Only allow checking of own subscriptions

This commit is contained in:
Karina Kwiatek 2023-01-01 22:07:02 +01:00
parent 2417354b31
commit 48c7beb54e
1 changed files with 1 additions and 1 deletions

View File

@ -14,7 +14,7 @@ class Ajax::WebPushController < AjaxController
def check def check
params.permit(:endpoint) params.permit(:endpoint)
found = WebPushSubscription.where("subscription ->> 'endpoint' = ?", params[:endpoint]).first found = current_user.web_push_subscriptions.where("subscription ->> 'endpoint' = ?", params[:endpoint]).first
@response[:status] = if found @response[:status] = if found
if found.failures >= 3 if found.failures >= 3