From 4e74589118338f2d9b227b664f0685173adb0295 Mon Sep 17 00:00:00 2001
From: Matchu <matchu1993@gmail.com>
Date: Sat, 6 Aug 2011 23:15:32 -0400
Subject: [PATCH] privacy bug: would show hangers even in private lists as
 Trading if unlisted hangers were marked Trading

---
 app/models/closet_hanger.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/models/closet_hanger.rb b/app/models/closet_hanger.rb
index e873f6cb..44358a66 100644
--- a/app/models/closet_hanger.rb
+++ b/app/models/closet_hanger.rb
@@ -20,7 +20,9 @@ class ClosetHanger < ActiveRecord::Base
     scope "#{name}_trading", joins(:user).includes(:list).
       where(:owned => owned).
       where((
-        User.arel_table["#{name}_closet_hangers_visibility"].gteq(ClosetVisibility[:trading].id)
+        arel_table[:list_id].eq(nil).and(
+          User.arel_table["#{name}_closet_hangers_visibility"].gteq(ClosetVisibility[:trading].id)
+        )
         ).or(
         ClosetList.arel_table[:visibility].gteq(ClosetVisibility[:trading].id)
       ))