Revision af9edf10
Added by Marek Hulán about 7 years ago
| app/models/concerns/taxonomix.rb | ||
|---|---|---|
|
if self == User
|
||
|
# In the case of users we want the taxonomy scope to get both the users
|
||
|
# of the taxonomy, admins, and the current user.
|
||
|
ids.concat(admin_ids)
|
||
|
ids.concat(admin_ids) if User.current.present? && User.current.admin?
|
||
|
ids << User.current.id if User.current.present?
|
||
|
end
|
||
|
|
||
Also available in: Unified diff
Fixes #19612 - CVE-2017-7505 don't expose admin to taxed users