+
+ def name_link_has_valid_name
+ if link_class == 'name'
+ unless name.is_a? String and !name.empty?
+ errors.add('name', 'must be a non-empty string')
+ end
+ else
+ true
+ end
+ end
+
+ def name_link_owner_is_tail
+ if link_class == 'name'
+ self.owner_uuid = tail_uuid
+ ensure_owner_uuid_is_permitted
+ end
+ end
+
+ # A user is permitted to create, update or modify a permission link
+ # if and only if they have "manage" permission on the destination
+ # object.
+ # All other links are treated as regular ArvadosModel objects.
+ #
+ def ensure_owner_uuid_is_permitted
+ if link_class == 'permission'
+ ob = ArvadosModel.find_by_uuid(head_uuid)
+ raise PermissionDeniedError unless current_user.can?(manage: ob)
+ # All permission links should be owned by the system user.
+ self.owner_uuid = system_user_uuid
+ return true
+ else
+ super
+ end
+ end
+
+ # A user can give all other users permissions on folders.
+ def skip_uuid_read_permission_check
+ skipped_attrs = super
+ if link_class == "permission" and
+ (ArvadosModel.resource_class_for_uuid(head_uuid) == Group) and
+ (ArvadosModel.resource_class_for_uuid(tail_uuid) == User)
+ skipped_attrs << "tail_uuid"
+ end
+ skipped_attrs
+ end