From 10aa25882ab23bb625e62ca0761f7aae414312ba Mon Sep 17 00:00:00 2001
From: Andrew Brown <drusepth@gmail.com>
Date: Mon, 26 Sep 2016 01:28:11 +0200
Subject: [PATCH] Only show serendipitous cards if a user is signed in and owns
 the content they're looking at

---
 app/controllers/content_controller.rb | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/controllers/content_controller.rb b/app/controllers/content_controller.rb
index 0928fcbaf..0e201fb72 100644
--- a/app/controllers/content_controller.rb
+++ b/app/controllers/content_controller.rb
@@ -30,11 +30,13 @@ def show
     # TODO: Secure this with content class whitelist lel
     @content = content_type_from_controller(self.class).find(params[:id])
 
-    # question = QuestionService.question(Content.new @content.slice(*content_param_list.flat_map { |v| v.is_a?(Symbol) ? v : v.keys.map { |k| k.to_s.chomp('_attributes').to_sym } }))
-    begin
-      questionable_params = content_param_list.reject { |x| x.is_a?(Hash) || x.to_s.end_with?('_id') }
-      @question = QuestionService.question(Content.new @content.slice(*questionable_params))
-    rescue
+    if current_user and current_user == @content.user
+      # question = QuestionService.question(Content.new @content.slice(*content_param_list.flat_map { |v| v.is_a?(Symbol) ? v : v.keys.map { |k| k.to_s.chomp('_attributes').to_sym } }))
+      begin
+        questionable_params = content_param_list.reject { |x| x.is_a?(Hash) || x.to_s.end_with?('_id') }
+        @question = QuestionService.question(Content.new @content.slice(*questionable_params))
+      rescue
+      end
     end
 
     respond_to do |format|