From 17efc2ec803f7ec3c913c9a5b4bbb0e8e29724c1 Mon Sep 17 00:00:00 2001 From: simplefl Date: Thu, 9 Apr 2015 13:44:30 +0200 Subject: [PATCH] Fix forum access rules. --- app/models/forum.rb | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/app/models/forum.rb b/app/models/forum.rb index 1331234..b402987 100644 --- a/app/models/forum.rb +++ b/app/models/forum.rb @@ -19,16 +19,6 @@ class Forum < ActiveRecord::Base attr_protected :id, :updated_at, :created_at - scope :available_to, - lambda { |user, level| { - :select => "forums.*, groupers.user_id AS access, COUNT(f2.id) AS acl, g2.user_id", - :joins => "LEFT JOIN forumers ON forumers.forum_id = forums.id AND forumers.access = #{level} - LEFT JOIN forumers AS f2 ON forumers.forum_id = forums.id AND f2.access = #{level} - LEFT JOIN groups ON forumers.group_id = groups.id - LEFT JOIN groupers ON groupers.group_id = groups.id AND groupers.user_id = #{user.id} - LEFT JOIN groupers g2 ON g2.group_id = #{Group::ADMINS} AND g2.user_id = #{user.id}", - :group => "forums.id", - :having => ["access IS NOT NULL OR acl = 0 OR g2.user_id IS NOT NULL", level]} } scope :public, :select => "forums.*", :joins => "LEFT JOIN forumers ON forumers.forum_id = forums.id AND forumers.access = #{Forumer::ACCESS_READ}", @@ -75,4 +65,19 @@ class Forum < ActiveRecord::Base def can_destroy? cuser cuser and cuser.admin? end + + def self.available_to cuser, level + user_has_access = + Forum .joins("JOIN forumers ON forumers.forum_id = forums.id + AND forumers.access = #{level}") + .joins("JOIN groups ON forumers.group_id = groups.id") + .joins("JOIN groupers ON groupers.group_id = groups.id + AND groupers.user_id = #{cuser.id}") + + is_admin = Grouper.where(user_id: cuser, group_id: Group::ADMINS) + Forum.where("EXISTS (#{is_admin.to_sql}) OR + id IN (SELECT q.id from (#{user_has_access.to_sql}) q ) OR + id IN (SELECT q.id from (#{Forum.public.to_sql}) q )") + end + end