projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
4253: Merge Repository permission requirements of #4253 and #5416.
[arvados.git] / services / api / app / models / repository.rb
diff --git a/services/api/app/models/repository.rb b/services/api/app/models/repository.rb
index 5bc467c9204caeb445b55131941f5fccd723fb10..0cab4dcf8760641b95f7eb8f3c5dfa2b05d11018 100644 (file)
--- a/services/api/app/models/repository.rb
+++ b/services/api/app/models/repository.rb
@@ -47,14 +47,15 @@ class Repository < ArvadosModel
   protected
 
   def permission_to_update
-    return false if not current_user
-    return true if current_user.is_admin
-    # For normal objects, this is a way to check whether you have
-    # write permission. Repositories should be brought closer to the
-    # normal permission model during #4253. Meanwhile, we'll
-    # special-case this so arv-git-httpd can detect write permission:
-    return super if changed_attributes.keys - ['modified_at', 'updated_at'] == []
-    false
+    if not super
+      false
+    elsif current_user.is_admin
+      true
+    elsif name_changed?
+      current_user.uuid == owner_uuid
+    else
+      true
+    end
   end
 
   def owner