projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' into 2640-folder-api
[arvados.git] / services / api / app / models / arvados_model.rb
diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index 1dcd9e2e82d8c2041158322f6a4b5ce7545203f9..9c7fe2b7192dbc0eea643ee579f671d916c4c6a4 100644 (file)
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -89,7 +89,7 @@ class ArvadosModel < ActiveRecord::Base
       # to this row, or to the owner of this row (see join() below).
       sql_conds += ["#{table_name}.owner_uuid in (?)",
                     "#{table_name}.uuid in (?)",
-                    "permissions.head_uuid IS NOT NULL"]
+                    "uuid IN (SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (#{sanitized_uuid_list}))"]
       sql_params += [uuid_list, user_uuids]
 
       if self == Link and users_list.any?
@@ -115,15 +115,11 @@ class ArvadosModel < ActiveRecord::Base
       # user (the identity with authorization to read)
       #
       # Link class is 'permission' ('write' and 'manage' implicitly include 'read')
-
-      joins("LEFT JOIN links permissions ON permissions.head_uuid in (#{table_name}.owner_uuid, #{table_name}.uuid #{or_object_uuid}) AND permissions.tail_uuid in (#{sanitized_uuid_list}) AND permissions.link_class='permission'")
-        .where(sql_conds.join(' OR '), *sql_params).uniq
-
+      where(sql_conds.join(' OR '), *sql_params)
     else
       # At least one user is admin, so don't bother to apply any restrictions.
       self
     end
-
   end
 
   def logged_attributes