- # For admins, only filter on "trashed"
- # sql_conds += ["#{sql_table}.uuid in (SELECT target_uuid
- # FROM permission_view
- # WHERE trashed in (:include_trashed)
- # GROUP BY user_uuid, target_uuid)"]
-
- # if self.column_names.include? 'owner_uuid'
- # sql_conds[0] += "AND #{sql_table}.owner_uuid in (SELECT target_uuid
- # FROM permission_view
- # WHERE trashed in (:include_trashed)
- # GROUP BY user_uuid, target_uuid)"
- # end
- return where({})
- else
- # Match any object (evidently a group or user) whose UUID is
- # listed explicitly in user_uuids.
- sql_conds += ["#{sql_table}.uuid in (:user_uuids)"]
-
- # Match any object whose owner is listed explicitly in
- # user_uuids.
- sql_conds += ["#{sql_table}.owner_uuid IN (:user_uuids)"]
-
- # At least read permission from user_uuid to target_uuid of object
- sql_conds += ["#{sql_table}.uuid in (SELECT target_uuid
- FROM permission_view
- WHERE user_uuid in (:user_uuids) and perm_level >= 1 and trashed = (:include_trashed)
- GROUP BY user_uuid, target_uuid)"]
-
- if self.column_names.include? 'owner_uuid'
- # At least read permission from user_uuid to target_uuid that owns object
- sql_conds += ["#{sql_table}.owner_uuid in (SELECT target_uuid
- FROM permission_view
- WHERE user_uuid in (:user_uuids) and
- target_owner_uuid IS NOT NULL and
- perm_level >= 1 and trashed = (:include_trashed)
- GROUP BY user_uuid, target_uuid)"]
+ if !include_trash
+ if sql_table != "api_client_authorizations"
+ # Exclude rows where the owner is trashed
+ sql_conds.push "NOT EXISTS(SELECT 1 "+
+ "FROM #{PERMISSION_VIEW} "+
+ "WHERE trashed = 1 AND "+
+ "(#{sql_table}.owner_uuid = target_uuid)) "+
+ exclude_trashed_records
+ end