Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Only allow admins to pass show_deleted parameter

Relates to #1626
  • Loading branch information...
commit 8c3f5a1539fb0af391037ecac94e04c29f296371 1 parent 934e3e6
@radar radar authored
Showing with 3 additions and 3 deletions.
  1. +3 −3 api/app/controllers/spree/api/v1/base_controller.rb
View
6 api/app/controllers/spree/api/v1/base_controller.rb
@@ -68,12 +68,12 @@ def find_product(id)
def product_scope
if current_api_user.has_spree_role?("admin")
scope = Product
+ unless params[:show_deleted]
+ scope = scope.not_deleted
+ end
else
scope = Product.active
end
- unless params[:show_deleted]
- scope = scope.not_deleted
- end
scope.includes(:master)
end
Please sign in to comment.
Something went wrong with that request. Please try again.