admin convenience for story/comment lookup

2023-08-05 17:29:47 -05:00 · 2023-08-05 17:29:47 -05:00 · 26a7e87087
parent d7e278213b
commit 26a7e87087
2 changed files with 6 additions and 0 deletions
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@ -378,6 +378,9 @@ private

  def find_comment
    comment = Comment.where(short_id: params[:id]).first
+    # convenience to use PK (from external queries) without generally permitting enumeration:
+    comment ||= Comment.find(params[:id]) if @user && @user.is_admin?
+
    if @user && comment
      comment.current_vote = Vote.where(:user_id => @user.id,
        :story_id => comment.story_id, :comment_id => comment.id).first
--- a/app/controllers/stories_controller.rb
+++ b/app/controllers/stories_controller.rb
@ -416,6 +416,9 @@ private

  def find_story
    story = Story.find_by(:short_id => params[:story_id])
+    # convenience to use PK (from external queries) without generally permitting enumeration:
+    story ||= Story.find(params[:id]) if @user && @user.is_admin?
+
    if @user && story
      story.vote = Vote.find_by(
        user: @user,