don't allow privileged tags to be filtered

2012-09-20 10:56:31 -05:00 · 2012-09-20 10:56:31 -05:00 · 058cf16863
parent 39bb9b77de
commit 058cf16863
1 changed files with 2 additions and 1 deletions
--- a/app/controllers/filters_controller.rb
+++ b/app/controllers/filters_controller.rb
@ -14,7 +14,8 @@ class FiltersController < ApplicationController
    new_filters = []

    params.each do |k,v|
-      if (m = k.match(/^tag_(.+)$/)) && v.to_i == 1 && Tag.find_by_tag(m[1])
+      if (m = k.match(/^tag_(.+)$/)) && v.to_i == 1 &&
+      (t = Tag.find_by_tag(m[1])) && t.valid_for?(@user)
        new_filters.push m[1]
      end
    end