shouldn't reference relatives that are connected in private ways
This commit is contained in:
Connor Turland
parent
4a2f3203bd
commit
7de89cfa0f
2 changed files with 28 additions and 10 deletions
|
|
@ -24,7 +24,7 @@ class TopicsController < ApplicationController
|
|||
|
||||
respond_to do |format|
|
||||
format.html do
|
||||
@alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id)).to_a).concat(policy_scope(Topic.relatives2(@topic.id)).to_a)
|
||||
@alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id, current_user)).to_a).concat(policy_scope(Topic.relatives2(@topic.id, current_user)).to_a)
|
||||
@allsynapses = policy_scope(Synapse.for_topic(@topic.id)).to_a
|
||||
puts @alltopics.length
|
||||
puts @allsynapses.length
|
||||
|
|
@ -42,7 +42,7 @@ class TopicsController < ApplicationController
|
|||
@topic = Topic.find(params[:id])
|
||||
authorize @topic
|
||||
|
||||
@alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id)).to_a).concat(policy_scope(Topic.relatives2(@topic.id)).to_a)
|
||||
@alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id, current_user)).to_a).concat(policy_scope(Topic.relatives2(@topic.id, current_user)).to_a)
|
||||
@allsynapses = policy_scope(Synapse.for_topic(@topic.id))
|
||||
|
||||
@allcreators = @alltopics.map(&:user).uniq
|
||||
|
|
|
|||
|
|
@ -42,16 +42,34 @@ class Topic < ActiveRecord::Base
|
|||
topics1 + topics2
|
||||
end
|
||||
|
||||
scope :relatives1, ->(topic_id = nil) {
|
||||
includes(:topics1)
|
||||
.where('synapses.node1_id = ?', topic_id)
|
||||
.references(:synapses)
|
||||
scope :relatives1, ->(topic_id = nil, user = nil) {
|
||||
visible = %w(public commons)
|
||||
permission = 'synapses.permission IN (?)'
|
||||
if user
|
||||
synapse_permission = permission + ' OR synapses.defer_to_map_id IN (?) OR synapses.user_id = ?'
|
||||
return includes(:topics1)
|
||||
.where('synapses.node1_id = ? AND (' + synapse_permission + ')', topic_id, visible, user.shared_maps.map(&:id), user.id)
|
||||
.references(:synapses)
|
||||
else
|
||||
return includes(:topics1)
|
||||
.where('synapses.node1_id = ? AND (' + permission + ')', topic_id, visible)
|
||||
.references(:synapses)
|
||||
end
|
||||
}
|
||||
|
||||
scope :relatives2, ->(topic_id = nil) {
|
||||
includes(:topics2)
|
||||
.where('synapses.node2_id = ?', topic_id)
|
||||
.references(:synapses)
|
||||
scope :relatives2, ->(topic_id = nil, user = nil) {
|
||||
visible = %w(public commons)
|
||||
permission = 'synapses.permission IN (?)'
|
||||
if user
|
||||
synapse_permission = permission + ' OR synapses.defer_to_map_id IN (?) OR synapses.user_id = ?'
|
||||
return includes(:topics2)
|
||||
.where('synapses.node2_id = ? AND (' + synapse_permission + ')', topic_id, visible, user.shared_maps.map(&:id), user.id)
|
||||
.references(:synapses)
|
||||
else
|
||||
return includes(:topics2)
|
||||
.where('synapses.node2_id = ? AND (' + permission + ')', topic_id, visible)
|
||||
.references(:synapses)
|
||||
end
|
||||
}
|
||||
|
||||
delegate :name, to: :user, prefix: true
|
||||
|
|
|
|||
Loading…
Reference in a new issue