projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
2760: Make editable? follow permissions obtained via groups/folders.
[arvados.git] / apps / workbench / app / models / arvados_base.rb
diff --git a/apps/workbench/app/models/arvados_base.rb b/apps/workbench/app/models/arvados_base.rb
index 1ad0230512318bf114e6e30de95d9dc1eb21371f..7d8603782ee252a89399aa9a184d83678d6cfdf8 100644 (file)
--- a/apps/workbench/app/models/arvados_base.rb
+++ b/apps/workbench/app/models/arvados_base.rb
@@ -293,7 +293,8 @@ class ArvadosBase < ActiveRecord::Base
     (current_user and current_user.is_active and
      (current_user.is_admin or
       current_user.uuid == self.owner_uuid or
-      new_record?))
+      new_record? or
+      (writable_by.include? current_user.uuid rescue false)))
   end
 
   def attribute_editable?(attr)
@@ -301,12 +302,10 @@ class ArvadosBase < ActiveRecord::Base
       false
     elsif not (current_user.andand.is_active)
       false
-    elsif "uuid owner_uuid".index(attr.to_s) or current_user.is_admin
+    elsif attr == 'uuid'
       current_user.is_admin
     else
-      current_user.uuid == self.owner_uuid or
-        current_user.uuid == self.uuid or
-        new_record?
+      editable?
     end
   end
 
@@ -351,6 +350,10 @@ class ArvadosBase < ActiveRecord::Base
     friendly_link_name
   end
 
+  def owner
+    ArvadosBase.find(owner_uuid) rescue nil
+  end
+
   protected
 
   def forget_uuid!