glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #626 from metamaps/bug/detached

Browse source 
shouldn't reference relatives that are connected in private ways
This commit is contained in:
Devin Howard 2016-09-05 11:58:08 +08:00 committed by GitHub
commit 8d372f780d
2 changed files with 10 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/controllers/topics_controller.rb
View file

@ -24,10 +24,8 @@ class TopicsController < ApplicationController
respond_to do |format| respond_to do |format|
format.html do format.html do
@alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id)).to_a).concat(policy_scope(Topic.relatives2(@topic.id)).to_a) @alltopics = [@topic].concat(policy_scope(Topic.relatives(@topic.id, current_user)).to_a)
@allsynapses = policy_scope(Synapse.for_topic(@topic.id)).to_a @allsynapses = policy_scope(Synapse.for_topic(@topic.id)).to_a
puts @alltopics.length
puts @allsynapses.length
@allcreators = @alltopics.map(&:user).uniq @allcreators = @alltopics.map(&:user).uniq
@allcreators += @allsynapses.map(&:user).uniq @allcreators += @allsynapses.map(&:user).uniq
@ -42,7 +40,7 @@ class TopicsController < ApplicationController
@topic = Topic.find(params[:id]) @topic = Topic.find(params[:id])
authorize @topic authorize @topic
@alltopics = [@topic].concat(policy_scope(Topic.relatives1(@topic.id)).to_a).concat(policy_scope(Topic.relatives2(@topic.id)).to_a) @alltopics = [@topic].concat(policy_scope(Topic.relatives(@topic.id, current_user)).to_a)
@allsynapses = policy_scope(Synapse.for_topic(@topic.id)) @allsynapses = policy_scope(Synapse.for_topic(@topic.id))
@allcreators = @alltopics.map(&:user).uniq @allcreators = @alltopics.map(&:user).uniq
@ -66,7 +64,7 @@ class TopicsController < ApplicationController
topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : [] topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : []
@alltopics = policy_scope(Topic.relatives1(@topic.id)).to_a.concat(policy_scope(Topic.relatives2(@topic.id)).to_a).uniq @alltopics = policy_scope(Topic.relatives(@topic.id, current_user)).to_a
@alltopics.delete_if do |topic| @alltopics.delete_if do |topic|
!topicsAlreadyHas.index(topic.id).nil? !topicsAlreadyHas.index(topic.id).nil?
end end
@ -88,7 +86,7 @@ class TopicsController < ApplicationController
topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : [] topicsAlreadyHas = params[:network] ? params[:network].split(',').map(&:to_i) : []
alltopics = policy_scope(Topic.relatives1(@topic.id)).to_a.concat(policy_scope(Topic.relatives2(@topic.id)).to_a).uniq alltopics = policy_scope(Topic.relatives(@topic.id)).to_a
alltopics.delete_if do |topic| alltopics.delete_if do |topic|
!topicsAlreadyHas.index(topic.id.to_s).nil? !topicsAlreadyHas.index(topic.id.to_s).nil?
end end

16
app/models/topic.rb
View file

@ -42,16 +42,12 @@ class Topic < ActiveRecord::Base
topics1 + topics2 topics1 + topics2
end end
scope :relatives1, ->(topic_id = nil) { scope :relatives, ->(topic_id = nil, user = nil) {
includes(:topics1) # should only see topics through *visible* synapses
.where('synapses.node1_id = ?', topic_id) # e.g. Topic A (commons) -> synapse (private) -> Topic B (commons) must be filtered out
.references(:synapses) synapses = Pundit.policy_scope(user, Synapse.where(node1_id: topic_id)).pluck(:node2_id)
} synapses += Pundit.policy_scope(user, Synapse.where(node2_id: topic_id)).pluck(:node1_id)
where(id: synapses.uniq)
scope :relatives2, ->(topic_id = nil) {
includes(:topics2)
.where('synapses.node2_id = ?', topic_id)
.references(:synapses)
} }
delegate :name, to: :user, prefix: true delegate :name, to: :user, prefix: true