codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-27 09:36:19 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

SECURITY: Don't allow badges on read restricted categories

Browse source
This commit is contained in:
Sam 2014-07-12 09:37:22 +10:00
parent b526cdc55c
commit 724fff22e7
1 changed files with 30 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
db/migrate/20140711233329_badges_only_on_public_categories.rb Normal file
View file

@ -0,0 +1,30 @@
class BadgesOnlyOnPublicCategories < ActiveRecord::Migration
def up
execute "DROP VIEW badge_posts"
execute "CREATE VIEW badge_posts AS
SELECT p.*
FROM posts p
JOIN topics t ON t.id = p.topic_id
JOIN categories c ON c.id = t.category_id
WHERE c.allow_badges AND
p.deleted_at IS NULL AND
t.deleted_at IS NULL AND
NOT c.read_restricted AND
t.visible"
end
def down
execute "DROP VIEW badge_posts"
execute "CREATE VIEW badge_posts AS
SELECT p.*
FROM posts p
JOIN topics t ON t.id = p.topic_id
JOIN categories c ON c.id = t.category_id
WHERE c.allow_badges AND
p.deleted_at IS NULL AND
t.deleted_at IS NULL AND
t.visible"
end
end