Fix #3842: Mods can demote other mods or admins.

2018-08-25 13:52:50 -05:00 · 2018-08-25 13:52:50 -05:00 · 3dafca9aec
commit 3dafca9aec
parent 0bb787d987
7 changed files with 1 additions and 111 deletions
--- a/app/controllers/moderator/invitations_controller.rb
+++ b/app/controllers/moderator/invitations_controller.rb
@ -1,17 +0,0 @@
-module Moderator
-  class InvitationsController < ApplicationController
-    before_action :moderator_only
-
-    def new
-    end
-
-    def create
-      User.find(params[:invitation][:user_id]).invite!(params[:invitation][:level], params[:invitation][:can_upload_free])
-      redirect_to moderator_invitations_path
-    end
-
-    def index
-      @users = User.where("inviter_id = ?", CurrentUser.id).paginate(params[:page])
-    end
-  end
-end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -150,7 +150,7 @@ module ApplicationHelper
      html << " [" + link_to("+", new_user_feedback_path(:user_feedback => {:category => "positive", :user_id => user.id})) + "]"

      unless user.is_gold?
-        html << " [" + link_to("invite", new_moderator_invitation_path(:invitation => {:name => user.name, :can_upload_free => "1"})) + "]"
+        html << " [" + link_to("promote", edit_admin_user_path(user)) + "]"
      end
    else
      html << " [" + link_to("&ndash;".html_safe, new_user_feedback_path(:user_feedback => {:category => "negative", :user_id => user.id})) + "]"
--- a/app/helpers/moderator/invitations_helper.rb
+++ b/app/helpers/moderator/invitations_helper.rb
@ -1,10 +0,0 @@
-module Moderator
-  module InvitationsHelper
-    def level_select
-      choices = []
-      choices << ["Gold", User::Levels::GOLD]
-      choices << ["Platinum", User::Levels::PLATINUM]
-      select(:invitation, :level, choices)
-    end
-  end
-end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -135,22 +135,6 @@ class User < ApplicationRecord
    end
  end

-  module InvitationMethods
-    def invite!(level, can_upload_free)
-      if can_upload_free
-        self.can_upload_free = true
-      else
-        self.can_upload_free = false
-      end
-
-      if level.to_i <= Levels::BUILDER
-        self.level = level
-        self.inviter_id = CurrentUser.id
-        save
-      end
-    end
-  end
-
  module NameMethods
    extend ActiveSupport::Concern

@ -909,7 +893,6 @@ class User < ApplicationRecord
  include BlacklistMethods
  include ForumMethods
  include LimitMethods
-  include InvitationMethods
  include ApiMethods
  include CountMethods
  extend SearchMethods
--- a/app/views/moderator/invitations/index.html.erb
+++ b/app/views/moderator/invitations/index.html.erb
@ -1,17 +0,0 @@
-<div id="c-moderator-invitations">
-  <div id="a-index">
-    <h1>Invitations</h1>
-
-    <ul>
-      <% @users.each do |user| %>
-        <li><%= link_to_user user %></li>
-      <% end %>
-    </ul>
-
-    <%= numbered_paginator(@users) %>
-  </div>
-</div>
-
-<% content_for(:page_title) do %>
-  Invitations - <%= Danbooru.config.app_name %>
-<% end %>
--- a/app/views/moderator/invitations/new.html.erb
+++ b/app/views/moderator/invitations/new.html.erb
@ -1,28 +0,0 @@
-<div id="c-moderator-invitations">
-  <div id="a-new">
-    <h1>New Invitation</h1>
-
-    <%= form_tag(moderator_invitations_path, :class => "simple_form") do %>
-      <div class="input">
-        <label>User</label>
-        <%= text_field :invitation, :user_name, :value => params[:invitation][:name] %>
-      </div>
-
-      <div class="input">
-        <label>Level</label>
-        <%= level_select %>
-      </div>
-
-      <div class="input">
-        <label>Unrestricted Uploads</label>
-        <%= check_box :invitation, :can_upload_free %>
-      </div>
-
-      <%= submit_tag %>
-    <% end %>
-  </div>
-</div>
-
-<% content_for(:page_title) do %>
-  New Invitation - <%= Danbooru.config.app_name %>
-<% end %>
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@ -38,27 +38,6 @@ class UserTest < ActiveSupport::TestCase
      end
    end

-    context "that has been invited by a mod" do
-      setup do
-        @mod = FactoryBot.create(:moderator_user)
-      end
-
-      should "work" do
-        @user.invite!(User::Levels::BUILDER, "1")
-        @user.reload
-        assert_equal(User::Levels::BUILDER, @user.level)
-        assert_equal(true, @user.can_upload_free)
-      end
-
-      should "create a mod action" do
-        assert_difference("ModAction.count") do
-          @user.invite!(User::Levels::BUILDER, "1")
-        end
-        assert_equal(%{"#{@user.name}":/users/#{@user.id} level changed Member -> Builder}, ModAction.last.description)
-        assert_equal("user_level", ModAction.last.category)
-      end
-    end
-
    should "not validate if the originating ip address is banned" do
      FactoryBot.create(:ip_ban, ip_addr: '127.0.0.1')
      user = FactoryBot.build(:user)