forked from OpenNeo/impress
privacy bug: would show hangers even in private lists as Trading if unlisted hangers were marked Trading
This commit is contained in:
parent
4c510f91db
commit
4e74589118
1 changed files with 3 additions and 1 deletions
|
@ -20,7 +20,9 @@ class ClosetHanger < ActiveRecord::Base
|
||||||
scope "#{name}_trading", joins(:user).includes(:list).
|
scope "#{name}_trading", joins(:user).includes(:list).
|
||||||
where(:owned => owned).
|
where(:owned => owned).
|
||||||
where((
|
where((
|
||||||
User.arel_table["#{name}_closet_hangers_visibility"].gteq(ClosetVisibility[:trading].id)
|
arel_table[:list_id].eq(nil).and(
|
||||||
|
User.arel_table["#{name}_closet_hangers_visibility"].gteq(ClosetVisibility[:trading].id)
|
||||||
|
)
|
||||||
).or(
|
).or(
|
||||||
ClosetList.arel_table[:visibility].gteq(ClosetVisibility[:trading].id)
|
ClosetList.arel_table[:visibility].gteq(ClosetVisibility[:trading].id)
|
||||||
))
|
))
|
||||||
|
|
Loading…
Reference in a new issue