diff options
author | Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> | 2013-02-07 00:22:52 +0100 |
---|---|---|
committer | Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> | 2013-02-07 00:22:52 +0100 |
commit | b1991493127376655516ccced62a403ae84c3012 (patch) | |
tree | 3df01f7eda95e98ce9e49cb2f9fbe619db543ddf /app | |
parent | 3894dfdd5e8973812e5a1330ad57b328d9abe429 (diff) | |
download | ecs2-b1991493127376655516ccced62a403ae84c3012.tar.gz ecs2-b1991493127376655516ccced62a403ae84c3012.zip |
Prevent message deletion.
Scenario:
Owner deletes his message for which he is concurrently a receiver
This should only be possible until he clears its receiver queue. Then
the next DELETE operation removes the message from ECS and also destroys
all other receiver references as it would be happened if the message
owner had not even addressed itself.
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/messages_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 0c6a3a5..0ab375b 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -71,7 +71,7 @@ class MessagesController < ApplicationController when @record.outtimed_auths_resource_by_non_owner?(@app_namespace, @resource_name, @participant) @record.destroy_as_receiver(@participant) raise Ecs::OuttimedAuthsException, 'Authorization token outtimed' - when @participant.sender?(@record) + when (@participant.sender?(@record) and not @participant.receiver?(@record)) @record.destroy_as_sender else @record.destroy_as_receiver(@participant) |