Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-07-19 12:59:36 +02:00
Code Issues Releases Activity

fix(adventure_view): restrict queryset to user-owned adventures only

Browse source
This commit is contained in:
Sean Morley 2025-06-15 17:40:43 -04:00
parent da65235277
commit ced1f94473
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
backend/server/adventures/views/adventure_view.py
View file

@ -187,7 +187,7 @@ class AdventureViewSet(viewsets.ModelViewSet):
include_collections = request.query_params.get('include_collections', 'false') == 'true' include_collections = request.query_params.get('include_collections', 'false') == 'true'
# Build queryset with collection filtering # Build queryset with collection filtering
base_filter = Q(is_public=True) | Q(user_id=request.user.id) base_filter = Q(user_id=request.user.id)
if include_collections: if include_collections:
queryset = Adventure.objects.filter(base_filter) queryset = Adventure.objects.filter(base_filter)