SECURITY: Don't allow badges on read restricted categories

2014-07-12 09:37:22 +10:00 · 2014-07-12 09:37:22 +10:00 · 724fff22e7
parent b526cdc55c
commit 724fff22e7
1 changed files with 30 additions and 0 deletions
--- a/db/migrate/20140711233329_badges_only_on_public_categories.rb
+++ b/db/migrate/20140711233329_badges_only_on_public_categories.rb
@ -0,0 +1,30 @@
+class BadgesOnlyOnPublicCategories < ActiveRecord::Migration
+  def up
+    execute "DROP VIEW badge_posts"
+
+    execute "CREATE VIEW badge_posts AS
+    SELECT p.*
+    FROM posts p
+    JOIN topics t ON t.id = p.topic_id
+    JOIN categories c ON c.id = t.category_id
+    WHERE c.allow_badges AND
+          p.deleted_at IS NULL AND
+          t.deleted_at IS NULL AND
+          NOT c.read_restricted AND
+          t.visible"
+  end
+
+  def down
+    execute "DROP VIEW badge_posts"
+
+    execute "CREATE VIEW badge_posts AS
+    SELECT p.*
+    FROM posts p
+    JOIN topics t ON t.id = p.topic_id
+    JOIN categories c ON c.id = t.category_id
+    WHERE c.allow_badges AND
+          p.deleted_at IS NULL AND
+          t.deleted_at IS NULL AND
+          t.visible"
+  end
+end