don't overwrite public flag for queries AFTER security check

pull/1962/head
Philipp Tessenow 10 years ago
parent ac3b5b4473
commit 1dd7eff8ce
  1. 2
      app/controllers/api/experimental/concerns/query_loading.rb

@ -46,6 +46,7 @@ module Api::Experimental::Concerns::QueryLoading
end
def prepare_query
@query.is_public = params[:is_public] if params[:is_public]
@query.is_public = false unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
view_context.add_filter_from_params if params[:fields] || params[:f] || params[:accept_empty_query_fields]
@query.group_by = params[:group_by] if params[:group_by].present?
@ -54,7 +55,6 @@ module Api::Experimental::Concerns::QueryLoading
@query.column_names = params[:c] if params[:c]
@query.column_names = nil if params[:default_columns]
@query.name = params[:name] if params[:name]
@query.is_public = params[:is_public] if params[:is_public]
end
def prepare_sort_criteria

Loading…
Cancel
Save