Revision a30ab44e
Added by Marek Hulán almost 8 years ago
| app/controllers/concerns/api/v2/taxonomies_controller.rb | ||
|---|---|---|
|
param_group :search_and_pagination, ::Api::V2::BaseController
|
||
|
def index
|
||
|
if @nested_obj
|
||
|
@taxonomies = @nested_obj.send(taxonomies_plural).search_for(*search_options).paginate(paginate_options)
|
||
|
@total = @nested_obj.send(taxonomies_plural).count
|
||
|
@taxonomies = @nested_obj.send(taxonomies_plural).send(:completer_scope, :controller => taxonomies_plural).search_for(*search_options).paginate(paginate_options)
|
||
|
@total = @nested_obj.send(taxonomies_plural).send(:completer_scope, :controller => taxonomies_plural).count
|
||
|
else
|
||
|
@taxonomies = taxonomy_class.search_for(*search_options).paginate(paginate_options)
|
||
|
@total = taxonomy_class.count
|
||
|
@taxonomies = taxonomy_class.send("my_#{taxonomies_plural}").search_for(*search_options).paginate(paginate_options)
|
||
|
@total = taxonomy_class.send("my_#{taxonomies_plural}").count
|
||
|
end
|
||
|
instance_variable_set("@#{taxonomies_plural}", @taxonomies)
|
||
|
|
||
| ... | ... | |
|
render :json => {:error => {:message => (_('Cannot delete %{current} because it has nested %{sti_name}.') % { :current => @taxonomy.title, :sti_name => @taxonomy.sti_name }) } }
|
||
|
end
|
||
|
|
||
|
# overriding public FindCommon#resource_scope to scope only to user's taxonomies
|
||
|
def resource_scope(*args)
|
||
|
super.send("my_#{taxonomies_plural}")
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def rename_config_template
|
||
Also available in: Unified diff
Fixes #15268 - limit user taxonomies using my scopes
Fixes CVE-2016-4475