Fix security issues with teams

2013-01-25 15:51:45 +02:00 · 2013-01-25 15:51:45 +02:00 · 6350b32a3d
commit 6350b32a3d
parent 3ddd9f753c
4 changed files with 16 additions and 7 deletions
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@ -18,7 +18,7 @@ class DashboardController < ApplicationController
                  @projects
                end

-    @teams = (UserTeam.with_member(current_user) + UserTeam.created_by(current_user)).uniq
+    @teams = current_user.authorized_teams

    @projects = @projects.page(params[:page]).per(30)