From bd3afff06911576214ff2465bfb02e9e66c05810 Mon Sep 17 00:00:00 2001 From: Connor Turland Date: Sat, 12 Mar 2016 10:10:31 +1100 Subject: [PATCH] pundit: fix queries --- app/policies/mapping_policy.rb | 3 ++- app/policies/synapse_policy.rb | 2 +- app/policies/topic_policy.rb | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/policies/mapping_policy.rb b/app/policies/mapping_policy.rb index 49e134ef..39dbd86a 100644 --- a/app/policies/mapping_policy.rb +++ b/app/policies/mapping_policy.rb @@ -5,7 +5,8 @@ class MappingPolicy < ApplicationPolicy # it would be nice if we could also base this on the mappable, but that # gets really complicated. Devin thinks it's OK to SHOW a mapping for # a private topic, since you can't see the private topic anyways - scope.joins(:maps).where('maps.permission IN ("public", "commons") OR maps.user_id = ?', user.id) + scope.joins(:maps).where('maps.permission IN (?) OR maps.user_id = ?', + ["public", "commons"], user.id) end end diff --git a/app/policies/synapse_policy.rb b/app/policies/synapse_policy.rb index 6763014a..12f9c8ca 100644 --- a/app/policies/synapse_policy.rb +++ b/app/policies/synapse_policy.rb @@ -1,7 +1,7 @@ class SynapsePolicy < ApplicationPolicy class Scope < Scope def resolve - scope.where('permission IN ("public", "commons") OR user_id = ?', user.id) + scope.where('permission IN (?) OR user_id = ?', ["public", "commons"], user.id) end end diff --git a/app/policies/topic_policy.rb b/app/policies/topic_policy.rb index 03b42895..97fefdcc 100644 --- a/app/policies/topic_policy.rb +++ b/app/policies/topic_policy.rb @@ -1,7 +1,7 @@ class TopicPolicy < ApplicationPolicy class Scope < Scope def resolve - scope.where('permission IN ("public", "commons") OR user_id = ?', user.id) + scope.where('permission IN (?) OR user_id = ?', ["public", "commons"], user.id) end end