github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 07:11:34 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: verify that inviter can invite new user to a topic

Browse Source
This commit is contained in:
Arpit Jalan
2017-10-09 15:52:41 +05:30
parent 59aeb0bc56
commit a2183c3f1d
4 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/invites_controller.rb
View File

@ -93,9 +93,11 @@ class InvitesController < ApplicationController
group_ids: params[:group_ids],
group_names: params[:group_names]
)
guardian.ensure_can_invite_to_forum!(groups)
topic = Topic.find_by(id: params[:topic_id])
guardian.ensure_can_invite_to!(topic) if topic.present?
group_ids = groups.map(&:id)
invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first