mirror/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-12-23 22:58:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix(adventure_view): restrict queryset to user-owned adventures only

Browse Source
This commit is contained in:
Sean Morley
2025-06-15 17:40:43 -04:00
parent da65235277
commit ced1f94473
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/server/adventures/views/adventure_view.py
View File

@@ -187,7 +187,7 @@ class AdventureViewSet(viewsets.ModelViewSet):
include_collections = request.query_params.get('include_collections', 'false') == 'true' include_collections = request.query_params.get('include_collections', 'false') == 'true'
# Build queryset with collection filtering # Build queryset with collection filtering
base_filter = Q(is_public=True) | Q(user_id=request.user.id) base_filter = Q(user_id=request.user.id)
if include_collections: if include_collections:
queryset = Adventure.objects.filter(base_filter) queryset = Adventure.objects.filter(base_filter)