Revision af9edf10
Added by Marek Hulán about 7 years ago
app/models/notification.rb | ||
---|---|---|
when AUDIENCE_USER
|
||
[initiator.id]
|
||
when AUDIENCE_ADMIN
|
||
User.only_admin.except_hidden.reorder('').uniq.pluck(:id)
|
||
User.unscoped.only_admin.except_hidden.reorder('').uniq.pluck(:id)
|
||
when AUDIENCE_GROUP
|
||
subject.all_users.uniq.map(&:id) # This needs to be rewritten in usergroups.
|
||
end
|
||
... | ... | |
end
|
||
|
||
def set_notification_recipients
|
||
subscribers = subscriber_ids
|
||
notification_recipients.build subscribers.map{|id| { :user_id => id}}
|
||
subscribers = User.unscoped.where(:id => subscriber_ids)
|
||
notification_recipients.build subscribers.map{|user| { :user => user}}
|
||
end
|
||
|
||
def set_custom_attributes
|
Also available in: Unified diff
Fixes #19612 - CVE-2017-7505 don't expose admin to taxed users