Obey permissions when retrieving object by UUID.

author Tom Clegg <tom@curoverse.com>

Tue, 14 Jan 2014 21:37:30 +0000 (13:37 -0800)

committer Tom Clegg <tom@curoverse.com>

Tue, 14 Jan 2014 21:37:30 +0000 (13:37 -0800)
author Tom Clegg <tom@curoverse.com>
Tue, 14 Jan 2014 21:37:30 +0000 (13:37 -0800)
committer Tom Clegg <tom@curoverse.com>
Tue, 14 Jan 2014 21:37:30 +0000 (13:37 -0800)
diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb

index c7cbc6065d0e32af8c9c623aad359123d8106335..708defede671ac6fc60af73fd83485fcdfd31545 100644 (file)
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -310,7 +310,9 @@ class ApplicationController < ActionController::Base
      if params[:id] and params[:id].match /\D/
        params[:uuid] = params.delete :id
      end
-    @object = model_class.where('uuid=?', params[:uuid]).first
+    @where = { uuid: params[:uuid] }
+    find_objects_for_index
+    @object = @objects.first
    end
  
    def self.accept_attribute_as_json(attr, force_class=nil)
author	Tom Clegg <tom@curoverse.com>
	Tue, 14 Jan 2014 21:37:30 +0000 (13:37 -0800)
committer	Tom Clegg <tom@curoverse.com>
	Tue, 14 Jan 2014 21:37:30 +0000 (13:37 -0800)