * Disallow setting is_deleted (destroy/undelete actions should be used instead). * Remove is_sticky / is_locked (nonexistent attributes). forum topics: convert to strong params. * merges https://github.com/evazion/danbooru/tree/wip-rails-5.1 * lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4) * switch to factorybot and change all references Co-authored-by: r888888888 <r888888888@gmail.com> Co-authored-by: evazion <noizave@gmail.com> add diffs 2018-04-02 13:51:26 -04:00			`skip_before_action :api_check`
Kill trailing whitespace in ruby files 2013-03-19 08:10:10 -04:00
fixed tests 2010-11-19 17:20:13 -05:00			`def index`
* Refactored PostSet, splitting it into PostSets::Post and PostSets::Favorite * Additional functional tests 2010-12-01 17:21:05 -05:00			`if params[:tags]`
[Posts] Rework the post search page to be mobile-first (#855) 2025-01-26 09:26:11 -05:00			`redirect_to(posts_path(tags: params[:tags]))`
* Refactored PostSet, splitting it into PostSets::Post and PostSets::Favorite * Additional functional tests 2010-12-01 17:21:05 -05:00			`else`
fixes #1410; fix user argument for favorite post set 2013-05-05 07:36:07 -04:00			`user_id = params[:user_id] \|\| CurrentUser.user.id`
Fix document title when viewing other users' favorites 2013-07-14 19:44:35 -04:00			`@user = User.find(user_id)`
enable user privacy mode for displaying favorites 2016-02-22 15:18:19 -05:00
			`if @user.hide_favorites?`
[Users] Hide favorites of blocked users Also show the error notice when searching by tag 2022-09-11 13:49:13 -04:00			`raise Favorite::HiddenError`
enable user privacy mode for displaying favorites 2016-02-22 15:18:19 -05:00			`end`

[Posts] Rework the post search page to be mobile-first (#855) 2025-01-26 09:26:11 -05:00			`@post_set = PostSets::Favorites.new(@user, params[:page], limit: params[:limit])`
			`@posts = PostsDecorator.decorate_collection(@post_set.posts)`
			`respond_with(@posts) do \|fmt\|`
Save progress on theme options page 2020-03-30 19:48:24 -04:00			`fmt.json do`
[Posts] Rework the post search page to be mobile-first (#855) 2025-01-26 09:26:11 -05:00			`render json: @post_set.api_posts, root: "posts"`
Save progress on theme options page 2020-03-30 19:48:24 -04:00			`end`
			`end`
* Refactored PostSet, splitting it into PostSets::Post and PostSets::Favorite * Additional functional tests 2010-12-01 17:21:05 -05:00			`end`
fixed tests 2010-11-19 17:20:13 -05:00			`end`
Kill trailing whitespace in ruby files 2013-03-19 08:10:10 -04:00
stubbed in blank controllers/helpers/functional tests 2010-03-10 18:21:43 -05:00			`def create`
Fix #3813: Favorite limit can be bypassed. 2018-08-12 15:22:08 -04:00			`@post = Post.find(params[:post_id])`
Moved favs/voting out into managers to consolidate logic While the logic was not particularly complex or spread out it was made more complicated by the models being dependant on one another. This creates a central entry point for voting and favorites and coordinates all transactions. TODO: upvote/downvote/fav metatags in tag section result in an error because they attempt to change the transaction isolation mode during an outer transaction. 2019-03-31 16:25:55 -04:00			`FavoriteManager.add!(user: CurrentUser.user, post: @post)`
posts/show: fix flash message when faving/unfaving posts. Bug: if you faved a post, then opened another page in a separate tab, then the "You have favorited this post" flash message would appear in the separate tab. Fixes regression in bcaee199. 2018-08-15 21:14:51 -04:00			`flash.now[:notice] = "You have favorited this post"`
add favorite/unfavorite links to mobile page 2014-09-05 19:46:22 -04:00
Fix #3813: Favorite limit can be bypassed. 2018-08-12 15:22:08 -04:00			`respond_with(@post)`
Fix favorite error reporting 2020-03-06 18:39:46 -05:00			`rescue Favorite::Error, ActiveRecord::RecordInvalid => x`
			`render_expected_error(422, x.message)`
stubbed in blank controllers/helpers/functional tests 2010-03-10 18:21:43 -05:00			`end`
Kill trailing whitespace in ruby files 2013-03-19 08:10:10 -04:00
stubbed in blank controllers/helpers/functional tests 2010-03-10 18:21:43 -05:00			`def destroy`
[Gems] Bump rubocop/regenerate todo 987 files inspected, 6509 offenses detected, 6224 offenses autocorrectable 2023-08-01 13:32:24 -04:00			`@post = Post.find(params[:id])`
			`FavoriteManager.remove!(user: CurrentUser.user, post: @post)`
add favorite/unfavorite links to mobile page 2014-09-05 19:46:22 -04:00
posts/show: fix flash message when faving/unfaving posts. Bug: if you faved a post, then opened another page in a separate tab, then the "You have favorited this post" flash message would appear in the separate tab. Fixes regression in bcaee199. 2018-08-15 21:14:51 -04:00			`flash.now[:notice] = "You have unfavorited this post"`
Fix #3813: Favorite limit can be bypassed. 2018-08-12 15:22:08 -04:00			`respond_with(@post)`
Fix favorite error reporting 2020-03-06 18:39:46 -05:00			`rescue Favorite::Error => x`
			`render_expected_error(422, x.message)`
stubbed in blank controllers/helpers/functional tests 2010-03-10 18:21:43 -05:00			`end`
[Security] Implement read only mode (#821) 2024-12-08 22:28:31 -05:00
			`def ensure_lockdown_disabled`
			`access_denied if Security::Lockdown.favorites_disabled? && !CurrentUser.is_staff?`
			`end`
stubbed in blank controllers/helpers/functional tests 2010-03-10 18:21:43 -05:00			`end`