Issue 5259: Used logged_in_as method to replace current_user.role con…

…dition (publiclab#5660)
digitaldina · May 12, 2019 · 4c0dbd6 · 4c0dbd6
1 parent 727f3e5
commit 4c0dbd6
Show file tree

Hide file tree

Showing 27 changed files with 112 additions and 117 deletions.
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
@@ -7,7 +7,7 @@ def assets; end
   def promote_admin
     @user = User.find params[:id]
     unless @user.nil?
-      if current_user && current_user.role == 'admin'
+      if logged_in_as(['admin'])
         @user.role = 'admin'
         @user.save
         flash[:notice] = "User '<a href='/profile/" + @user.username + "'>" + @user.username + "</a>' is now an admin."
@@ -21,7 +21,7 @@ def promote_admin
   def promote_moderator
     @user = User.find params[:id]
     unless @user.nil?
-      if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+      if logged_in_as(['admin', 'moderator'])
         @user.role = 'moderator'
         @user.save
         flash[:notice] = "User '<a href='/profile/" + @user.username + "'>" + @user.username + "</a>' is now a moderator."
@@ -35,7 +35,7 @@ def promote_moderator
   def demote_basic
     @user = User.find params[:id]
     unless @user.nil?
-      if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+      if logged_in_as(['admin', 'moderator'])
         @user.role = 'basic'
         @user.save
         flash[:notice] = "User '<a href='/profile/" + @user.username + "'>" + @user.username + "</a>' is no longer a moderator."
@@ -47,7 +47,7 @@ def demote_basic
   end
 
   def reset_user_password
-    if current_user && current_user.role == 'admin'
+    if logged_in_as(['admin'])
       user = User.find(params[:id])
       if user
         key = user.generate_reset_key
@@ -61,7 +61,7 @@ def reset_user_password
   end
 
   def useremail
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       if params[:address]
         # address was submitted. find the username(s) and return.
         @address = params[:address]
@@ -75,7 +75,7 @@ def useremail
   end
 
   def spam
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       @nodes = Node.paginate(page: params[:page])
                    .order('nid DESC')
       @nodes = if params[:type] == 'wiki'
@@ -90,7 +90,7 @@ def spam
   end
 
   def spam_revisions
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       @revisions = Revision.paginate(page: params[:page])
                            .order('timestamp DESC')
                            .where(status: 0)
@@ -115,7 +115,7 @@ def spam_comments
 
   def mark_spam
     @node = Node.find params[:id]
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       if @node.status == 1 || @node.status == 4
         @node.spam
         @node.author.ban
@@ -138,7 +138,7 @@ def mark_spam
 
   def mark_comment_spam
     @comment = Comment.find params[:id]
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       if @comment.status == 1 || @comment.status == 4
         @comment.spam
         user = @comment.author
@@ -155,7 +155,7 @@ def mark_comment_spam
   end
 
   def publish_comment
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       @comment = Comment.find params[:id]
       if @comment.status == 1
         flash[:notice] = 'Comment already published.'
@@ -181,7 +181,7 @@ def publish_comment
   end
 
   def publish
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       @node = Node.find params[:id]
       if @node.status == 1
         flash[:notice] = 'Item already published.'
@@ -223,7 +223,7 @@ def mark_spam_revision
       return
     end
 
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       if @revision.status == 1
         @revision.spam
         @revision.author.ban
@@ -244,7 +244,7 @@ def mark_spam_revision
   end
 
   def publish_revision
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       @revision = Revision.find params[:vid]
       @revision.publish
       @revision.author.unban
@@ -262,7 +262,7 @@ def publish_revision
 
   def moderate
     user = User.find params[:id]
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       user.moderate
       flash[:notice] = 'The user has been moderated.'
     else
@@ -273,7 +273,7 @@ def moderate
 
   def unmoderate
     user = User.find params[:id]
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       user.unmoderate
       flash[:notice] = 'The user has been unmoderated.'
     else
@@ -284,7 +284,7 @@ def unmoderate
 
   def ban
     user = User.find params[:id]
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       user.ban
       flash[:notice] = 'The user has been banned.'
     else
@@ -295,7 +295,7 @@ def ban
 
   def unban
     user = User.find params[:id]
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       user.unban
       flash[:notice] = 'The user has been unbanned.'
     else
@@ -305,7 +305,7 @@ def unban
   end
 
   def users
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       @users = User.order('uid DESC').limit(200)
     else
       flash[:error] = 'Only moderators can moderate other users.'
@@ -314,7 +314,7 @@ def users
   end
 
   def batch
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       nodes = 0
       users = []
       params[:ids].split(',').uniq.each do |nid|
@@ -334,7 +334,7 @@ def batch
   end
 
   def migrate
-    if current_user && current_user.role == 'admin'
+    if logged_in_as(['admin'])
       du = User.find params[:id]
       if du.user
         flash[:error] = 'The user has already been migrated.'
@@ -352,7 +352,7 @@ def migrate
   end
 
   def queue
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       @notes = Node.where(status: 4)
                    .paginate(page: params[:page])
       flash[:warning] = "These are notes requiring moderation. <a href='/wiki/moderation'>Community moderators</a> may approve or reject them."

diff --git a/app/controllers/answers_controller.rb b/app/controllers/answers_controller.rb
@@ -32,8 +32,7 @@ def update
   def delete
     if current_user.uid == @answer.node.uid ||
        @answer.uid == current_user.uid ||
-       current_user.role == 'admin' ||
-       current_user.role == 'moderator'
+       logged_in_as(['admin', 'moderator'])
       respond_to do |format|
         if @answer.destroy
           format.html { redirect_to @answer.node.path(:question), notice: 'Answer deleted' }
@@ -49,7 +48,7 @@ def delete
   end
 
   def accept
-    if current_user.role == "admin" || current_user.role == "moderator" || current_user.uid == @answer.node.uid
+    if logged_in_as(['admin', 'moderator']) || current_user.uid == @answer.node.uid
       respond_to do |format|
         if @answer.accepted
           @answer.accepted = false

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -48,7 +48,7 @@ def set_sidebar(type = :generic, data = :all, args = {})
       @notes = @notes.where('node.nid != (?)', @node.nid) if @node
       @notes = @notes.where('node_revisions.status = 1 AND node.nid NOT IN (?)', hidden_nids) unless hidden_nids.empty?
 
-      @notes = if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+      @notes = if logged_in_as(['admin', 'moderator'])
                  @notes.where('(node.status = 1 OR node.status = 4)')
                elsif current_user
                  @notes.where('(node.status = 1 OR (node.status = 4 AND node.uid = ?))', current_user.uid)
@@ -141,16 +141,16 @@ def redirect_to_node_path?(node)
   end
 
   def alert_and_redirect_moderated
-    if @node.author.status == User::Status::BANNED && !(current_user && (current_user.role == 'admin' || current_user.role == 'moderator'))
+    if @node.author.status == User::Status::BANNED && !(logged_in_as(['admin', 'moderator']))
       flash[:error] = I18n.t('application_controller.author_has_been_banned')
       redirect_to '/'
-    elsif @node.status == 4 && (current_user && (current_user.role == 'admin' || current_user.role == 'moderator'))
+    elsif @node.status == 4 && (logged_in_as(['admin', 'moderator']))
       flash.now[:warning] = "First-time poster <a href='/profile/#{@node.author.name}'>#{@node.author.name}</a> submitted this #{time_ago_in_words(@node.created_at)} ago and it has not yet been approved by a moderator. <a class='btn btn-default btn-sm' href='/moderate/publish/#{@node.id}'>Approve</a> <a class='btn btn-default btn-sm' href='/moderate/spam/#{@node.id}'>Spam</a>"
     elsif @node.status == 4 && (current_user && current_user.id == @node.author.id) && !flash[:first_time_post]
       flash.now[:warning] = "Thank you for contributing open research, and thanks for your patience while your post is approved by <a href='/wiki/moderation'>community moderators</a> and we'll email you when it is published. In the meantime, if you have more to contribute, feel free to do so."
     elsif @node.status == 3 && (current_user && (current_user.is_coauthor?(@node) || current_user.can_moderate?)) && !flash[:first_time_post]
       flash.now[:warning] = "This is a draft note. Once you're ready, click <a class='btn btn-success btn-xs' href='/notes/publish_draft/#{@node.id}'>Publish Draft</a> to make it public. You can share it with collaborators using this private link <a href='#{@node.draft_url}'>#{@node.draft_url}</a>"
-    elsif @node.status != 1 && @node.status != 3 && !(current_user && (current_user.role == 'admin' || current_user.role == 'moderator'))
+    elsif @node.status != 1 && @node.status != 3 && !(logged_in_as(['admin', 'moderator']))
       # if it's spam or a draft
       # no notification; don't let people easily fish for existing draft titles; we should try to 404 it
       redirect_to '/'

diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
@@ -85,7 +85,7 @@ def activity
                    .page(params[:page])
                    .group(['title', 'comments.cid']) # ONLY_FULL_GROUP_BY, issue #3120
 
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       notes = notes.where('(node.status = 1 OR node.status = 4 OR node.status = 3)')
       comments = comments.where('comments.status = 1 OR comments.status = 4')
     elsif current_user

diff --git a/app/controllers/images_controller.rb b/app/controllers/images_controller.rb
@@ -58,7 +58,7 @@ def new
 
   def delete
     @image = Image.find params[:id]
-    if @image.uid == current_user.uid # or current_user.role == "admin"
+    if @image.uid == current_user.uid
       if @image.delete
         flash[:notice] = 'Image deleted.'
       else

diff --git a/app/controllers/map_controller.rb b/app/controllers/map_controller.rb
@@ -35,7 +35,7 @@ def show
 
   def edit
     @node = Node.find_by(id: params[:id])
-    if current_user.uid == @node.uid || current_user.role == 'admin'
+    if current_user.uid == @node.uid || logged_in_as(['admin'])
       render template: 'map/edit'
     else
       prompt_login 'Only admins can edit maps at this time.'
@@ -44,7 +44,7 @@ def edit
 
   def delete
     @node = Node.find_by(id: params[:id])
-    if current_user.uid == @node.uid || current_user.role == 'admin'
+    if current_user.uid == @node.uid || logged_in_as(['admin'])
       @node.delete
       flash[:notice] = 'Content deleted.'
       redirect_to '/archive'
@@ -55,7 +55,7 @@ def delete
 
   def update
     @node = Node.find(params[:id])
-    if current_user.uid == @node.uid || current_user.role == 'admin'
+    if current_user.uid == @node.uid || logged_in_as(['admin'])
 
       @node.title = params[:title]
       @revision = @node.latest
@@ -123,7 +123,7 @@ def update
   end
 
   def new
-    if current_user && current_user.role == 'admin'
+    if logged_in_as(['admin'])
       @node = Node.new(type: 'map')
       render template: 'map/edit'
     else
@@ -134,7 +134,7 @@ def new
   # must require min_zoom and lat/lon location, and TMS URL
   # solving this by min_zoom default here, but need better solution
   def create
-    if current_user && current_user.role == 'admin'
+    if logged_in_as(['admin'])
       saved, @node, @revision = Node.new_node(uid: current_user.uid,
                                               title: params[:title],
                                               body: params[:body],

diff --git a/app/controllers/tag_controller.rb b/app/controllers/tag_controller.rb
@@ -296,7 +296,7 @@ def create
           @output[:errors] << I18n.t('tag_controller.cant_be_empty')
         end
 
-      elsif node.can_tag(tagname, current_user) === true || current_user.role == 'admin' # || current_user.role == "moderator"
+      elsif node.can_tag(tagname, current_user) === true || logged_in_as(['admin'])
         saved, tag = node.add_tag(tagname.strip, current_user)
         if tagname.include?(":") && tagname.split(':').length == 2
           if tagname.split(':')[0] == "barnstar"
@@ -345,7 +345,7 @@ def delete
     node_tag = NodeTag.where(nid: params[:nid], tid: params[:tid]).first
     node = Node.where(nid: params[:nid]).first
     # only admins, mods, and tag authors can delete other peoples' tags
-    if node_tag.uid == current_user.uid || current_user.role == 'admin' || current_user.role == 'moderator' || node.uid == current_user.uid
+    if node_tag.uid == current_user.uid || logged_in_as(['admin', 'moderator']) || node.uid == current_user.uid
 
       tag = Tag.joins(:node_tag)
                    .select('term_data.name')
@@ -462,7 +462,7 @@ def contributors_index
   end
 
   def add_parent
-    if current_user.role == 'admin'
+    if logged_in_as(['admin'])
       @tag = Tag.find_by(name: params[:name])
       @tag.update_attribute('parent', params[:parent])
       if @tag.save

diff --git a/app/controllers/user_tags_controller.rb b/app/controllers/user_tags_controller.rb
@@ -41,7 +41,7 @@ def create
 
     user = User.find(params[:id])
 
-    if current_user && (current_user.role == 'admin' || current_user == user)
+    if current_user && current_user == user || logged_in_as(['admin'])
       if params[:name]
         tagnames = params[:name].split(',')
         tagnames.each do |tagname|
@@ -100,8 +100,8 @@ def delete
         @user_tag = @user_tag.first
       end
 
-      if current_user.role == 'admin' || params[:id].to_i == current_user.id
-        if (!@user_tag.nil? && @user_tag.user == current_user) || (!@user_tag.nil? && current_user.role == 'admin')
+      if logged_in_as(['admin']) || params[:id].to_i == current_user.id
+        if (!@user_tag.nil? && @user_tag.user == current_user) || (!@user_tag.nil? && logged_in_as(['admin']))
           UserTag.where(uid: params[:id], value: params[:name]).destroy_all
           message = I18n.t('user_tags_controller.tag_deleted')
           output[:status] = true

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -2,7 +2,7 @@ class UsersController < ApplicationController
   before_action :require_no_user, only: [:new]
   before_action :require_user, only: %i(edit update save_settings)
    before_action :set_user, only: %i(info followed following followers)
-  
+
   def new
     @user = User.new
     @action = "create" # sets the form url
@@ -54,7 +54,7 @@ def create
   def update
     @password_verification = user_verification_params
     @user = current_user
-    @user = User.find_by(username: params[:id]) if params[:id] && current_user && current_user.role == "admin"
+    @user = User.find_by(username: params[:id]) if params[:id] && logged_in_as(['admin'])
     if @user.valid_password?(user_verification_params["current_password"]) || user_verification_params["ui_update"].nil?
       # correct password
       @user.attributes = user_params
@@ -84,7 +84,7 @@ def edit
             else
               current_user
             end
-    if current_user && current_user.uid == @user.uid || current_user.role == "admin"
+    if current_user && current_user.uid == @user.uid || logged_in_as(['admin'])
       render template: "users/edit"
     else
       flash[:error] = I18n.t('users_controller.only_user_edit_profile', user: @user.name).html_safe
@@ -305,7 +305,7 @@ def comments
                              .paginate(page: params[:page], per_page: 24)
 
     @normal_comments = comments.where('comments.status = 1')
-    if current_user && (current_user.role == 'moderator' || current_user.role == 'admin')
+    if logged_in_as(['admin', 'moderator'])
       @moderated_comments = comments.where('comments.status = 4')
     end
     render template: 'comments/index'