discourse/bookmark_guardian.rb at cdaa60b56bb285b3458a3f0054bcaffd23f300de - discourse - Git Repository of IntenseWebs.com, IF.Finance, IWeb.City, NuKVM.org, OilfieldTools Network, Spartan International Drilling, Green Polymer Products & more

IntenseWebs/discourse

mirror of https://github.com/discourse/discourse.git synced 2024-11-25 18:30:26 -06:00

David Taylor 5db41cd578

SECURITY: Respect topic permissions when loading bookmark metadata

Co-authored-by: Martin Brennan <martin@discourse.org>
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>

2020-03-23 11:30:48 +00:00

12 lines

208 B

Ruby

Raw Blame History

 # frozen_string_literal: true
 module BookmarkGuardian
   def can_delete_bookmark?(bookmark)
     @user == bookmark.user
   end
   def can_create_bookmark?(bookmark)
     can_see_topic?(bookmark.topic)
   end
 end