Revision 399bb10b
Added by Marek Hulán almost 8 years ago
| app/views/taxonomies/_form.html.erb | ||
|---|---|---|
|
<div class="tab-content stacked-content col-md-9">
|
||
|
<div class="tab-pane active" id="primary">
|
||
|
<%= base_errors_for taxonomy %>
|
||
|
<%= select_f(f, :parent_id, taxonomy.class.where("id NOT IN (#{taxonomy.subtree_ids.join(',')})").order(:title), :id, :title, { :include_blank => true },
|
||
|
<%= select_f(f, :parent_id, taxonomy.class.completer_scope(nil).where("id NOT IN (#{taxonomy.subtree_ids.join(',')})").order(:title), :id, :title, { :include_blank => true },
|
||
|
{ :label => _('Parent'), :onchange => 'parent_taxonomy_changed(this);',
|
||
|
:help_inline => :indicator,
|
||
|
:'data-url' => (controller_name == 'organizations' ? parent_taxonomy_selected_organization_path(taxonomy.id) :
|
||
Also available in: Unified diff
Fixes #15268 - limit user taxonomies using my scopes
Fixes CVE-2016-4475
(cherry picked from commit a30ab44ed6f140f1791afc51a1e448afc2ff28f9)