Permalink
Browse files

Only allow admins to pass show_deleted parameter

Relates to #1626
  • Loading branch information...
1 parent 934e3e6 commit 8c3f5a1539fb0af391037ecac94e04c29f296371 @radar radar committed Jun 3, 2012
Showing with 3 additions and 3 deletions.
  1. +3 −3 api/app/controllers/spree/api/v1/base_controller.rb
@@ -68,12 +68,12 @@ def find_product(id)
def product_scope
if current_api_user.has_spree_role?("admin")
scope = Product
+ unless params[:show_deleted]
+ scope = scope.not_deleted
+ end
else
scope = Product.active
end
- unless params[:show_deleted]
- scope = scope.not_deleted
- end
scope.includes(:master)
end

0 comments on commit 8c3f5a1

Please sign in to comment.