DEV: Address review comments for 5ed84d9885.

2020-09-08 11:17:35 +08:00 · 2020-09-08 11:17:35 +08:00 · 05691b732d
commit 05691b732d
parent aa1fb1b1b5
2 changed files with 4 additions and 2 deletions
--- a/lib/topic_query.rb
+++ b/lib/topic_query.rb
@ -534,7 +534,7 @@ class TopicQuery
    if type == :group
      result = result
        .includes(:allowed_users)
-        .joins("INNER JOIN topic_allowed_groups tag ON tag.topic_id = topics.id AND tag.group_id IN (SELECT id FROM groups WHERE name ilike '#{sanitize_sql_array([@options[:group_name]])}')")
+        .joins("INNER JOIN topic_allowed_groups tag ON tag.topic_id = topics.id AND tag.group_id IN (SELECT id FROM groups WHERE LOWER(name) = '#{PG::Connection.escape_string(@options[:group_name].downcase)}')")

      unless user.admin?
        result = result.joins("INNER JOIN group_users gu ON gu.group_id = tag.group_id AND gu.user_id = #{user.id.to_i}")
--- a/spec/components/topic_query_spec.rb
+++ b/spec/components/topic_query_spec.rb
@ -1090,7 +1090,9 @@ describe TopicQuery do
    end

    it 'should return the right list for an admin not part of the group' do
-      topics = TopicQuery.new(nil, group_name: group.name)
+      group.update!(name: group.name.capitalize)
+
+      topics = TopicQuery.new(nil, group_name: group.name.upcase)
        .list_private_messages_group(Fabricate(:admin))
        .topics