consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent non-authors from viewing valuation comments

Browse Source
This commit is contained in:
Bertocq
2018-01-31 18:38:44 +01:00
parent fcf5e6223b
commit bca150bcd5
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/comments_controller.rb
View File

@@ -21,8 +21,12 @@ class CommentsController < ApplicationController
def show def show
@comment = Comment.find(params[:id]) @comment = Comment.find(params[:id])
if @comment.valuation && @comment.author != current_user
raise ActiveRecord::RecordNotFound
else
set_comment_flags(@comment.subtree) set_comment_flags(@comment.subtree)
end end
end
def vote def vote
@comment.vote_by(voter: current_user, vote: params[:value]) @comment.vote_by(voter: current_user, vote: params[:value])