FIX: most liked queries were leaking info in user summaries

This commit is contained in:
Régis Hanol 2016-05-30 19:48:46 +02:00
parent be057dfb75
commit 26f25fc0d9
2 changed files with 3 additions and 3 deletions

View File

@ -129,7 +129,7 @@ class Topic < ActiveRecord::Base
# Return private message topics # Return private message topics
scope :private_messages, -> { where(archetype: Archetype.private_message) } scope :private_messages, -> { where(archetype: Archetype.private_message) }
scope :listable_topics, -> { where('topics.archetype <> ?', [Archetype.private_message]) } scope :listable_topics, -> { where('topics.archetype <> ?', Archetype.private_message) }
scope :by_newest, -> { order('topics.created_at desc, topics.id desc') } scope :by_newest, -> { order('topics.created_at desc, topics.id desc') }

View File

@ -53,7 +53,7 @@ class UserSummary
def most_liked_by_users def most_liked_by_users
likers = {} likers = {}
UserAction.joins(:target_topic, :target_post) UserAction.joins(:target_topic, :target_post)
.where('topics.archetype <> ?', Archetype.private_message) .merge(Topic.listable_topics.visible.secured(@guardian))
.where(user: @user) .where(user: @user)
.where(action_type: UserAction::WAS_LIKED) .where(action_type: UserAction::WAS_LIKED)
.group(:acting_user_id) .group(:acting_user_id)
@ -78,7 +78,7 @@ class UserSummary
def most_liked_users def most_liked_users
liked_users = {} liked_users = {}
UserAction.joins(:target_topic, :target_post) UserAction.joins(:target_topic, :target_post)
.where('topics.archetype <> ?', Archetype.private_message) .merge(Topic.listable_topics.visible.secured(@guardian))
.where(action_type: UserAction::WAS_LIKED) .where(action_type: UserAction::WAS_LIKED)
.where(acting_user_id: @user.id) .where(acting_user_id: @user.id)
.group(:user_id) .group(:user_id)