mirrors/retrospring
1
0
Fork 0
mirror of https://github.com/Retrospring/retrospring.git synced 2025-01-31 09:59:07 +01:00
Code Issues Projects Releases Packages Wiki Activity

Disallow author and anonymous inbox filter combination

Browse source
This commit is contained in:
Andreas Nedbal 2024-01-25 21:48:49 +01:00 committed by Andreas Nedbal
parent 134c575e40
commit b96651fa70
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/models/inbox_filter.rb
View file

@ -10,6 +10,10 @@ class InboxFilter
anonymous anonymous
].freeze ].freeze
FORBIDDEN_PARAM_GROUPS = [
%i[author anonymous]
].freeze
attr_reader :params, :user attr_reader :params, :user
def initialize(user, params) def initialize(user, params)
@ -18,6 +22,8 @@ class InboxFilter
end end
def results def results
return Inbox.none unless valid_params?
scope = @user.inboxes scope = @user.inboxes
.includes(:question, user: :profile) .includes(:question, user: :profile)
.order(:created_at) .order(:created_at)
@ -32,6 +38,10 @@ class InboxFilter
private private
def valid_params?
FORBIDDEN_PARAM_GROUPS.none? { |combination| combination.all? { |key| params.key?(key) } }
end
def scope_for(key, value) def scope_for(key, value)
case key.to_s case key.to_s
when "author" when "author"