noosfero | Invitation to events (!1445)
Rodrigo Souto
gitlab at mg.gitlab.com
Fri May 11 15:40:30 BRT 2018
Rodrigo Souto started a new discussion on app/controllers/my_profile/cms_controller.rb:
> end
> end
>
> + def invite_to_event
> + @article = profile.articles.find(params[:id])
> + @profiles = invite_event_to @article
> + record_coming
> + if request.post?
> + @back_to = params[:back_to]
> + @failed = {}
> + people_to_invite = Profile.find(params[:profile_ids])
Here you should use `@profiles.find` instead of `Profile.find`. The way it is now, I can invite anyone in the environment and actually people from other environments as well if I pass the parameter straight in the post.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/noosfero/noosfero/merge_requests/1445#note_72741020
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20180511/1dc47ac6/attachment-0001.html>
More information about the Noosfero-dev
mailing list