]> git.openstreetmap.org Git - rails.git/commitdiff
projects / rails.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 886712e)
Don't show unredacted element versions to non-moderators
authorAnton Khorev <tony29@yandex.ru>
Fri, 1 Mar 2024 09:29:06 +0000 (12:29 +0300)
committerAnton Khorev <tony29@yandex.ru>
Fri, 1 Mar 2024 09:29:06 +0000 (12:29 +0300)
app/controllers/old_nodes_controller.rb patch | blob | history
app/controllers/old_relations_controller.rb patch | blob | history
app/controllers/old_ways_controller.rb patch | blob | history
test/controllers/old_nodes_controller_test.rb patch | blob | history
test/controllers/old_relations_controller_test.rb patch | blob | history
test/controllers/old_ways_controller_test.rb patch | blob | history

diff --git a/app/controllers/old_nodes_controller.rb b/app/controllers/old_nodes_controller.rb
index a5b9cf563c5b063cd5d997749a793ce612b48489..9ef2ef881671550281858e5d8d967760646eb456 100644 (file)
--- a/app/controllers/old_nodes_controller.rb
+++ b/app/controllers/old_nodes_controller.rb
@@ -8,6 +8,7 @@ class OldNodesController < ApplicationController
 
   authorize_resource
 
+  before_action :require_moderator_for_unredacted_history
   around_action :web_timeout
 
   def show
@@ -16,4 +17,10 @@ class OldNodesController < ApplicationController
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
+
+  private
+
+  def require_moderator_for_unredacted_history
+    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
+  end
 end
diff --git a/app/controllers/old_relations_controller.rb b/app/controllers/old_relations_controller.rb
index 9dda82021e21c46afe81db153d93fe51478ee201..b9e151a4fd8b9cc702bf753bc700efcb60528afc 100644 (file)
--- a/app/controllers/old_relations_controller.rb
+++ b/app/controllers/old_relations_controller.rb
@@ -8,6 +8,7 @@ class OldRelationsController < ApplicationController
 
   authorize_resource
 
+  before_action :require_moderator_for_unredacted_history
   around_action :web_timeout
 
   def show
@@ -16,4 +17,10 @@ class OldRelationsController < ApplicationController
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
+
+  private
+
+  def require_moderator_for_unredacted_history
+    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
+  end
 end
diff --git a/app/controllers/old_ways_controller.rb b/app/controllers/old_ways_controller.rb
index d18121e6fe8652994729e14aa5808b6ebd1358c8..dd3c3279fd41fa54928bbe13362da0e7468e2055 100644 (file)
--- a/app/controllers/old_ways_controller.rb
+++ b/app/controllers/old_ways_controller.rb
@@ -8,6 +8,7 @@ class OldWaysController < ApplicationController
 
   authorize_resource
 
+  before_action :require_moderator_for_unredacted_history
   around_action :web_timeout
 
   def show
@@ -16,4 +17,10 @@ class OldWaysController < ApplicationController
   rescue ActiveRecord::RecordNotFound
     render :action => "not_found", :status => :not_found
   end
+
+  private
+
+  def require_moderator_for_unredacted_history
+    deny_access(nil) if params[:show_redactions] && !current_user&.moderator?
+  end
 end
diff --git a/test/controllers/old_nodes_controller_test.rb b/test/controllers/old_nodes_controller_test.rb
index 3f2958bd3e49ecd82d04574d5f5eec5b7ed56ab0..880e5e1a7e8fa6dc52212eb5d0ac3378639afec3 100644 (file)
--- a/test/controllers/old_nodes_controller_test.rb
+++ b/test/controllers/old_nodes_controller_test.rb
@@ -50,9 +50,7 @@ class OldNodesControllerTest < ActionDispatch::IntegrationTest
   end
 
   def test_redacted
-    node = create(:node, :with_history, :deleted, :version => 2)
-    node_v1 = node.old_nodes.find_by(:version => 1)
-    node_v1.redact!(create(:redaction))
+    node = create_redacted_node
     get old_node_path(node, 1)
     assert_response :success
     assert_template "old_nodes/show"
@@ -62,6 +60,26 @@ class OldNodesControllerTest < ActionDispatch::IntegrationTest
     assert_select ".secondary-actions a[href='#{node_version_path node, 1}']", :count => 0
   end
 
+  test "don't show redacted versions to anonymous users" do
+    node = create_redacted_node
+    get old_node_path(node, 1, :params => { :show_redactions => true })
+    assert_response :redirect
+  end
+
+  test "don't show redacted versions to regular users" do
+    session_for(create(:user))
+    node = create_redacted_node
+    get old_node_path(node, 1, :params => { :show_redactions => true })
+    assert_response :redirect
+  end
+
+  test "show redacted versions to moderators" do
+    session_for(create(:moderator_user))
+    node = create_redacted_node
+    get old_node_path(node, 1, :params => { :show_redactions => true })
+    assert_response :success
+  end
+
   def test_not_found
     get old_node_path(0, 0)
     assert_response :not_found
@@ -69,4 +87,13 @@ class OldNodesControllerTest < ActionDispatch::IntegrationTest
     assert_template :layout => "map"
     assert_select "#sidebar_content", /node #0 version 0 could not be found/
   end
+
+  private
+
+  def create_redacted_node
+    create(:node, :with_history, :deleted, :version => 2) do |node|
+      node_v1 = node.old_nodes.find_by(:version => 1)
+      node_v1.redact!(create(:redaction))
+    end
+  end
 end
diff --git a/test/controllers/old_relations_controller_test.rb b/test/controllers/old_relations_controller_test.rb
index 311e5958a62378d2f326f87344a2ba9d8d3c048a..534a1304cc748bc77f4d914a330230777122b1d0 100644 (file)
--- a/test/controllers/old_relations_controller_test.rb
+++ b/test/controllers/old_relations_controller_test.rb
@@ -59,9 +59,7 @@ class OldRelationsControllerTest < ActionDispatch::IntegrationTest
   end
 
   def test_redacted
-    relation = create(:relation, :with_history, :deleted, :version => 2)
-    relation_v1 = relation.old_relations.find_by(:version => 1)
-    relation_v1.redact!(create(:redaction))
+    relation = create_redacted_relation
     get old_relation_path(relation, 1)
     assert_response :success
     assert_template "old_relations/show"
@@ -71,6 +69,26 @@ class OldRelationsControllerTest < ActionDispatch::IntegrationTest
     assert_select ".secondary-actions a[href='#{relation_version_path relation, 1}']", :count => 0
   end
 
+  test "don't show redacted versions to anonymous users" do
+    relation = create_redacted_relation
+    get old_relation_path(relation, 1, :params => { :show_redactions => true })
+    assert_response :redirect
+  end
+
+  test "don't show redacted versions to regular users" do
+    session_for(create(:user))
+    relation = create_redacted_relation
+    get old_relation_path(relation, 1, :params => { :show_redactions => true })
+    assert_response :redirect
+  end
+
+  test "show redacted versions to moderators" do
+    session_for(create(:moderator_user))
+    relation = create_redacted_relation
+    get old_relation_path(relation, 1, :params => { :show_redactions => true })
+    assert_response :success
+  end
+
   def test_not_found
     get old_relation_path(0, 0)
     assert_response :not_found
@@ -78,4 +96,13 @@ class OldRelationsControllerTest < ActionDispatch::IntegrationTest
     assert_template :layout => "map"
     assert_select "#sidebar_content", /relation #0 version 0 could not be found/
   end
+
+  private
+
+  def create_redacted_relation
+    create(:relation, :with_history, :deleted, :version => 2) do |relation|
+      relation_v1 = relation.old_relations.find_by(:version => 1)
+      relation_v1.redact!(create(:redaction))
+    end
+  end
 end
diff --git a/test/controllers/old_ways_controller_test.rb b/test/controllers/old_ways_controller_test.rb
index d428605c51a0a9d9f4198f713675df7ef9ae9860..b9632ed775181d1dd4c5474632cf8040201254d9 100644 (file)
--- a/test/controllers/old_ways_controller_test.rb
+++ b/test/controllers/old_ways_controller_test.rb
@@ -64,9 +64,7 @@ class OldWaysControllerTest < ActionDispatch::IntegrationTest
   end
 
   def test_redacted
-    way = create(:way, :with_history, :deleted, :version => 2)
-    way_v1 = way.old_ways.find_by(:version => 1)
-    way_v1.redact!(create(:redaction))
+    way = create_redacted_way
     get old_way_path(way, 1)
     assert_response :success
     assert_template "old_ways/show"
@@ -76,6 +74,26 @@ class OldWaysControllerTest < ActionDispatch::IntegrationTest
     assert_select ".secondary-actions a[href='#{way_version_path way, 1}']", :count => 0
   end
 
+  test "don't show redacted versions to anonymous users" do
+    way = create_redacted_way
+    get old_way_path(way, 1, :params => { :show_redactions => true })
+    assert_response :redirect
+  end
+
+  test "don't show redacted versions to regular users" do
+    session_for(create(:user))
+    way = create_redacted_way
+    get old_way_path(way, 1, :params => { :show_redactions => true })
+    assert_response :redirect
+  end
+
+  test "show redacted versions to moderators" do
+    session_for(create(:moderator_user))
+    way = create_redacted_way
+    get old_way_path(way, 1, :params => { :show_redactions => true })
+    assert_response :success
+  end
+
   def test_not_found
     get old_way_path(0, 0)
     assert_response :not_found
@@ -83,4 +101,13 @@ class OldWaysControllerTest < ActionDispatch::IntegrationTest
     assert_template :layout => "map"
     assert_select "#sidebar_content", /way #0 version 0 could not be found/
   end
+
+  private
+
+  def create_redacted_way
+    create(:way, :with_history, :deleted, :version => 2) do |way|
+      way_v1 = way.old_ways.find_by(:version => 1)
+      way_v1.redact!(create(:redaction))
+    end
+  end
 end
The OpenStreetMap web site