diff options
author | Robert Speicher <robert@gitlab.com> | 2016-08-31 01:32:17 +0300 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2016-08-31 01:32:17 +0300 |
commit | b8d44c4c4d7cb252ee39be9dceb657d3e5522ed1 (patch) | |
tree | 1d252bf2161d36e79723a743199a4ec05f2ac707 /app | |
parent | 7dd97cff3448b6b5d081829e782823113c2db91f (diff) | |
parent | 5c5d13c42d152ba58818a572a51e796cba4a281d (diff) |
Merge branch 'prevent_authored_awardable_votes' into 'master'
prevent authored awardable thumbs votes
## What does this MR do?
This MR should prevent users from upvoting or downvoting issues/merge requests/notes authored by them.
## What are the relevant issue numbers?
Closes #20913
See merge request !5841
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/concerns/toggle_award_emoji.rb | 10 | ||||
-rw-r--r-- | app/models/concerns/awardable.rb | 12 | ||||
-rw-r--r-- | app/models/concerns/issuable.rb | 4 | ||||
-rw-r--r-- | app/models/note.rb | 4 |
4 files changed, 27 insertions, 3 deletions
diff --git a/app/controllers/concerns/toggle_award_emoji.rb b/app/controllers/concerns/toggle_award_emoji.rb index 036777c80c1..172d5344b7a 100644 --- a/app/controllers/concerns/toggle_award_emoji.rb +++ b/app/controllers/concerns/toggle_award_emoji.rb @@ -8,10 +8,14 @@ module ToggleAwardEmoji def toggle_award_emoji name = params.require(:name) - awardable.toggle_award_emoji(name, current_user) - TodoService.new.new_award_emoji(to_todoable(awardable), current_user) + if awardable.user_can_award?(current_user, name) + awardable.toggle_award_emoji(name, current_user) + TodoService.new.new_award_emoji(to_todoable(awardable), current_user) - render json: { ok: true } + render json: { ok: true } + else + render json: { ok: false } + end end private diff --git a/app/models/concerns/awardable.rb b/app/models/concerns/awardable.rb index 800a16ab246..83f5bc1fa9e 100644 --- a/app/models/concerns/awardable.rb +++ b/app/models/concerns/awardable.rb @@ -59,6 +59,18 @@ module Awardable true end + def awardable_votes?(name) + AwardEmoji::UPVOTE_NAME == name || AwardEmoji::DOWNVOTE_NAME == name + end + + def user_can_award?(current_user, name) + if user_authored?(current_user) + !awardable_votes?(normalize_name(name)) + else + true + end + end + def awarded_emoji?(emoji_name, current_user) award_emoji.where(name: emoji_name, user: current_user).exists? end diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb index 8e11d4f57cf..22231b2e0f0 100644 --- a/app/models/concerns/issuable.rb +++ b/app/models/concerns/issuable.rb @@ -196,6 +196,10 @@ module Issuable end end + def user_authored?(user) + user == author + end + def subscribed_without_subscriptions?(user) participants(user).include?(user) end diff --git a/app/models/note.rb b/app/models/note.rb index f2656df028b..b94e3cff2ce 100644 --- a/app/models/note.rb +++ b/app/models/note.rb @@ -223,6 +223,10 @@ class Note < ActiveRecord::Base end end + def user_authored?(user) + user == author + end + def award_emoji? can_be_award_emoji? && contains_emoji_only? end |