Note the security oddity of finding straight off root
This commit is contained in:
@@ -7,6 +7,7 @@ module BubbleScoped
|
||||
|
||||
private
|
||||
def set_bubble
|
||||
# Finding the bubble on the root depends on checking permission by finding its bucket via Current.user
|
||||
@bubble = Bubble.find(params[:bubble_id])
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user