Fix secure paste visibility: always visible to admins and paste author.

ashcmd · ashcmd · commit 1ad600430b8a · 2012-09-27T05:49:12.000-07:00
diff --git a/app/controllers/pastes_controller.rb b/app/controllers/pastes_controller.rb
@@ -100,7 +100,7 @@ def find_paste_and_project
     else
       @pastes = Paste
     end
-    @pastes = @pastes.insecure
+    @pastes = @pastes.visible_to(User.current)
 
     if params[:id].present?
       if Paste.secure_id?(params[:id])
diff --git a/app/models/paste.rb b/app/models/paste.rb
@@ -31,7 +31,9 @@ class Paste < ActiveRecord::Base
   }
 
   named_scope :secure, :conditions => "access_token IS NOT NULL"
-  named_scope :insecure, :conditions => "access_token IS NULL"
+  named_scope :visible_to, lambda { |user|
+    { :conditions => (user.admin? ? nil : ["access_token IS NULL OR author_id = ?", user.id]) }
+  }
 
   named_scope :expired, :conditions => "expires_at <= current_timestamp"
   default_scope :conditions => "expires_at IS NULL OR expires_at > current_timestamp"

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,9 @@ class Paste < ActiveRecord::Base`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`named_scope :secure, :conditions => "access_token IS NOT NULL"`
`34`		`- named_scope :insecure, :conditions => "access_token IS NULL"`
	`34`	`+ named_scope :visible_to, lambda { \|user\|`
	`35`	`+ { :conditions => (user.admin? ? nil : ["access_token IS NULL OR author_id = ?", user.id]) }`
	`36`	`+ }`
`35`	`37`
`36`	`38`	`named_scope :expired, :conditions => "expires_at <= current_timestamp"`
`37`	`39`	`default_scope :conditions => "expires_at IS NULL OR expires_at > current_timestamp"`