consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove unneeded scope

Browse Source 
In this case using `joins` doesn't prevent N+1 queries to get titles for
every record, and since we cannot order translations with just SQL due
to fallbacks, we don't need it.

Automatic SQL injection checks were showing a false positive in this
scope; there was no real vulnerability here because foreign keys, table
names and locales were under our control.
This commit is contained in:
Javi Martín
2019-11-11 01:13:02 +01:00
parent e470ea1cc1
commit a76ed31a94
2 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/budget/investment.rb
View File

@@ -126,7 +126,7 @@ class Budget
end end
def self.sort_by_title def self.sort_by_title
with_translation.sort_by(&:title) all.sort_by(&:title)
end end
def self.filter_params(params) def self.filter_params(params)

2
app/models/concerns/globalizable.rb
View File

@@ -29,8 +29,6 @@ module Globalizable
translation_class.send :acts_as_paranoid, column: :hidden_at translation_class.send :acts_as_paranoid, column: :hidden_at
end end
scope :with_translation, -> { joins("LEFT OUTER JOIN #{translations_table_name} ON #{table_name}.id = #{translations_table_name}.#{reflections["translations"].foreign_key} AND #{translations_table_name}.locale='#{I18n.locale}'") }
private private
def required_attribute?(attribute) def required_attribute?(attribute)