Revision 399bb10b
Added by Marek Hulán almost 8 years ago
app/controllers/concerns/foreman/controller/taxonomies_controller.rb | ||
---|---|---|
|
||
def nest
|
||
@taxonomy = taxonomy_class.new
|
||
@taxonomy.parent_id = params[:id].to_i
|
||
@taxonomy.parent_id = params[:id].to_i if resource_scope.find_by_id(params[:id])
|
||
render 'taxonomies/new'
|
||
end
|
||
|
||
... | ... | |
not_found and return if params[:id].blank?
|
||
case controller_name
|
||
when 'organizations'
|
||
@taxonomy = @organization = Organization.find(params[:id])
|
||
@taxonomy = @organization = resource_scope.find(params[:id])
|
||
when 'locations'
|
||
@taxonomy = @location = Location.find(params[:id])
|
||
@taxonomy = @location = resource_scope.find(params[:id])
|
||
end
|
||
end
|
||
|
||
def resource_scope
|
||
taxonomy_class.send("my_#{taxonomies_plural}")
|
||
end
|
||
|
||
def count_nil_hosts
|
||
return @count_nil_hosts if @count_nil_hosts
|
||
@count_nil_hosts = hosts_scope_without_taxonomy.count
|
Also available in: Unified diff
Fixes #15268 - limit user taxonomies using my scopes
Fixes CVE-2016-4475
(cherry picked from commit a30ab44ed6f140f1791afc51a1e448afc2ff28f9)