- if params[:where] and params[:where].is_a? Hash
- if params[:where][:head_kind]
- params[:filters] ||= []
- params[:filters] << ['head_uuid', 'is_a', params[:where][:head_kind]]
- params[:where].delete :head_kind
+ protected
+
+ def find_object_by_uuid
+ if action_name == 'get_permissions'
+ # get_permissions accepts a UUID for any kind of object.
+ @object = ArvadosModel::resource_class_for_uuid(params[:uuid])
+ .readable_by(*@read_users)
+ .where(uuid: params[:uuid])
+ .first
+ else
+ super
+ if @object.nil?
+ # Normally group permission links are not readable_by users.
+ # Make an exception for users with permission to manage the group.
+ # FIXME: Solve this more generally - see the controller tests.
+ link = Link.find_by_uuid(params[:uuid])
+ if (not link.nil?) and
+ (link.link_class == "permission") and
+ (@read_users.any? { |u| u.can?(manage: link.head_uuid) })
+ @object = link
+ end