eBooru/app/models/user_name_change_request.rb

# frozen_string_literal: true

class UserNameChangeRequest < ApplicationRecord
  after_initialize :initialize_attributes, if: :new_record?
  validates :user_id, :original_name, :desired_name, presence: true
  validates :status, inclusion: { :in => %w(pending approved rejected) }
  belongs_to :user
  belongs_to :approver, :class_name => "User", optional: true
  validate :not_limited, :on => :create
  validates :desired_name, user_name: true
  attr_accessor :skip_limited_validation

  def initialize_attributes
    self.user_id ||= CurrentUser.user.id
    self.original_name ||= CurrentUser.user.name
  end

  def self.pending
    where(:status => "pending")
  end

  def self.approved
    where(:status => "approved")
  end

  def self.search(params)
    q = super

    q = q.where_user(:user_id, :current, params)

    if params[:original_name].present?
      q = q.where_ilike(:original_name, User.normalize_name(params[:original_name]))
    end

    if params[:desired_name].present?
      q = q.where_ilike(:desired_name, User.normalize_name(params[:desired_name]))
    end

    q.apply_basic_order(params)
  end

  def rejected?
    status == "rejected"
  end

  def approved?
    status == "approved"
  end

  def pending?
    status == "pending"
  end

  def approve!
    update(:status => "approved", :approver_id => CurrentUser.user.id)
    user.update_attribute(:name, desired_name)
    body = "Your name change request has been approved. Be sure to log in with your new user name."
    Dmail.create_automated(:title => "Name change request approved", :body => body, :to_id => user_id)
  end

  def not_limited
    return true if skip_limited_validation == true
    if UserNameChangeRequest.where("user_id = ? and created_at >= ?", CurrentUser.user.id, 1.week.ago).exists?
      errors.add(:base, "You can only submit one name change request per week")
      return false
    else
      return true
    end
  end

  def hidden_attributes
    if CurrentUser.is_admin? || user == CurrentUser.user
      []
    else
      super + [:change_reason, :rejection_reason]
    end
  end
end
[RuboCop] Enable `Style/FrozenStringLiteralComment` This reduces allocations on the posts page by about 5%, from basic testing 2024-02-25 12:15:55 -05:00			`# frozen_string_literal: true`

Inherit models from ApplicationRecord instead of ActiveRecord::Base. 2017-06-14 22:27:53 -04:00			`class UserNameChangeRequest < ApplicationRecord`
Raise error on unpermitted params. Fail loudly if we forget to whitelist a param instead of silently ignoring it. misc models: convert to strong params. artist commentaries: convert to strong params. * Disallow changing or setting post_id to a nonexistent post. artists: convert to strong params. * Disallow setting `is_banned` in create/update actions. Changing it this way instead of with the ban/unban actions would leave the artist in a partially banned state. bans: convert to strong params. * Disallow changing the user_id after the ban has been created. comments: convert to strong params. favorite groups: convert to strong params. news updates: convert to strong params. post appeals: convert to strong params. post flags: convert to strong params. * Disallow users from setting the `is_deleted` / `is_resolved` flags. ip bans: convert to strong params. user feedbacks: convert to strong params. * Disallow users from setting `disable_dmail_notification` when creating feedbacks. * Disallow changing the user_id after the feedback has been created. notes: convert to strong params. wiki pages: convert to strong params. * Also fix non-Builders being able to delete wiki pages. saved searches: convert to strong params. pools: convert to strong params. * Disallow setting `post_count` or `is_deleted` in create/update actions. janitor trials: convert to strong params. post disapprovals: convert to strong params. * Factor out quick-mod bar to shared partial. * Fix quick-mod bar to use `Post#is_approvable?` to determine visibility of Approve button. dmail filters: convert to strong params. password resets: convert to strong params. user name change requests: convert to strong params. posts: convert to strong params. users: convert to strong params. * Disallow setting password_hash, last_logged_in_at, last_forum_read_at, has_mail, and dmail_filter_attributes[user_id]. * Remove initialize_default_image_size (dead code). uploads: convert to strong params. * Remove `initialize_status` because status already defaults to pending in the database. tag aliases/implications: convert to strong params. tags: convert to strong params. forum posts: convert to strong params. * Disallow changing the topic_id after creating the post. * Disallow setting is_deleted (destroy/undelete actions should be used instead). * Remove is_sticky / is_locked (nonexistent attributes). forum topics: convert to strong params. * merges https://github.com/evazion/danbooru/tree/wip-rails-5.1 * lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4) * switch to factorybot and change all references Co-authored-by: r888888888 <r888888888@gmail.com> Co-authored-by: evazion <noizave@gmail.com> add diffs 2018-04-02 13:51:26 -04:00			`after_initialize :initialize_attributes, if: :new_record?`
Update validations to use new syntax 2019-09-05 08:59:51 -04:00			`validates :user_id, :original_name, :desired_name, presence: true`
			`validates :status, inclusion: { :in => %w(pending approved rejected) }`
add support for user name changes 2013-03-26 01:03:42 -04:00			`belongs_to :user`
Raise error on unpermitted params. Fail loudly if we forget to whitelist a param instead of silently ignoring it. misc models: convert to strong params. artist commentaries: convert to strong params. * Disallow changing or setting post_id to a nonexistent post. artists: convert to strong params. * Disallow setting `is_banned` in create/update actions. Changing it this way instead of with the ban/unban actions would leave the artist in a partially banned state. bans: convert to strong params. * Disallow changing the user_id after the ban has been created. comments: convert to strong params. favorite groups: convert to strong params. news updates: convert to strong params. post appeals: convert to strong params. post flags: convert to strong params. * Disallow users from setting the `is_deleted` / `is_resolved` flags. ip bans: convert to strong params. user feedbacks: convert to strong params. * Disallow users from setting `disable_dmail_notification` when creating feedbacks. * Disallow changing the user_id after the feedback has been created. notes: convert to strong params. wiki pages: convert to strong params. * Also fix non-Builders being able to delete wiki pages. saved searches: convert to strong params. pools: convert to strong params. * Disallow setting `post_count` or `is_deleted` in create/update actions. janitor trials: convert to strong params. post disapprovals: convert to strong params. * Factor out quick-mod bar to shared partial. * Fix quick-mod bar to use `Post#is_approvable?` to determine visibility of Approve button. dmail filters: convert to strong params. password resets: convert to strong params. user name change requests: convert to strong params. posts: convert to strong params. users: convert to strong params. * Disallow setting password_hash, last_logged_in_at, last_forum_read_at, has_mail, and dmail_filter_attributes[user_id]. * Remove initialize_default_image_size (dead code). uploads: convert to strong params. * Remove `initialize_status` because status already defaults to pending in the database. tag aliases/implications: convert to strong params. tags: convert to strong params. forum posts: convert to strong params. * Disallow changing the topic_id after creating the post. * Disallow setting is_deleted (destroy/undelete actions should be used instead). * Remove is_sticky / is_locked (nonexistent attributes). forum topics: convert to strong params. * merges https://github.com/evazion/danbooru/tree/wip-rails-5.1 * lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4) * switch to factorybot and change all references Co-authored-by: r888888888 <r888888888@gmail.com> Co-authored-by: evazion <noizave@gmail.com> add diffs 2018-04-02 13:51:26 -04:00			`belongs_to :approver, :class_name => "User", optional: true`
fixes #2602: Username changes come through without marking a request as "Approved" 2016-05-27 15:40:12 -04:00			`validate :not_limited, :on => :create`
Disallow unicode whitespace in usernames (#2894). 2017-02-25 02:47:57 -05:00			`validates :desired_name, user_name: true`
Allow admins to change usernames 2019-12-29 09:43:06 -05:00			`attr_accessor :skip_limited_validation`
Raise error on unpermitted params. Fail loudly if we forget to whitelist a param instead of silently ignoring it. misc models: convert to strong params. artist commentaries: convert to strong params. * Disallow changing or setting post_id to a nonexistent post. artists: convert to strong params. * Disallow setting `is_banned` in create/update actions. Changing it this way instead of with the ban/unban actions would leave the artist in a partially banned state. bans: convert to strong params. * Disallow changing the user_id after the ban has been created. comments: convert to strong params. favorite groups: convert to strong params. news updates: convert to strong params. post appeals: convert to strong params. post flags: convert to strong params. * Disallow users from setting the `is_deleted` / `is_resolved` flags. ip bans: convert to strong params. user feedbacks: convert to strong params. * Disallow users from setting `disable_dmail_notification` when creating feedbacks. * Disallow changing the user_id after the feedback has been created. notes: convert to strong params. wiki pages: convert to strong params. * Also fix non-Builders being able to delete wiki pages. saved searches: convert to strong params. pools: convert to strong params. * Disallow setting `post_count` or `is_deleted` in create/update actions. janitor trials: convert to strong params. post disapprovals: convert to strong params. * Factor out quick-mod bar to shared partial. * Fix quick-mod bar to use `Post#is_approvable?` to determine visibility of Approve button. dmail filters: convert to strong params. password resets: convert to strong params. user name change requests: convert to strong params. posts: convert to strong params. users: convert to strong params. * Disallow setting password_hash, last_logged_in_at, last_forum_read_at, has_mail, and dmail_filter_attributes[user_id]. * Remove initialize_default_image_size (dead code). uploads: convert to strong params. * Remove `initialize_status` because status already defaults to pending in the database. tag aliases/implications: convert to strong params. tags: convert to strong params. forum posts: convert to strong params. * Disallow changing the topic_id after creating the post. * Disallow setting is_deleted (destroy/undelete actions should be used instead). * Remove is_sticky / is_locked (nonexistent attributes). forum topics: convert to strong params. * merges https://github.com/evazion/danbooru/tree/wip-rails-5.1 * lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4) * switch to factorybot and change all references Co-authored-by: r888888888 <r888888888@gmail.com> Co-authored-by: evazion <noizave@gmail.com> add diffs 2018-04-02 13:51:26 -04:00
			`def initialize_attributes`
			`self.user_id \|\|= CurrentUser.user.id`
			`self.original_name \|\|= CurrentUser.user.name`
			`end`
Allow admins to change usernames 2019-12-29 09:43:06 -05:00
add support for user name changes 2013-03-26 01:03:42 -04:00			`def self.pending`
			`where(:status => "pending")`
			`end`
implements user name change requests 2013-03-26 18:13:03 -04:00
			`def self.approved`
			`where(:status => "approved")`
			`end`
Show previous usernames to members; link to actual change requests. 2017-01-11 14:07:39 -05:00
[Users] Add search to name change requests 2022-01-22 10:36:50 -05:00			`def self.search(params)`
			`q = super`

[Search] Unify user lookup There was lots of duplication between id/name searching, with a plethora of different approaches. Now it's all in one place. A few places that didn't have name/id search previously now do. 2023-08-03 16:01:53 -04:00			`q = q.where_user(:user_id, :current, params)`
[Users] Add search to name change requests 2022-01-22 10:36:50 -05:00
			`if params[:original_name].present?`
[Users] Allow wildcards for original/desired namechange search 2022-12-30 13:10:39 -05:00			`q = q.where_ilike(:original_name, User.normalize_name(params[:original_name]))`
[Users] Add search to name change requests 2022-01-22 10:36:50 -05:00			`end`

			`if params[:desired_name].present?`
[Users] Allow wildcards for original/desired namechange search 2022-12-30 13:10:39 -05:00			`q = q.where_ilike(:desired_name, User.normalize_name(params[:desired_name]))`
[Users] Add search to name change requests 2022-01-22 10:36:50 -05:00			`end`

[Search] Allow ascending order for IDs 2023-07-07 08:32:57 -04:00			`q.apply_basic_order(params)`
[Users] Add search to name change requests 2022-01-22 10:36:50 -05:00			`end`

implements user name change requests 2013-03-26 18:13:03 -04:00			`def rejected?`
			`status == "rejected"`
			`end`
Allow admins to change usernames 2019-12-29 09:43:06 -05:00
fixes #1128 2013-03-29 15:40:38 -04:00			`def approved?`
			`status == "approved"`
			`end`
Name changes: format processed requests more nicely. 2017-01-14 19:29:45 -05:00
			`def pending?`
			`status == "pending"`
			`end`
Allow admins to change usernames 2019-12-29 09:43:06 -05:00
add support for user name changes 2013-03-26 01:03:42 -04:00			`def approve!`
Fix deprecated usage of update_attributes 2019-09-09 12:37:58 -04:00			`update(:status => "approved", :approver_id => CurrentUser.user.id)`
add support for user name changes 2013-03-26 01:03:42 -04:00			`user.update_attribute(:name, desired_name)`
			`body = "Your name change request has been approved. Be sure to log in with your new user name."`
dmails: send automated dmails from Danbooru.config.system_user. Sends automated dmails from `Danbooru.config.system_user`, rather than whichever user is performing the action happens to be (usually User.admins.first). Also adds a notice in the view that the dmail was automated. 2017-02-23 21:15:29 -05:00			`Dmail.create_automated(:title => "Name change request approved", :body => body, :to_id => user_id)`
add support for user name changes 2013-03-26 01:03:42 -04:00			`end`
Allow admins to change usernames 2019-12-29 09:43:06 -05:00
implements user name change requests 2013-03-26 18:13:03 -04:00			`def not_limited`
Allow admins to change usernames 2019-12-29 09:43:06 -05:00			`return true if skip_limited_validation == true`
implements user name change requests 2013-03-26 18:13:03 -04:00			`if UserNameChangeRequest.where("user_id = ? and created_at >= ?", CurrentUser.user.id, 1.week.ago).exists?`
			`errors.add(:base, "You can only submit one name change request per week")`
			`return false`
			`else`
			`return true`
			`end`
			`end`
Fix exploit making user name change reasons being public in API. 2017-01-19 18:38:27 -05:00
			`def hidden_attributes`
			`if CurrentUser.is_admin? \|\| user == CurrentUser.user`
			`[]`
			`else`
			`super + [:change_reason, :rejection_reason]`
			`end`
			`end`
add support for user name changes 2013-03-26 01:03:42 -04:00			`end`