From 05c4aaf3f19a13fed0ddd6d517cfccede03e941e Mon Sep 17 00:00:00 2001
From: Matt Farnsworth <matt@perfectline.co>
Date: Mon, 14 Dec 2015 16:55:22 +0200
Subject: [PATCH] Story #105846070 - do not allow user to see other user's
 domains if their ident values have the same code

---
 app/models/registrant_user.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/models/registrant_user.rb b/app/models/registrant_user.rb
index 6fac517af..f0222b2a6 100644
--- a/app/models/registrant_user.rb
+++ b/app/models/registrant_user.rb
@@ -12,10 +12,15 @@ class RegistrantUser < User
   end
 
   def domains
-    Domain.includes(:registrar, :registrant).where(contacts: {ident: ident})
+    # TODO: move data to normal columns and drop registrant_ident
+    ident_cc, ident = @current_user.registrant_ident.split '-'
+    Domain.includes(:registrar, :registrant).where(contacts: {
+                                                       ident_type: 'priv',
+                                                       ident: ident, #identity_code,
+                                                       ident_country_code: ident_cc #country_code
+                                                   })
   end
 
-
   def to_s
     username
   end