Easier helper for filtering secured categories

This commit is contained in:
Robin Ward 2015-02-12 11:52:59 -05:00
parent 5f8e604abc
commit e207ca36ee
4 changed files with 17 additions and 23 deletions

View File

@ -46,15 +46,7 @@ class Group < ActiveRecord::Base
.where('topics.archetype <> ?', Archetype.private_message)
.where(post_type: Post.types[:regular])
unless guardian.is_admin?
allowed_ids = guardian.allowed_category_ids
if allowed_ids.length > 0
result = result.where('topics.category_id IS NULL or topics.category_id IN (?)', allowed_ids)
else
result = result.where('topics.category_id IS NULL')
end
end
result = guardian.filter_allowed_categories(result)
result = result.where('posts.id < ?', before_post_id) if before_post_id
result.order('posts.created_at desc')
end

View File

@ -67,6 +67,19 @@ module TopicGuardian
# not secure, or I can see it
!topic.read_restricted_category? || can_see_category?(topic.category)
end
def filter_allowed_categories(records)
unless is_admin?
allowed_ids = allowed_category_ids
if allowed_ids.length > 0
records = records.where('topics.category_id IS NULL or topics.category_id IN (?)', allowed_ids)
else
records = records.where('topics.category_id IS NULL')
end
records = records.references(:categories)
end
records
end
end

View File

@ -359,18 +359,7 @@ class TopicQuery
result = result.where('topics.posts_count <= ?', options[:max_posts]) if options[:max_posts].present?
result = result.where('topics.posts_count >= ?', options[:min_posts]) if options[:min_posts].present?
guardian = Guardian.new(@user)
if !guardian.is_admin?
allowed_ids = guardian.allowed_category_ids
if allowed_ids.length > 0
result = result.where('topics.category_id IS NULL or topics.category_id IN (?)', allowed_ids)
else
result = result.where('topics.category_id IS NULL')
end
result = result.references(:categories)
end
result
Guardian.new(@user).filter_allowed_categories(result)
end
def remove_muted_categories(list, user, opts=nil)

View File

@ -19,7 +19,7 @@ describe Guardian do
expect { Guardian.new }.not_to raise_error
end
it 'can be instantiaed with a user instance' do
it 'can be instantiated with a user instance' do
expect { Guardian.new(user) }.not_to raise_error
end