From ced1f944731dc9af81a154f587d1cd45a0446ee8 Mon Sep 17 00:00:00 2001 From: Sean Morley Date: Sun, 15 Jun 2025 17:40:43 -0400 Subject: [PATCH] fix(adventure_view): restrict queryset to user-owned adventures only --- backend/server/adventures/views/adventure_view.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/server/adventures/views/adventure_view.py b/backend/server/adventures/views/adventure_view.py index 43ca0c4..b4bbfb9 100644 --- a/backend/server/adventures/views/adventure_view.py +++ b/backend/server/adventures/views/adventure_view.py @@ -187,7 +187,7 @@ class AdventureViewSet(viewsets.ModelViewSet): include_collections = request.query_params.get('include_collections', 'false') == 'true' # Build queryset with collection filtering - base_filter = Q(is_public=True) | Q(user_id=request.user.id) + base_filter = Q(user_id=request.user.id) if include_collections: queryset = Adventure.objects.filter(base_filter)