Fix security issues with teams

2013-01-25 15:51:45 +02:00 · 2013-01-25 15:51:45 +02:00 · 6350b32a3d
commit 6350b32a3d
parent 3ddd9f753c
4 changed files with 16 additions and 7 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -295,4 +295,15 @@ class User < ActiveRecord::Base
  def namespace_id
    namespace.try :id
  end
+
+  def authorized_teams
+    @authorized_teams ||= begin
+                            ids = []
+                            ids << UserTeam.with_member(self).pluck('user_teams.id')
+                            ids << UserTeam.created_by(self).pluck('user_teams.id')
+                            ids.flatten
+
+                            UserTeam.where(id: ids)
+                          end
+  end
 end