codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-30 19:08:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #4098 from JSFernandes/prevent-mods-from-seeing-bookmarks

Browse source 
Fix: Prevent moderators from seeing other users bookmarks
This commit is contained in:
Régis Hanol 2016-03-21 10:22:49 +01:00
commit 1ab1cb5490
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/models/user_action.rb
View file

@ -342,11 +342,11 @@ SQL
builder.where("COALESCE(p.post_type, p2.post_type) IN (:visible_post_types)", visible_post_types: visible_post_types) builder.where("COALESCE(p.post_type, p2.post_type) IN (:visible_post_types)", visible_post_types: visible_post_types)
unless (guardian.user && guardian.user.id == user_id) || guardian.is_staff? unless (guardian.user && guardian.user.id == user_id) || guardian.is_staff?
builder.where("a.action_type not in (#{BOOKMARK})")
builder.where("t.visible") builder.where("t.visible")
end end
unless guardian.can_see_notifications?(User.where(id: user_id).first) unless guardian.can_see_notifications?(User.where(id: user_id).first)
builder.where("a.action_type not in (#{BOOKMARK})")
builder.where('a.action_type <> :pending', pending: UserAction::PENDING) builder.where('a.action_type <> :pending', pending: UserAction::PENDING)
end end