Only allow checking of own subscriptions
This commit is contained in:
parent
2417354b31
commit
48c7beb54e
|
@ -14,7 +14,7 @@ class Ajax::WebPushController < AjaxController
|
||||||
def check
|
def check
|
||||||
params.permit(:endpoint)
|
params.permit(:endpoint)
|
||||||
|
|
||||||
found = WebPushSubscription.where("subscription ->> 'endpoint' = ?", params[:endpoint]).first
|
found = current_user.web_push_subscriptions.where("subscription ->> 'endpoint' = ?", params[:endpoint]).first
|
||||||
|
|
||||||
@response[:status] = if found
|
@response[:status] = if found
|
||||||
if found.failures >= 3
|
if found.failures >= 3
|
||||||
|
|
Loading…
Reference in New Issue