admin convenience for story/comment lookup
This commit is contained in:
parent
d7e278213b
commit
26a7e87087
|
@ -378,6 +378,9 @@ private
|
|||
|
||||
def find_comment
|
||||
comment = Comment.where(short_id: params[:id]).first
|
||||
# convenience to use PK (from external queries) without generally permitting enumeration:
|
||||
comment ||= Comment.find(params[:id]) if @user && @user.is_admin?
|
||||
|
||||
if @user && comment
|
||||
comment.current_vote = Vote.where(:user_id => @user.id,
|
||||
:story_id => comment.story_id, :comment_id => comment.id).first
|
||||
|
|
|
@ -416,6 +416,9 @@ private
|
|||
|
||||
def find_story
|
||||
story = Story.find_by(:short_id => params[:story_id])
|
||||
# convenience to use PK (from external queries) without generally permitting enumeration:
|
||||
story ||= Story.find(params[:id]) if @user && @user.is_admin?
|
||||
|
||||
if @user && story
|
||||
story.vote = Vote.find_by(
|
||||
user: @user,
|
||||
|
|
Loading…
Reference in New Issue