From 4332ca76c57333d1b2a1c831614f0cb3bde0812c Mon Sep 17 00:00:00 2001 From: "byte[]" Date: Sat, 21 Dec 2019 14:56:54 -0500 Subject: [PATCH] more constraint validation, allow anonymous users to edit settings --- lib/philomena/users/user.ex | 18 ++++++++++++------ .../templates/setting/edit.html.slime | 10 +++++----- lib/philomena_web/views/setting_view.ex | 3 +++ 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/lib/philomena/users/user.ex b/lib/philomena/users/user.ex index d15a4695..1e3afcf8 100644 --- a/lib/philomena/users/user.ex +++ b/lib/philomena/users/user.ex @@ -152,7 +152,7 @@ defmodule Philomena.Users.User do |> pow_extension_changeset(attrs) |> cast(attrs, []) |> validate_required([]) - |> unique_constraint(:email, name: :index_users_on_email) + |> unique_constraints() end def update_changeset(user, attrs, roles) do @@ -162,6 +162,7 @@ defmodule Philomena.Users.User do |> validate_inclusion(:role, ["user", "assistant", "moderator", "admin"]) |> put_assoc(:roles, roles) |> put_slug() + |> unique_constraints() end def creation_changeset(user, attrs) do @@ -172,11 +173,7 @@ defmodule Philomena.Users.User do |> validate_required([:name]) |> put_api_key() |> put_slug() - |> unique_constraint(:name, name: :index_users_on_name) - |> unique_constraint(:slug, name: :index_users_on_slug) - |> unique_constraint(:email, name: :index_users_on_email) - |> unique_constraint(:authentication_token, name: :index_users_on_authentication_token) - |> unique_constraint(:name, name: :temp_unique_index_users_on_name) + |> unique_constraints() end def filter_changeset(user, filter) do @@ -375,6 +372,15 @@ defmodule Philomena.Users.User do }) end + defp unique_constraints(changeset) do + changeset + |> unique_constraint(:name, name: :index_users_on_name) + |> unique_constraint(:slug, name: :index_users_on_slug) + |> unique_constraint(:email, name: :index_users_on_email) + |> unique_constraint(:authentication_token, name: :index_users_on_authentication_token) + |> unique_constraint(:name, name: :temp_unique_index_users_on_name) + end + defp extract_token(%{"user" => %{"twofactor_token" => t}}), do: to_string(t) diff --git a/lib/philomena_web/templates/setting/edit.html.slime b/lib/philomena_web/templates/setting/edit.html.slime index 048bc767..26bfa00c 100644 --- a/lib/philomena_web/templates/setting/edit.html.slime +++ b/lib/philomena_web/templates/setting/edit.html.slime @@ -122,11 +122,11 @@ h1 Content Settings => label f, :chan_nsfw, "Show NSFW channels" => checkbox f, :chan_nsfw .fieldlabel: i Show streams marked as NSFW on the channels page. - = if @conn.assigns.current_user.role != "user" do - .field - => label f, :hide_staff_tools - => checkbox f, :hide_staff_tools, class: "checkbox" - .fieldlabel: i Hide most of the staff tools (e.g. IPs, anon names) making your site appear as if you weren't staff, this is useful when browsing in public. + = if staff?(@conn.assigns.current_user) do + .field + => label f, :hide_staff_tools + => checkbox f, :hide_staff_tools, class: "checkbox" + .fieldlabel: i Hide most of the staff tools (e.g. IPs, anon names) making your site appear as if you weren't staff, this is useful when browsing in public. = if !@conn.assigns.current_user do .block__tab.hidden data-tab="join-the-herd" diff --git a/lib/philomena_web/views/setting_view.ex b/lib/philomena_web/views/setting_view.ex index 805986c7..d8ddf187 100644 --- a/lib/philomena_web/views/setting_view.ex +++ b/lib/philomena_web/views/setting_view.ex @@ -15,4 +15,7 @@ defmodule PhilomenaWeb.SettingView do _user -> "hidden" end end + + def staff?(%{role: role}), do: role != "user" + def staff?(_), do: false end