- trash_clause = if !include_trash then "trashed = 0 AND" else "" end
-
- # Can read object (evidently a group or user) whose UUID is listed
- # explicitly in user_uuids.
- sql_conds += ["#{sql_table}.uuid IN (:user_uuids)"]
-
- direct_permission_check = "EXISTS(SELECT 1 FROM permission_view
- WHERE user_uuid IN (:user_uuids) AND perm_level >= 1 AND #{trash_clause}
- (#{sql_table}.uuid = target_uuid))"
-
- if self.column_names.include? "owner_uuid"
- # if an explicit permission row exists for the uuid in question, apply
- # the "direct_permission_check"
- # if not, check for permission to read the owner instead
- sql_conds += ["CASE
- WHEN EXISTS(select 1 FROM permission_view where target_uuid = #{sql_table}.uuid)
- THEN #{direct_permission_check}
- ELSE EXISTS(SELECT 1 FROM permission_view
- WHERE user_uuid IN (:user_uuids) AND perm_level >= 1 AND #{trash_clause}
- (#{sql_table}.owner_uuid = target_uuid AND target_owner_uuid is NOT NULL))
- END"]
- # Can also read if one of the users is the owner of the object.
- trash_clause = if !include_trash
- "1 NOT IN (SELECT trashed
- FROM permission_view
- WHERE #{sql_table}.uuid = target_uuid) AND"
- else
- ""
- end
- sql_conds += ["(#{trash_clause} #{sql_table}.owner_uuid IN (:user_uuids))"]
- else
- sql_conds += [direct_permission_check]