jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
a160a3acce3d2bd4e6ee09dfd7c72916cf94f910
danbooru/app/policies/media_asset_policy.rb
evazion 0132c5f0a5 media assets: fix md5 leak in media assets. 
Fix unprivileged users being able to see images and MD5 hashes of media
assets belonging to censored posts.
2022-01-30 23:23:55 -06:00

20 lines
294 B
Ruby
Raw Blame History

# frozen_string_literal: true
class MediaAssetPolicy < ApplicationPolicy
def index?
true
end
def can_see_image?
record.post.blank? || record.post.visible?(user)
end
def api_attributes
if can_see_image?
super
else
super.excluding(:md5)
end
end
end
Reference in New Issue View Git Blame Copy Permalink