end
def index
+ uuid_list = [current_user.uuid, *current_user.groups_i_can(:read)]
+ sanitized_uuid_list = uuid_list.
+ collect { |uuid| model_class.sanitize(uuid) }.join(', ')
@objects ||= model_class.
- joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid=#{model_class.sanitize current_user.uuid} AND permissions.link_class='permission'").
- where("?=? OR #{table_name}.owner=? OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
+ joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid in (#{sanitized_uuid_list}) AND permissions.link_class='permission'").
+ where("?=? OR #{table_name}.owner in (?) OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
true, current_user.is_admin,
- current_user.uuid, current_user.uuid)
+ uuid_list,
+ current_user.uuid)
if params[:where]
where = params[:where]
where = Oj.load(where) if where.is_a?(String)