From aed9125e93b6b43516a5f5c04173f28b3b721378 Mon Sep 17 00:00:00 2001 From: danielvincent Date: Tue, 5 Oct 2010 12:41:41 -0700 Subject: [PATCH] more querying through the current_user in controllers --- Gemfile.lock | 2 +- app/controllers/photos_controller.rb | 3 ++- app/controllers/users_controller.rb | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8534f580a..44d386e33 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -258,7 +258,7 @@ DEPENDENCIES autotest bson (= 1.0.7) bson_ext (= 1.0.7) - bundler (= 1.0.0) + bundler (>= 1.0.0) capybara (~> 0.3.9) carrierwave! cucumber-rails (= 0.3.2) diff --git a/app/controllers/photos_controller.rb b/app/controllers/photos_controller.rb index 4d865573c..dca510374 100644 --- a/app/controllers/photos_controller.rb +++ b/app/controllers/photos_controller.rb @@ -9,7 +9,8 @@ class PhotosController < ApplicationController respond_to :json, :only => :show def create - album = Album.find_by_id params[:album_id] + album = current_user.find_visible_post_by_id( params[:album_id] ) + begin ######################## dealing with local files ############# diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 1cc280577..3e6472786 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -13,7 +13,7 @@ class UsersController < ApplicationController @user = current_user @person = @user.person @profile = @user.person.profile - @photos = Photo.find_all_by_person_id(@person.id).paginate :page => params[:page], :order => 'created_at DESC' + @photos = current_user.visible_posts(:person_id => current_user.person.id, :_type => 'Photo').paginate :page => params[:page], :order => 'created_at DESC' @fb_access_url = MiniFB.oauth_url(FB_APP_ID, APP_CONFIG[:pod_url] + "services/create", :scope=>MiniFB.scopes.join(","))