glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

shouldn't reference relatives that are connected in private ways

Browse source
This commit is contained in:
Connor Turland 2016-09-02 12:37:01 -04:00
parent 4a2f3203bd
commit 7de89cfa0f
2 changed files with 28 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/topics_controller.rb
View file

@ -24,7 +24,7 @@ class TopicsController < ApplicationController
respond_to do |format| respond_to do |format|
format.html do format.html do
@alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id)).to_a).concat(policy_scope(Topic.relatives2(@topic.id)).to_a) @alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id, current_user)).to_a).concat(policy_scope(Topic.relatives2(@topic.id, current_user)).to_a)
@allsynapses = policy_scope(Synapse.for_topic(@topic.id)).to_a @allsynapses = policy_scope(Synapse.for_topic(@topic.id)).to_a
puts @alltopics.length puts @alltopics.length
puts @allsynapses.length puts @allsynapses.length
@ -42,7 +42,7 @@ class TopicsController < ApplicationController
@topic = Topic.find(params[:id]) @topic = Topic.find(params[:id])
authorize @topic authorize @topic
@alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id)).to_a).concat(policy_scope(Topic.relatives2(@topic.id)).to_a) @alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id, current_user)).to_a).concat(policy_scope(Topic.relatives2(@topic.id, current_user)).to_a)
@allsynapses = policy_scope(Synapse.for_topic(@topic.id)) @allsynapses = policy_scope(Synapse.for_topic(@topic.id))
@allcreators = @alltopics.map(&:user).uniq @allcreators = @alltopics.map(&:user).uniq

34
app/models/topic.rb
View file

@ -42,16 +42,34 @@ class Topic < ActiveRecord::Base
topics1 + topics2 topics1 + topics2
end end
scope :relatives1, ->(topic_id = nil) { scope :relatives1, ->(topic_id = nil, user = nil) {
includes(:topics1) visible = %w(public commons)
.where('synapses.node1_id = ?', topic_id) permission = 'synapses.permission IN (?)'
.references(:synapses) if user
synapse_permission = permission + ' OR synapses.defer_to_map_id IN (?) OR synapses.user_id = ?'
return includes(:topics1)
.where('synapses.node1_id = ? AND (' + synapse_permission + ')', topic_id, visible, user.shared_maps.map(&:id), user.id)
.references(:synapses)
else
return includes(:topics1)
.where('synapses.node1_id = ? AND (' + permission + ')', topic_id, visible)
.references(:synapses)
end
} }
scope :relatives2, ->(topic_id = nil) { scope :relatives2, ->(topic_id = nil, user = nil) {
includes(:topics2) visible = %w(public commons)
.where('synapses.node2_id = ?', topic_id) permission = 'synapses.permission IN (?)'
.references(:synapses) if user
synapse_permission = permission + ' OR synapses.defer_to_map_id IN (?) OR synapses.user_id = ?'
return includes(:topics2)
.where('synapses.node2_id = ? AND (' + synapse_permission + ')', topic_id, visible, user.shared_maps.map(&:id), user.id)
.references(:synapses)
else
return includes(:topics2)
.where('synapses.node2_id = ? AND (' + permission + ')', topic_id, visible)
.references(:synapses)
end
} }
delegate :name, to: :user, prefix: true delegate :name, to: :user, prefix: true