projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
relocate permissions code, use resulting :read permissions in #index. refs #1415
[arvados.git] / app / controllers / application_controller.rb
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 4fda8f941931d32cf9d8797c66760d25571eadee..d8fdbbca61d5476051d8ebaad812345530efe0f1 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -50,11 +50,15 @@ class ApplicationController < ActionController::Base
   end
 
   def index
+    uuid_list = [current_user.uuid, *current_user.groups_i_can(:read)]
+    sanitized_uuid_list = uuid_list.
+      collect { |uuid| model_class.sanitize(uuid) }.join(', ')
     @objects ||= model_class.
-      joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid=#{model_class.sanitize current_user.uuid} AND permissions.link_class='permission'").
-      where("?=? OR #{table_name}.owner=? OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
+      joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid in (#{sanitized_uuid_list}) AND permissions.link_class='permission'").
+      where("?=? OR #{table_name}.owner in (?) OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
             true, current_user.is_admin,
-            current_user.uuid, current_user.uuid)
+            uuid_list,
+            current_user.uuid)
     if params[:where]
       where = params[:where]
       where = Oj.load(where) if where.is_a?(String)