discourse/app/controllers/admin/screened_ip_addresses_contr...

# frozen_string_literal: true

class Admin::ScreenedIpAddressesController < Admin::StaffController
  before_action :fetch_screened_ip_address, only: %i[update destroy]

  def index
    filter = params[:filter]
    filter = IPAddr.handle_wildcards(filter)

    screened_ip_addresses = ScreenedIpAddress
    screened_ip_addresses =
      screened_ip_addresses.where(
        "cidr :filter >>= ip_address OR ip_address >>= cidr :filter",
        filter: filter,
      ) if filter.present?
    screened_ip_addresses = screened_ip_addresses.limit(200).order("match_count desc")

    begin
      screened_ip_addresses = screened_ip_addresses.to_a
    rescue ActiveRecord::StatementInvalid
      # postgresql throws a PG::InvalidTextRepresentation exception when filter isn't a valid cidr expression
      screened_ip_addresses = []
    end

    render_serialized(screened_ip_addresses, ScreenedIpAddressSerializer)
  end

  def create
    screened_ip_address = ScreenedIpAddress.new(allowed_params)
    if screened_ip_address.save
      render_serialized(screened_ip_address, ScreenedIpAddressSerializer)
    else
      render_json_error(screened_ip_address)
    end
  end

  def update
    if @screened_ip_address.update(allowed_params)
      render_serialized(@screened_ip_address, ScreenedIpAddressSerializer)
    else
      render_json_error(@screened_ip_address)
    end
  end

  def destroy
    @screened_ip_address.destroy
    render json: success_json
  end

  private

  def allowed_params
    params.require(:ip_address)
    params.permit(:ip_address, :action_name)
  end

  def fetch_screened_ip_address
    @screened_ip_address = ScreenedIpAddress.find(params[:id])
  end
end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

Refactor admin base controller (#18453) * DEV: Add a dedicated Admin::StaffController base controller The current parent(Admin:AdminController) for all admin-related controllers uses a filter that allows only staff(admin, moderator) users. This refactor makes Admin::AdminController filter for only admins as the name suggests and introduces a base controller dedicated for staff-related endpoints. * DEV: Set staff-only controllers parent to Admin::StaffController Refactor staff-only controllers to inherit newly introduced Admin::StaffController abstract controller. This conveys the purpose of the parent controller better unlike the previously used parent controller. 2022-10-31 08:02:26 -04:00			`class Admin::ScreenedIpAddressesController < Admin::StaffController`
DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 07:20:10 -05:00			`before_action :fetch_screened_ip_address, only: %i[update destroy]`
Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00			`def index`
FEATURE: filter screened IP addresses 2015-02-10 13:38:59 -05:00			`filter = params[:filter]`
			`filter = IPAddr.handle_wildcards(filter)`

			`screened_ip_addresses = ScreenedIpAddress`
DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 07:20:10 -05:00			`screened_ip_addresses =`
			`screened_ip_addresses.where(`
			`"cidr :filter >>= ip_address OR ip_address >>= cidr :filter",`
			`filter: filter,`
			`) if filter.present?`
			`screened_ip_addresses = screened_ip_addresses.limit(200).order("match_count desc")`
FEATURE: filter screened IP addresses 2015-02-10 13:38:59 -05:00
			`begin`
			`screened_ip_addresses = screened_ip_addresses.to_a`
			`rescue ActiveRecord::StatementInvalid`
			`# postgresql throws a PG::InvalidTextRepresentation exception when filter isn't a valid cidr expression`
			`screened_ip_addresses = []`
			`end`

Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`render_serialized(screened_ip_addresses, ScreenedIpAddressSerializer)`
			`end`

A form to add ip addresses to be blocked or whitelisted 2013-10-24 17:18:10 -04:00			`def create`
			`screened_ip_address = ScreenedIpAddress.new(allowed_params)`
			`if screened_ip_address.save`
			`render_serialized(screened_ip_address, ScreenedIpAddressSerializer)`
			`else`
			`render_json_error(screened_ip_address)`
			`end`
			`end`

Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`def update`
DEV: remove update_attributes which is deprecated in Rails 6 See: https://github.com/rails/rails/pull/31998 update_attributes is a relic of the past, it should no longer be used. 2019-04-29 03:32:25 -04:00			`if @screened_ip_address.update(allowed_params)`
FIX: Do not show an empty modal when an IP address is allowed or blocked. (#6265) 2018-08-20 11:37:30 -04:00			`render_serialized(@screened_ip_address, ScreenedIpAddressSerializer)`
Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`else`
			`render_json_error(@screened_ip_address)`
			`end`
			`end`

			`def destroy`
			`@screened_ip_address.destroy`
			`render json: success_json`
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00			`end`

Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:30 -04:00			`private`

			`def allowed_params`
			`params.require(:ip_address)`
			`params.permit(:ip_address, :action_name)`
			`end`

			`def fetch_screened_ip_address`
			`@screened_ip_address = ScreenedIpAddress.find(params[:id])`
			`end`
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:49:51 -04:00			`end`