projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix ownership-change permission check
[arvados.git] / app / models / orvos_model.rb
diff --git a/app/models/orvos_model.rb b/app/models/orvos_model.rb
index 49f24dba3677f2236131d335f8d68522fde71a67..bdd27a67c31584a2c736b5eb0522bb63ef585ebc 100644 (file)
--- a/app/models/orvos_model.rb
+++ b/app/models/orvos_model.rb
@@ -32,11 +32,13 @@ class OrvosModel < ActiveRecord::Base
 
   def permission_to_update
     return false unless current_user
-    if self.owner_changed? and self.owner_was != current_user.uuid
-      return Metadatum.where(metadata_class: 'permission',
+    if self.owner_changed? and
+        self.owner_was != current_user.uuid and
+        0 == Metadatum.where(metadata_class: 'permission',
                              name: 'can_pillage',
                              tail: self.owner,
-                             head: current_user.uuid).count > 0
+                             head: current_user.uuid).count
+      return false
     end
     self.owner == current_user.uuid or
       current_user.is_admin or