discourse/app/controllers/admin/screened_ip_addresses_contr...

# frozen_string_literal: true

class Admin::ScreenedIpAddressesController < Admin::StaffController

  before_action :fetch_screened_ip_address, only: [:update, :destroy]

  def index
    filter = params[:filter]
    filter = IPAddr.handle_wildcards(filter)

    screened_ip_addresses = ScreenedIpAddress
    screened_ip_addresses = screened_ip_addresses.where("cidr :filter >>= ip_address OR ip_address >>= cidr :filter", filter: filter) if filter.present?
    screened_ip_addresses = screened_ip_addresses.limit(200).order('match_count desc')

    begin
      screened_ip_addresses = screened_ip_addresses.to_a
    rescue ActiveRecord::StatementInvalid
      # postgresql throws a PG::InvalidTextRepresentation exception when filter isn't a valid cidr expression
      screened_ip_addresses = []
    end

    render_serialized(screened_ip_addresses, ScreenedIpAddressSerializer)
  end

  def create
    screened_ip_address = ScreenedIpAddress.new(allowed_params)
    if screened_ip_address.save
      render_serialized(screened_ip_address, ScreenedIpAddressSerializer)
    else
      render_json_error(screened_ip_address)
    end
  end

  def update
    if @screened_ip_address.update(allowed_params)
      render_serialized(@screened_ip_address, ScreenedIpAddressSerializer)
    else
      render_json_error(@screened_ip_address)
    end
  end

  def destroy
    @screened_ip_address.destroy
    render json: success_json
  end

  private

  def allowed_params
    params.require(:ip_address)
    params.permit(:ip_address, :action_name)
  end

  def fetch_screened_ip_address
    @screened_ip_address = ScreenedIpAddress.find(params[:id])
  end

end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

Refactor admin base controller (#18453) * DEV: Add a dedicated Admin::StaffController base controller The current parent(Admin:AdminController) for all admin-related controllers uses a filter that allows only staff(admin, moderator) users. This refactor makes Admin::AdminController filter for only admins as the name suggests and introduces a base controller dedicated for staff-related endpoints. * DEV: Set staff-only controllers parent to Admin::StaffController Refactor staff-only controllers to inherit newly introduced Admin::StaffController abstract controller. This conveys the purpose of the parent controller better unlike the previously used parent controller. 2022-10-31 08:02:26 -04:00			`class Admin::ScreenedIpAddressesController < Admin::StaffController`
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`before_action :fetch_screened_ip_address, only: [:update, :destroy]`
Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00			`def index`
FEATURE: filter screened IP addresses 2015-02-10 13:38:59 -05:00			`filter = params[:filter]`
			`filter = IPAddr.handle_wildcards(filter)`

			`screened_ip_addresses = ScreenedIpAddress`
FEATURE: Search screened IP address in blocks (#15461) An admin could search for all screened ip addresses in a block by using wildcards. 192.168.* returned all IPs in range 192.168.0.0/16. This feature allows admins to search for a single IP address in all screened IP blocks. 192.168.0.1 returns all IP blocks that match it, for example 192.168.0.0/16. * FEATURE: Remove roll up button for screened IPs * FIX: Match more specific screened IP address first 2022-01-11 02:16:51 -05:00			`screened_ip_addresses = screened_ip_addresses.where("cidr :filter >>= ip_address OR ip_address >>= cidr :filter", filter: filter) if filter.present?`
FEATURE: filter screened IP addresses 2015-02-10 13:38:59 -05:00			`screened_ip_addresses = screened_ip_addresses.limit(200).order('match_count desc')`

			`begin`
			`screened_ip_addresses = screened_ip_addresses.to_a`
			`rescue ActiveRecord::StatementInvalid`
			`# postgresql throws a PG::InvalidTextRepresentation exception when filter isn't a valid cidr expression`
			`screened_ip_addresses = []`
			`end`

Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`render_serialized(screened_ip_addresses, ScreenedIpAddressSerializer)`
			`end`

A form to add ip addresses to be blocked or whitelisted 2013-10-24 17:18:10 -04:00			`def create`
			`screened_ip_address = ScreenedIpAddress.new(allowed_params)`
			`if screened_ip_address.save`
			`render_serialized(screened_ip_address, ScreenedIpAddressSerializer)`
			`else`
			`render_json_error(screened_ip_address)`
			`end`
			`end`

Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`def update`
DEV: remove update_attributes which is deprecated in Rails 6 See: https://github.com/rails/rails/pull/31998 update_attributes is a relic of the past, it should no longer be used. 2019-04-29 03:32:25 -04:00			`if @screened_ip_address.update(allowed_params)`
FIX: Do not show an empty modal when an IP address is allowed or blocked. (#6265) 2018-08-20 11:37:30 -04:00			`render_serialized(@screened_ip_address, ScreenedIpAddressSerializer)`
Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`else`
			`render_json_error(@screened_ip_address)`
			`end`
			`end`

			`def destroy`
			`@screened_ip_address.destroy`
			`render json: success_json`
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00			`end`

Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`private`

			`def allowed_params`
			`params.require(:ip_address)`
			`params.permit(:ip_address, :action_name)`
			`end`

			`def fetch_screened_ip_address`
			`@screened_ip_address = ScreenedIpAddress.find(params[:id])`
			`end`

Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00			`end`