From 652dc7001e59a5831103d973da1919c94d909bce Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@student.hpi.de>
Date: Wed, 15 May 2019 17:39:12 +0200
Subject: [PATCH] Use scoped view for StudyPolicy to prevent leaking other
 groups

---
 app/controllers/study_groups_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/study_groups_controller.rb b/app/controllers/study_groups_controller.rb
index 965fab4d..ff5493b4 100644
--- a/app/controllers/study_groups_controller.rb
+++ b/app/controllers/study_groups_controller.rb
@@ -4,7 +4,7 @@ class StudyGroupsController < ApplicationController
   before_action :set_group, only: MEMBER_ACTIONS
 
   def index
-    @search = StudyGroup.ransack(params[:q])
+    @search = policy_scope(StudyGroup).ransack(params[:q])
     @study_groups = @search.result.includes(:consumer).order(:name).paginate(page: params[:page])
     authorize!
   end