IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Prevent unauthorized list of private message titles. Also remove some unused code.

Browse Source
This commit is contained in:
Robin Ward
2013-09-30 14:35:11 -04:00
parent 40c08eab14
commit 3f0c03a20c
5 changed files with 61 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/user_actions_controller.rb
View File

@@ -16,15 +16,7 @@ class UserActionsController < ApplicationController
ignore_private_messages: params[:filter] ? false : true
}
stream =
if opts[:action_types] == [UserAction::GOT_PRIVATE_MESSAGE] ||
opts[:action_types] == [UserAction::NEW_PRIVATE_MESSAGE]
UserAction.private_message_stream(opts[:action_types][0], opts)
else
UserAction.stream(opts)
end
render_serialized(stream, UserActionSerializer, root: "user_actions")
render_serialized(UserAction.stream(opts), UserActionSerializer, root: "user_actions")
end
def show