Revision af9edf10
Added by Marek Hulán about 7 years ago
| app/models/notification.rb | ||
|---|---|---|
|
when AUDIENCE_USER
|
||
|
[initiator.id]
|
||
|
when AUDIENCE_ADMIN
|
||
|
User.only_admin.except_hidden.reorder('').uniq.pluck(:id)
|
||
|
User.unscoped.only_admin.except_hidden.reorder('').uniq.pluck(:id)
|
||
|
when AUDIENCE_GROUP
|
||
|
subject.all_users.uniq.map(&:id) # This needs to be rewritten in usergroups.
|
||
|
end
|
||
| ... | ... | |
|
end
|
||
|
|
||
|
def set_notification_recipients
|
||
|
subscribers = subscriber_ids
|
||
|
notification_recipients.build subscribers.map{|id| { :user_id => id}}
|
||
|
subscribers = User.unscoped.where(:id => subscriber_ids)
|
||
|
notification_recipients.build subscribers.map{|user| { :user => user}}
|
||
|
end
|
||
|
|
||
|
def set_custom_attributes
|
||
Also available in: Unified diff
Fixes #19612 - CVE-2017-7505 don't expose admin to taxed users