From fa364c3f2ce47ab78f970d1fa27ffe6c11d0545d Mon Sep 17 00:00:00 2001 From: Ave Date: Sun, 8 Nov 2020 01:14:17 +0300 Subject: [PATCH] Ensure that a user is actually in an org when applying policies --- src/db/models/org_policy.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/db/models/org_policy.rs b/src/db/models/org_policy.rs index 0004b04c..98b01a37 100644 --- a/src/db/models/org_policy.rs +++ b/src/db/models/org_policy.rs @@ -4,7 +4,7 @@ use crate::api::EmptyResult; use crate::db::DbConn; use crate::error::MapResult; -use super::Organization; +use super::{Organization, UserOrgStatus}; db_object! { #[derive(Debug, Identifiable, Queryable, Insertable, Associations, AsChangeset)] @@ -134,6 +134,9 @@ impl OrgPolicy { users_organizations::org_uuid.eq(org_policies::org_uuid) .and(users_organizations::user_uuid.eq(user_uuid))) ) + .filter( + users_organizations::status.eq(UserOrgStatus::Confirmed as i32) + ) .select(org_policies::all_columns) .load::(conn) .expect("Error loading org_policy")