projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch '18773-check-image-id' refs #18773
[arvados.git] / services / api / app / models / arvados_model.rb
diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index 374c6720f60a790970f9391a3ab14642357814f3..1c842c48d6bf1d283ae08608dc242967b0cc2b56 100644 (file)
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -384,6 +384,14 @@ class ArvadosModel < ApplicationRecord
         direct_check = " OR " + direct_check
       end
 
+      if Rails.configuration.Users.RoleGroupsVisibleToAll &&
+         sql_table == "groups" &&
+         users_list.select { |u| u.is_active }.any?
+        # All role groups are readable (but we still need the other
+        # direct_check clauses to handle non-role groups).
+        direct_check += " OR #{sql_table}.group_class = 'role'"
+      end
+
       links_cond = ""
       if sql_table == "links"
         # 1) Match permission links incoming or outgoing on the