From 55520e2aa70a94b697210bfae9f4097ce04a02a1 Mon Sep 17 00:00:00 2001
From: François Schmidts <francois.schmidts@gmail.com>
Date: Wed, 22 Apr 2015 18:50:54 +0200
Subject: enforcing better user of user_id in controllers

thus enhancing rights limitations between users
wider_controller are a way to say "I was the maximum rights my role
allows me"
---
 pyaggr3g470r/controllers/article.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'pyaggr3g470r/controllers/article.py')

diff --git a/pyaggr3g470r/controllers/article.py b/pyaggr3g470r/controllers/article.py
index bcd73e99..d22911bd 100644
--- a/pyaggr3g470r/controllers/article.py
+++ b/pyaggr3g470r/controllers/article.py
@@ -23,6 +23,6 @@ class ArticleController(AbstractController):
 
     def get_unread(self):
         return dict(db.session.query(Article.feed_id, func.count(Article.id))
-                       .filter(Article.readed == False,
-                               Article.user_id == self.user_id)
+                       .filter(*self._to_filters(readed=False,
+                                                 user_id=self.user_id))
                        .group_by(Article.feed_id).all())
-- 
cgit