Fix forum access rules.

This commit is contained in:
simplefl 2015-04-09 13:44:30 +02:00
parent 1560d569f7
commit 5330f10a12

View file

@ -19,16 +19,6 @@ class Forum < ActiveRecord::Base
attr_protected :id, :updated_at, :created_at
scope :available_to,
lambda { |user, level| {
:select => "forums.*, groupers.user_id AS access, COUNT(f2.id) AS acl, g2.user_id",
:joins => "LEFT JOIN forumers ON forumers.forum_id = forums.id AND forumers.access = #{level}
LEFT JOIN forumers AS f2 ON forumers.forum_id = forums.id AND f2.access = #{level}
LEFT JOIN groups ON forumers.group_id = groups.id
LEFT JOIN groupers ON groupers.group_id = groups.id AND groupers.user_id = #{user.id}
LEFT JOIN groupers g2 ON g2.group_id = #{Group::ADMINS} AND g2.user_id = #{user.id}",
:group => "forums.id",
:having => ["access IS NOT NULL OR acl = 0 OR g2.user_id IS NOT NULL", level]} }
scope :public,
:select => "forums.*",
:joins => "LEFT JOIN forumers ON forumers.forum_id = forums.id AND forumers.access = #{Forumer::ACCESS_READ}",
@ -75,4 +65,19 @@ class Forum < ActiveRecord::Base
def can_destroy? cuser
cuser and cuser.admin?
end
def self.available_to cuser, level
user_has_access =
Forum .joins("JOIN forumers ON forumers.forum_id = forums.id
AND forumers.access = #{level}")
.joins("JOIN groups ON forumers.group_id = groups.id")
.joins("JOIN groupers ON groupers.group_id = groups.id
AND groupers.user_id = #{cuser.id}")
is_admin = Grouper.where(user_id: cuser, group_id: Group::ADMINS)
Forum.where("EXISTS (#{is_admin.to_sql}) OR
id IN (SELECT q.id from (#{user_has_access.to_sql}) q ) OR
id IN (SELECT q.id from (#{Forum.public.to_sql}) q )")
end
end