noosfero | Move contents (!1270)
Rodrigo Souto
gitlab at mg.gitlab.com
Thu Jul 6 15:50:57 BRT 2017
Rodrigo Souto started a new discussion on app/controllers/my_profile/cms_controller.rb:
> render :action => 'edit'
> end
>
> + def move
> + if request.get?
> + if params[:parent_id]
> + @article = Article.find(params[:parent_id])
You must limit the article scope to only profile's articles or you might allow moving articles from different profiles or even different environments. Use something like `profile.articles.find(params[:parent_id])`.
---
Reply to this email directly or view it on GitLab: https://gitlab.com/noosfero/noosfero/merge_requests/1270#note_34372939
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20170706/491fa16e/attachment.html>
More information about the Noosfero-dev
mailing list