SECURITY: Respect topic permissions when loading draft metadata

Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2025-05-21 18:12:32 +08:00 · 2020-03-23 11:02:24 +00:00
parent 3f9b922d20
commit 5ff505cea6
7 changed files with 188 additions and 83 deletions
--- a/app/controllers/drafts_controller.rb
+++ b/app/controllers/drafts_controller.rb
@ -23,17 +23,6 @@ class DraftsController < ApplicationController
    }

    stream = Draft.stream(opts)
-    stream.each do |d|
-      parsed_data = JSON.parse(d.data)
-      if parsed_data
-        if parsed_data['reply']
-          d.raw = parsed_data['reply']
-        end
-        if parsed_data['categoryId'].present? && !d.category_id.present?
-          d.category_id = parsed_data['categoryId']
-        end
-      end
-    end

    render json: {
      drafts: stream ? serialize_data(stream, DraftSerializer) : [],