FIX: Suggest only groups that are visible to current user (#48)
Otherwise, the user would search in groups that were not visible, operation which resulted in a 403 error.
This commit is contained in:
parent
d268d4f817
commit
7d4b515524
|
@ -24,7 +24,7 @@ module DiscourseAssign
|
||||||
.limit(6)
|
.limit(6)
|
||||||
|
|
||||||
render json: {
|
render json: {
|
||||||
assign_allowed_on_groups: Group.assign_allowed_groups.pluck(:name),
|
assign_allowed_on_groups: current_user.visible_groups.assign_allowed_groups.pluck(:name),
|
||||||
suggestions: ActiveModel::ArraySerializer.new(users, scope: guardian, each_serializer: BasicUserSerializer)
|
suggestions: ActiveModel::ArraySerializer.new(users, scope: guardian, each_serializer: BasicUserSerializer)
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue