eBooru/app/controllers/post_replacements_controller.rb

# frozen_string_literal: true

class PostReplacementsController < ApplicationController
  respond_to :html, :json
  before_action :member_only, only: [:create, :new]
  before_action :approver_only, only: [:approve, :reject, :promote, :toggle_penalize]
  before_action :admin_only, only: [:destroy]
  before_action :ensure_uploads_enabled, only: [:new, :create]

  content_security_policy only: [:new] do |p|
    p.img_src :self, :data, :blob, "*"
    p.media_src :self, :data, :blob, "*"
  end

  def new
    check_allow_create
    @post = Post.find(params[:post_id])
    @post_replacement = @post.replacements.new
    respond_with(@post_replacement)
  end

  def create
    check_allow_create
    @post = Post.find(params[:post_id])
    @post_replacement = @post.replacements.create(create_params.merge(creator_id: CurrentUser.id, creator_ip_addr: CurrentUser.ip_addr))
    @post_replacement.notify_reupload
    if @post_replacement.errors.none?
      flash[:notice] = "Post replacement submitted"
    end

    if CurrentUser.can_approve_posts? && !@post_replacement.upload_as_pending?
      if @post_replacement.errors.any?
        respond_to do |format|
          format.json do
            return render json: { success: false, message: @post_replacement.errors.full_messages.join("; ") }, status: 412
          end
        end
      end

      @post_replacement.approve!(penalize_current_uploader: CurrentUser.id != @post.uploader_id)
    end

    respond_to do |format|
      format.json do
        return render json: { success: false, message: @post_replacement.errors.full_messages.join("; ") }, status: 412 if @post_replacement.errors.any?

        render json: { success: true, location: post_path(@post) }
      end
    end
  end

  def approve
    @post_replacement = PostReplacement.find(params[:id])
    @post_replacement.approve!(penalize_current_uploader: params[:penalize_current_uploader])

    respond_with(@post_replacement, location: post_path(@post_replacement.post))
  end

  def toggle_penalize
    @post_replacement = PostReplacement.find(params[:id])
    @post_replacement.toggle_penalize!

    respond_with(@post_replacement)
  end

  def reject
    @post_replacement = PostReplacement.find(params[:id])
    @post_replacement.reject!

    respond_with(@post_replacement, location: post_path(@post_replacement.post))
  end

  def destroy
    @post_replacement = PostReplacement.find(params[:id])
    @post_replacement.destroy

    respond_with(@post_replacement, location: post_path(@post_replacement.post))
  end

  def promote
    @post_replacement = PostReplacement.find(params[:id])
    @upload = @post_replacement.promote!
    if @post_replacement.errors.any?
      respond_with(@post_replacement)
    elsif @upload.errors.any?
      respond_with(@upload)
    else
      respond_with(@upload.post)
    end
  end

  def index
    params[:search][:post_id] = params.delete(:post_id) if params.key?(:post_id)
    @post_replacements = PostReplacement.includes(:post).visible(CurrentUser.user).search(search_params).paginate(params[:page], limit: params[:limit])

    respond_with(@post_replacements)
  end

  private

  def check_allow_create
    return if CurrentUser.can_replace?

    raise User::PrivilegeError, "You are not part of the replacements beta"
  end

  def create_params
    params.require(:post_replacement).permit(:replacement_url, :replacement_file, :reason, :source, :as_pending)
  end

  def ensure_uploads_enabled
    access_denied if Security::Lockdown.uploads_disabled? || CurrentUser.user.level < Security::Lockdown.uploads_min_level
  end
end
[RuboCop] Enable `Style/FrozenStringLiteralComment` This reduces allocations on the posts page by about 5%, from basic testing 2024-02-25 12:15:55 -05:00			`# frozen_string_literal: true`

Add /post_replacements.json, /posts/1234/replacements.json. 2017-05-14 19:49:57 -04:00			`class PostReplacementsController < ApplicationController`
[Replacements] Use ajax for approve/reject/toggle/promote actions 2021-06-26 12:25:25 -04:00			`respond_to :html, :json`
[Replacements] Allow specific user to replace images This option is only temporary, once it is rolled out for eveyone this can be reverted, and simply use is_member in the access check 2022-01-30 07:33:14 -05:00			`before_action :member_only, only: [:create, :new]`
[PostReplacements] Check approval permission instead of level Closes #490 2023-03-23 14:20:44 -04:00			`before_action :approver_only, only: [:approve, :reject, :promote, :toggle_penalize]`
[Users] Don't allow moderators to destroy replacements The check is already correct in the view 2023-03-23 15:17:12 -04:00			`before_action :admin_only, only: [:destroy]`
[Replacements] Respect the danger zone upload restriction Closes #460 2022-12-27 16:28:06 -05:00			`before_action :ensure_uploads_enabled, only: [:new, :create]`
[Replacements] Allow specific user to replace images This option is only temporary, once it is rolled out for eveyone this can be reverted, and simply use is_member in the access check 2022-01-30 07:33:14 -05:00
[Replacements] Add upload preview to replacement uploader 2021-03-27 23:11:25 -04:00			`content_security_policy only: [:new] do \|p\|`
[Uploader] Fix preview for large local files on firefox Firefox implemented a size check for those, breaking previews for large files. This is also a significant performance improvement for all browser 2022-04-20 15:21:11 -04:00			`p.img_src :self, :data, :blob, "*"`
[Replacements] Use the normal uploader This automatically adds: * Video previews * Thumbnail url warnings * Prevent selecting both file and url And probably a bit more 2022-05-22 16:18:03 -04:00			`p.media_src :self, :data, :blob, "*"`
[Replacements] Add upload preview to replacement uploader 2021-03-27 23:11:25 -04:00			`end`
Add /post_replacements.json, /posts/1234/replacements.json. 2017-05-14 19:49:57 -04:00
Move post replacement create action to post replacements controller. 2017-05-14 19:52:34 -04:00			`def new`
[Replacements] Allow specific user to replace images This option is only temporary, once it is rolled out for eveyone this can be reverted, and simply use is_member in the access check 2022-01-30 07:33:14 -05:00			`check_allow_create`
[Replacements] Small UI tweaks 2021-04-25 22:36:38 -04:00			`@post = Post.find(params[:post_id])`
			`@post_replacement = @post.replacements.new`
posts/show: load flag/appeal/replacement dialogs via ajax (#3922). 2018-09-26 18:17:46 -04:00			`respond_with(@post_replacement)`
Move post replacement create action to post replacements controller. 2017-05-14 19:52:34 -04:00			`end`

			`def create`
[Replacements] Allow specific user to replace images This option is only temporary, once it is rolled out for eveyone this can be reverted, and simply use is_member in the access check 2022-01-30 07:33:14 -05:00			`check_allow_create`
Move post replacement create action to post replacements controller. 2017-05-14 19:52:34 -04:00			`@post = Post.find(params[:post_id])`
Post replacement system 2020-05-10 18:07:43 -04:00			`@post_replacement = @post.replacements.create(create_params.merge(creator_id: CurrentUser.id, creator_ip_addr: CurrentUser.ip_addr))`
[Posts] Overhaul destroyed posts (#672) 2024-07-13 20:05:50 -04:00			`@post_replacement.notify_reupload`
[Replacements] Fully use vue for creating new replacement 2022-08-20 11:13:36 -04:00			`if @post_replacement.errors.none?`
[Replacements] Limit actions that can be taken for certain stati 2021-06-26 09:05:44 -04:00			`flash[:notice] = "Post replacement submitted"`
[Replacements] Continued progress [Replacements] Fix exceptions when processing replacements [Replacements] Fix handling of invalid file types [Replacements] Fix error reporting and promote dupe checking [Replacements] Prevent duplicate replacements from cropping up 2020-06-11 20:55:37 -04:00			`end`
[Replacements] Allow janitor+ to auto approve submitted replacements (#650) 2024-07-25 13:26:05 -04:00
			`if CurrentUser.can_approve_posts? && !@post_replacement.upload_as_pending?`
			`if @post_replacement.errors.any?`
			`respond_to do \|format\|`
			`format.json do`
			`return render json: { success: false, message: @post_replacement.errors.full_messages.join("; ") }, status: 412`
			`end`
			`end`
			`end`

			`@post_replacement.approve!(penalize_current_uploader: CurrentUser.id != @post.uploader_id)`
			`end`

[Replacements] Fully use vue for creating new replacement 2022-08-20 11:13:36 -04:00			`respond_to do \|format\|`
			`format.json do`
			`return render json: { success: false, message: @post_replacement.errors.full_messages.join("; ") }, status: 412 if @post_replacement.errors.any?`

			`render json: { success: true, location: post_path(@post) }`
			`end`
			`end`
Move post replacement create action to post replacements controller. 2017-05-14 19:52:34 -04:00			`end`

Post replacement system 2020-05-10 18:07:43 -04:00			`def approve`
/post_replacements: allow updating image metadata in past replacements. 2017-12-18 18:57:05 -05:00			`@post_replacement = PostReplacement.find(params[:id])`
[Replacements] Record original uploader Add a link to users profile to search for their replaced posts and give janitors the option to penalize the user when appropriate 2021-06-26 07:01:26 -04:00			`@post_replacement.approve!(penalize_current_uploader: params[:penalize_current_uploader])`
[Replacements] Use ajax for approve/reject/toggle/promote actions 2021-06-26 12:25:25 -04:00
[Replacements] Add test for upload limit changes 2021-06-26 18:21:01 -04:00			`respond_with(@post_replacement, location: post_path(@post_replacement.post))`
Post replacement system 2020-05-10 18:07:43 -04:00			`end`

[Replacements] Allow toggling user penalize 2021-06-26 08:01:07 -04:00			`def toggle_penalize`
			`@post_replacement = PostReplacement.find(params[:id])`
			`@post_replacement.toggle_penalize!`
[Replacements] Use ajax for approve/reject/toggle/promote actions 2021-06-26 12:25:25 -04:00
[Replacements] Allow toggling user penalize 2021-06-26 08:01:07 -04:00			`respond_with(@post_replacement)`
			`end`

Post replacement system 2020-05-10 18:07:43 -04:00			`def reject`
			`@post_replacement = PostReplacement.find(params[:id])`
			`@post_replacement.reject!`

[Replacements] Use ajax for approve/reject/toggle/promote actions 2021-06-26 12:25:25 -04:00			`respond_with(@post_replacement, location: post_path(@post_replacement.post))`
Post replacement system 2020-05-10 18:07:43 -04:00			`end`

			`def destroy`
			`@post_replacement = PostReplacement.find(params[:id])`
			`@post_replacement.destroy`
/post_replacements: allow updating image metadata in past replacements. 2017-12-18 18:57:05 -05:00
[Replacements] Add test for upload limit changes 2021-06-26 18:21:01 -04:00			`respond_with(@post_replacement, location: post_path(@post_replacement.post))`
/post_replacements: allow updating image metadata in past replacements. 2017-12-18 18:57:05 -05:00			`end`

[Replacements] Continued progress [Replacements] Fix exceptions when processing replacements [Replacements] Fix handling of invalid file types [Replacements] Fix error reporting and promote dupe checking [Replacements] Prevent duplicate replacements from cropping up 2020-06-11 20:55:37 -04:00			`def promote`
			`@post_replacement = PostReplacement.find(params[:id])`
[Replacements] Limit actions that can be taken for certain stati 2021-06-26 09:05:44 -04:00			`@upload = @post_replacement.promote!`
			`if @post_replacement.errors.any?`
[Replacements] Use ajax for approve/reject/toggle/promote actions 2021-06-26 12:25:25 -04:00			`respond_with(@post_replacement)`
[Replacements] Limit actions that can be taken for certain stati 2021-06-26 09:05:44 -04:00			`elsif @upload.errors.any?`
			`respond_with(@upload)`
[Tests] Fix post replacement controller tests 2020-11-20 14:21:37 -05:00			`else`
[Replacements] Add test for upload limit changes 2021-06-26 18:21:01 -04:00			`respond_with(@upload.post)`
[Tests] Fix post replacement controller tests 2020-11-20 14:21:37 -05:00			`end`
[Replacements] Continued progress [Replacements] Fix exceptions when processing replacements [Replacements] Fix handling of invalid file types [Replacements] Fix error reporting and promote dupe checking [Replacements] Prevent duplicate replacements from cropping up 2020-06-11 20:55:37 -04:00			`end`

Add /post_replacements.json, /posts/1234/replacements.json. 2017-05-14 19:49:57 -04:00			`def index`
[Replacements] Allow specific user to replace images This option is only temporary, once it is rolled out for eveyone this can be reverted, and simply use is_member in the access check 2022-01-30 07:33:14 -05:00			`params[:search][:post_id] = params.delete(:post_id) if params.key?(:post_id)`
[Replacements] Hide thumbnails on deleted posts loginblocked/safeblocked and the blacklist still don't apply but for that to work it'll have to be redone in a different way 2021-06-25 11:34:16 -04:00			`@post_replacements = PostReplacement.includes(:post).visible(CurrentUser.user).search(search_params).paginate(params[:page], limit: params[:limit])`
Add /post_replacements.json, /posts/1234/replacements.json. 2017-05-14 19:49:57 -04:00
			`respond_with(@post_replacements)`
			`end`
Move post replacement create action to post replacements controller. 2017-05-14 19:52:34 -04:00
[Replacements] Allow specific user to replace images This option is only temporary, once it is rolled out for eveyone this can be reverted, and simply use is_member in the access check 2022-01-30 07:33:14 -05:00			`private`

			`def check_allow_create`
			`return if CurrentUser.can_replace?`

			`raise User::PrivilegeError, "You are not part of the replacements beta"`
			`end`

Move post replacement create action to post replacements controller. 2017-05-14 19:52:34 -04:00			`def create_params`
[Replacements] Allow janitor+ to auto approve submitted replacements (#650) 2024-07-25 13:26:05 -04:00			`params.require(:post_replacement).permit(:replacement_url, :replacement_file, :reason, :source, :as_pending)`
/post_replacements: allow updating image metadata in past replacements. 2017-12-18 18:57:05 -05:00			`end`
[Replacements] Respect the danger zone upload restriction Closes #460 2022-12-27 16:28:06 -05:00
			`def ensure_uploads_enabled`
[Security] Implement read only mode (#821) 2024-12-08 22:28:31 -05:00			`access_denied if Security::Lockdown.uploads_disabled? \|\| CurrentUser.user.level < Security::Lockdown.uploads_min_level`
[Replacements] Respect the danger zone upload restriction Closes #460 2022-12-27 16:28:06 -05:00			`end`
Add /post_replacements.json, /posts/1234/replacements.json. 2017-05-14 19:49:57 -04:00			`end`