From 81d9fabe7bf2d8249402dea99871ea0a8897f746 Mon Sep 17 00:00:00 2001 From: jomo Date: Tue, 21 Jun 2016 23:41:04 +0200 Subject: [PATCH 01/11] allow mods to resend confirmation emails for other users --- app/controllers/users_controller.rb | 2 +- app/views/users/show.html.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index bd511df..db46cd8 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -139,7 +139,7 @@ class UsersController < ApplicationController end def resend_mail - if @user.is?(current_user) && !confirmed? + if (@user.is?(current_user) || mod) && !confirmed? RedstonerMailer.register_mail(@user, false).deliver_now flash[:notice] = "Check your inbox for the confirmation mail." else diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index 0a5431c..e371a09 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -21,7 +21,7 @@ <% end %> <% if !@user.confirmed? %> - <% if @user.is?(current_user) %> + <% if @user.is?(current_user) || mod? %> Please confirm your email <%= @user.email %> ! <%= button_to "Resend the confirmation mail", resend_mail_user_path, class: "btn dark", form_class: "inline-block", data: {confirm: "Did you check your spam folder?"} %> <% else %> -- 2.52.0 From bb1d2c0c3e2ae1444145cf07cee1e2ef933f546c Mon Sep 17 00:00:00 2001 From: Jonas Folvik Date: Fri, 24 Jun 2016 13:47:28 +0200 Subject: [PATCH 02/11] resend mail bug fix We can now send the mail when you are mod and you also don't need to be unconfirmed yourself. a better fix this is just a better fix to my last commit --- app/controllers/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index db46cd8..5dc0e80 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -139,7 +139,7 @@ class UsersController < ApplicationController end def resend_mail - if (@user.is?(current_user) || mod) && !confirmed? + if (@user.is?(current_user) || mod?) && !@user.confirmed? RedstonerMailer.register_mail(@user, false).deliver_now flash[:notice] = "Check your inbox for the confirmation mail." else -- 2.52.0 From d9ae4e7d3a3fbfd19d7d549692dc71b6e76060f7 Mon Sep 17 00:00:00 2001 From: jomo Date: Mon, 11 Jul 2016 21:06:12 +0200 Subject: [PATCH 03/11] restrict edit page access to users allowed to update --- app/controllers/forums_controller.rb | 4 ++++ app/controllers/forumthreads_controller.rb | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/app/controllers/forums_controller.rb b/app/controllers/forums_controller.rb index 2841be9..ecf570e 100644 --- a/app/controllers/forums_controller.rb +++ b/app/controllers/forums_controller.rb @@ -16,6 +16,10 @@ class ForumsController < ApplicationController end def edit + unless admin? + flash[:alert] = "You are not allowed to change a forum" + redirect_to forums_path + end end def new diff --git a/app/controllers/forumthreads_controller.rb b/app/controllers/forumthreads_controller.rb index ac090f5..b9b5714 100644 --- a/app/controllers/forumthreads_controller.rb +++ b/app/controllers/forumthreads_controller.rb @@ -11,6 +11,10 @@ class ForumthreadsController < ApplicationController end def edit + unless mod? || @thread.author.is?(current_user) + flash[:alert] = "You are not allowed to edit this thread!" + redirect_to @thread + end end def new -- 2.52.0 From 072f38a373562e2f14a9ee4c0abcf09ae311b9f3 Mon Sep 17 00:00:00 2001 From: jomo Date: Tue, 19 Jul 2016 14:50:03 +0200 Subject: [PATCH 04/11] check mod+ rank when updating comment --- app/controllers/comments_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index 49975cd..b69053e 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -33,7 +33,7 @@ class CommentsController < ApplicationController def update @comment = Comment.find(params[:id]) - if mod? || @comment.author.is?(current_user) + if (mod? && current_user.role >= @comment.author.role) || @comment.author.is?(current_user) @comment.user_editor = current_user @comment.attributes = comment_params old_content = @comment.content_was -- 2.52.0 From f6929da548880fa18ed14a9b6a24442ad680fa2e Mon Sep 17 00:00:00 2001 From: jomo Date: Tue, 19 Jul 2016 14:53:41 +0200 Subject: [PATCH 05/11] check mod+ rank when dealing with thread replies --- app/controllers/threadreplies_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/threadreplies_controller.rb b/app/controllers/threadreplies_controller.rb index 946155d..235f037 100644 --- a/app/controllers/threadreplies_controller.rb +++ b/app/controllers/threadreplies_controller.rb @@ -2,7 +2,7 @@ class ThreadrepliesController < ApplicationController def edit @reply = Threadreply.find(params[:id]) - if mod? || @reply.author.is?(current_user) + if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user) else flash[:alert] = "You are not allowed to edit this reply" redirect_to @reply.thread @@ -32,7 +32,7 @@ class ThreadrepliesController < ApplicationController def update @reply = Threadreply.find(params[:id]) - if mod? || @reply.author.is?(current_user) + if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user) old_content = @reply.content_was if @reply.update_attributes(reply_params) @reply.send_new_reply_mail(old_content) @@ -52,7 +52,7 @@ class ThreadrepliesController < ApplicationController def destroy @reply = Threadreply.find(params[:id]) - if mod? || @reply.author.is?(current_user) + if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user) if @reply.destroy flash[:notice] = "Reply deleted!" else -- 2.52.0 From f2353eebcc22212f3fe5e817f1fdee4edb810805 Mon Sep 17 00:00:00 2001 From: jomo Date: Tue, 19 Jul 2016 14:56:00 +0200 Subject: [PATCH 06/11] check mod+ rank when dealing with forum threads --- app/controllers/forumthreads_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/forumthreads_controller.rb b/app/controllers/forumthreads_controller.rb index b9b5714..f9d31a3 100644 --- a/app/controllers/forumthreads_controller.rb +++ b/app/controllers/forumthreads_controller.rb @@ -11,7 +11,7 @@ class ForumthreadsController < ApplicationController end def edit - unless mod? || @thread.author.is?(current_user) + unless (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) flash[:alert] = "You are not allowed to edit this thread!" redirect_to @thread end @@ -46,7 +46,7 @@ class ForumthreadsController < ApplicationController end def update - if mod? || @thread.author.is?(current_user) + if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) @thread.user_editor = current_user @thread.attributes = (mod? ? thread_params([:sticky, :locked, :forum_id, :label_id]) : thread_params) old_content = @thread.content_was @@ -64,7 +64,7 @@ class ForumthreadsController < ApplicationController end def destroy - if mod? || @thread.author.is?(current_user) + if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) if @thread.destroy flash[:notice] = "Thread deleted!" else -- 2.52.0 From 76076bbdf2c80279bcc9a34e31c960e9d58d7ed4 Mon Sep 17 00:00:00 2001 From: jomo Date: Tue, 19 Jul 2016 15:06:40 +0200 Subject: [PATCH 07/11] fix edit link permission checks for comments, threads, replies --- app/views/comments/_comment.html.erb | 2 +- app/views/forumthreads/show.html.erb | 2 +- app/views/threadreplies/_reply.html.erb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb index 286cf1b..147e85b 100644 --- a/app/views/comments/_comment.html.erb +++ b/app/views/comments/_comment.html.erb @@ -6,7 +6,7 @@ <%= ago c.created_at %> <% end %> - <%= link_to "edit", edit_blogpost_comment_path(c.blogpost, c), class: "editlink" if (mod? || c.author.is?(current_user)) %> + <%= link_to "edit", edit_blogpost_comment_path(c.blogpost, c), class: "editlink" if (mod? && current_user.role >= c.author.role) || c.author.is?(current_user) %>
diff --git a/app/views/forumthreads/show.html.erb b/app/views/forumthreads/show.html.erb index 10cfeb6..206ae09 100644 --- a/app/views/forumthreads/show.html.erb +++ b/app/views/forumthreads/show.html.erb @@ -8,7 +8,7 @@ <%= link_to p do %> <%= ago @thread.created_at %> <% end %> - <%= link_to "edit", edit_forumthread_path( @thread), class: "editlink" if (@thread.author.is?(current_user) || mod?) %> + <%= link_to "edit", edit_forumthread_path( @thread), class: "editlink" if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) %>
diff --git a/app/views/threadreplies/_reply.html.erb b/app/views/threadreplies/_reply.html.erb index 88e4bfb..b3a344e 100644 --- a/app/views/threadreplies/_reply.html.erb +++ b/app/views/threadreplies/_reply.html.erb @@ -6,7 +6,7 @@ <%= ago reply.created_at %> <% end %> - <%= link_to "edit", edit_forumthread_threadreply_path(reply.thread, reply), class: "editlink" if mod? || reply.author.is?(current_user) %> + <%= link_to "edit", edit_forumthread_threadreply_path(reply.thread, reply), class: "editlink" if (mod? && current_user.role >= reply.author.role) || reply.author.is?(current_user) %>
-- 2.52.0 From c9e7015f4c675aa3f1320ab70836edd05d7a1208 Mon Sep 17 00:00:00 2001 From: jomo Date: Wed, 20 Jul 2016 14:21:41 +0200 Subject: [PATCH 08/11] update slack URL --- app/views/layouts/_footer.html.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/layouts/_footer.html.erb b/app/views/layouts/_footer.html.erb index c4c81d0..930eb26 100644 --- a/app/views/layouts/_footer.html.erb +++ b/app/views/layouts/_footer.html.erb @@ -15,8 +15,8 @@ Twitter <%= image_tag("twitter.png") %> <% end %> <% if current_user %> - | <%= link_to "http://slack.redstoner.com/?" + {mail: current_user.try(:email)}.to_param do %> - Join us on Slack + | <%= link_to "/slack/?" + {mail: current_user.try(:email)}.to_param do %> + Join us on Slack <% end %> <% end %>
-- 2.52.0 From b057cb591344828ceead2d8b156832d332a9991d Mon Sep 17 00:00:00 2001 From: jomo Date: Sun, 24 Jul 2016 22:30:00 +0200 Subject: [PATCH 09/11] remove annoying permission check for comments, forums, threads, replies --- app/controllers/comments_controller.rb | 6 +++--- app/controllers/forumthreads_controller.rb | 6 +++--- app/controllers/threadreplies_controller.rb | 6 +++--- app/views/comments/_comment.html.erb | 2 +- app/views/forumthreads/show.html.erb | 2 +- app/views/threadreplies/_reply.html.erb | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index b69053e..3c2f57d 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -4,7 +4,7 @@ class CommentsController < ApplicationController def edit @comment = Comment.find(params[:id]) - if (mod? && current_user.role >= @comment.author.role) || @comment.author.is?(current_user) + if mod? || @comment.author.is?(current_user) else flash[:alert] = "You are not allowed to edit this comment" redirect_to @comment.blogpost @@ -33,7 +33,7 @@ class CommentsController < ApplicationController def update @comment = Comment.find(params[:id]) - if (mod? && current_user.role >= @comment.author.role) || @comment.author.is?(current_user) + if mod? || @comment.author.is?(current_user) @comment.user_editor = current_user @comment.attributes = comment_params old_content = @comment.content_was @@ -55,7 +55,7 @@ class CommentsController < ApplicationController def destroy @comment = Comment.find(params[:id]) - if (mod? && current_user.role >= @comment.author.role) || @comment.author.is?(current_user) + if mod? || @comment.author.is?(current_user) if @comment.destroy flash[:notice] = "Comment deleted!" else diff --git a/app/controllers/forumthreads_controller.rb b/app/controllers/forumthreads_controller.rb index f9d31a3..b9b5714 100644 --- a/app/controllers/forumthreads_controller.rb +++ b/app/controllers/forumthreads_controller.rb @@ -11,7 +11,7 @@ class ForumthreadsController < ApplicationController end def edit - unless (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) + unless mod? || @thread.author.is?(current_user) flash[:alert] = "You are not allowed to edit this thread!" redirect_to @thread end @@ -46,7 +46,7 @@ class ForumthreadsController < ApplicationController end def update - if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) + if mod? || @thread.author.is?(current_user) @thread.user_editor = current_user @thread.attributes = (mod? ? thread_params([:sticky, :locked, :forum_id, :label_id]) : thread_params) old_content = @thread.content_was @@ -64,7 +64,7 @@ class ForumthreadsController < ApplicationController end def destroy - if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) + if mod? || @thread.author.is?(current_user) if @thread.destroy flash[:notice] = "Thread deleted!" else diff --git a/app/controllers/threadreplies_controller.rb b/app/controllers/threadreplies_controller.rb index 235f037..946155d 100644 --- a/app/controllers/threadreplies_controller.rb +++ b/app/controllers/threadreplies_controller.rb @@ -2,7 +2,7 @@ class ThreadrepliesController < ApplicationController def edit @reply = Threadreply.find(params[:id]) - if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user) + if mod? || @reply.author.is?(current_user) else flash[:alert] = "You are not allowed to edit this reply" redirect_to @reply.thread @@ -32,7 +32,7 @@ class ThreadrepliesController < ApplicationController def update @reply = Threadreply.find(params[:id]) - if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user) + if mod? || @reply.author.is?(current_user) old_content = @reply.content_was if @reply.update_attributes(reply_params) @reply.send_new_reply_mail(old_content) @@ -52,7 +52,7 @@ class ThreadrepliesController < ApplicationController def destroy @reply = Threadreply.find(params[:id]) - if (mod? && current_user.role >= @reply.author.role) || @reply.author.is?(current_user) + if mod? || @reply.author.is?(current_user) if @reply.destroy flash[:notice] = "Reply deleted!" else diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb index 147e85b..b5a05e5 100644 --- a/app/views/comments/_comment.html.erb +++ b/app/views/comments/_comment.html.erb @@ -6,7 +6,7 @@ <%= ago c.created_at %> <% end %> - <%= link_to "edit", edit_blogpost_comment_path(c.blogpost, c), class: "editlink" if (mod? && current_user.role >= c.author.role) || c.author.is?(current_user) %> + <%= link_to "edit", edit_blogpost_comment_path(c.blogpost, c), class: "editlink" if mod? || c.author.is?(current_user) %>
diff --git a/app/views/forumthreads/show.html.erb b/app/views/forumthreads/show.html.erb index 206ae09..876d55d 100644 --- a/app/views/forumthreads/show.html.erb +++ b/app/views/forumthreads/show.html.erb @@ -8,7 +8,7 @@ <%= link_to p do %> <%= ago @thread.created_at %> <% end %> - <%= link_to "edit", edit_forumthread_path( @thread), class: "editlink" if (mod? && current_user.role >= @thread.author.role) || @thread.author.is?(current_user) %> + <%= link_to "edit", edit_forumthread_path( @thread), class: "editlink" if mod? || @thread.author.is?(current_user) %>
diff --git a/app/views/threadreplies/_reply.html.erb b/app/views/threadreplies/_reply.html.erb index b3a344e..88e4bfb 100644 --- a/app/views/threadreplies/_reply.html.erb +++ b/app/views/threadreplies/_reply.html.erb @@ -6,7 +6,7 @@ <%= ago reply.created_at %> <% end %> - <%= link_to "edit", edit_forumthread_threadreply_path(reply.thread, reply), class: "editlink" if (mod? && current_user.role >= reply.author.role) || reply.author.is?(current_user) %> + <%= link_to "edit", edit_forumthread_threadreply_path(reply.thread, reply), class: "editlink" if mod? || reply.author.is?(current_user) %>
-- 2.52.0 From cce749deef267b464c4cb8886d39bfa2d4001fbf Mon Sep 17 00:00:00 2001 From: jomo Date: Tue, 27 Sep 2016 00:15:01 +0200 Subject: [PATCH 10/11] remove index 'email' from register_tokens only records with the same UUID are deleted before INSERTing new ones meaning a player could prevent another one from using a certain address when emails are unique. There's no good reason to force uniqueness on emails in this table --- ...20160926220738_remove_index_email_from_register_tokens.rb | 5 +++++ db/schema.rb | 3 +-- 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 db/migrate/20160926220738_remove_index_email_from_register_tokens.rb diff --git a/db/migrate/20160926220738_remove_index_email_from_register_tokens.rb b/db/migrate/20160926220738_remove_index_email_from_register_tokens.rb new file mode 100644 index 0000000..fc6a355 --- /dev/null +++ b/db/migrate/20160926220738_remove_index_email_from_register_tokens.rb @@ -0,0 +1,5 @@ +class RemoveIndexEmailFromRegisterTokens < ActiveRecord::Migration + def change + remove_index :register_tokens, :email + end +end \ No newline at end of file diff --git a/db/schema.rb b/db/schema.rb index 376e758..2c68029 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150825232749) do +ActiveRecord::Schema.define(version: 20160926220738) do create_table "blogposts", force: :cascade do |t| t.string "title" @@ -82,7 +82,6 @@ ActiveRecord::Schema.define(version: 20150825232749) do t.string "email", null: false end - add_index "register_tokens", ["email"], name: "index_register_tokens_on_email", unique: true, using: :btree add_index "register_tokens", ["uuid"], name: "index_register_tokens_on_uuid", unique: true, using: :btree create_table "roles", force: :cascade do |t| -- 2.52.0 From 00fc8b3fcd10860abb70a57fb6aaab3c476259f2 Mon Sep 17 00:00:00 2001 From: Jonas Folvik Date: Mon, 3 Oct 2016 22:58:27 +0200 Subject: [PATCH 11/11] Changed the content length of forumthreads to 20k because Nemes --- app/models/forumthread.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/models/forumthread.rb b/app/models/forumthread.rb index 892ef15..905e4d3 100644 --- a/app/models/forumthread.rb +++ b/app/models/forumthread.rb @@ -11,7 +11,7 @@ class Forumthread < ActiveRecord::Base validates_presence_of :title, :author, :forum validates_presence_of :content - validates_length_of :content, in: 5..10000 + validates_length_of :content, in: 5..20000 accepts_nested_attributes_for :threadreplies @@ -65,4 +65,4 @@ class Forumthread < ActiveRecord::Base def to_param [id, to_s.parameterize].join("-") end -end \ No newline at end of file +end -- 2.52.0