scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-03-03 19:24:48 +08:00
Code Issues Projects Releases Packages Wiki Activity

Fix permission check lapsus

Browse source
This commit is contained in:
Urban Rotnik 2020-08-11 17:00:36 +02:00
parent 02bb29cf79
commit 7d186156a0
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/search_controller.rb
View file

@ -263,7 +263,9 @@ class SearchController < ApplicationController
def search_repository
@repository = Repository.find_by_id(params[:repository])
render_403 unless user.teams.include?(repository.team) || repository.private_shared_with?(user.teams)
unless current_user.teams.include?(@repository.team) || @repository.private_shared_with?(current_user.teams)
render_403
end
@repository_results = []
if @repository_search_count_total > 0
@repository_results =