users: fix deprecation warning in current_user_first.

DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "id = 52664 desc". Non-attribute arguments will be disallowed in Rails 6.1. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql().
2019-09-01 13:10:37 -05:00
parent 80d881bfcb
commit 3216f83ad8
1 changed files with 2 additions and 2 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -752,9 +752,9 @@ class User < ApplicationRecord
      end

      if params[:current_user_first].to_s.truthy? && !CurrentUser.is_anonymous?
-        q = q.order("id = #{CurrentUser.user.id.to_i} desc")
+        q = q.order(Arel.sql("id = #{CurrentUser.id} desc"))
      end
-      
+
      case params[:order]
      when "name"
        q = q.order("name")