X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/02377152d7e368b6b73b2a94ceb68c99f9d55959..3bd5f6c3f353059c15eeea51b16b2fdee694d504:/services/api/app/models/arvados_model.rb

diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb
index 1dcd9e2e82..9c7fe2b719 100644
--- a/services/api/app/models/arvados_model.rb
+++ b/services/api/app/models/arvados_model.rb
@@ -89,7 +89,7 @@ class ArvadosModel < ActiveRecord::Base
       # to this row, or to the owner of this row (see join() below).
       sql_conds += ["#{table_name}.owner_uuid in (?)",
                     "#{table_name}.uuid in (?)",
-                    "permissions.head_uuid IS NOT NULL"]
+                    "uuid IN (SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (#{sanitized_uuid_list}))"]
       sql_params += [uuid_list, user_uuids]
 
       if self == Link and users_list.any?
@@ -115,15 +115,11 @@ class ArvadosModel < ActiveRecord::Base
       # user (the identity with authorization to read)
       #
       # Link class is 'permission' ('write' and 'manage' implicitly include 'read')
-
-      joins("LEFT JOIN links permissions ON permissions.head_uuid in (#{table_name}.owner_uuid, #{table_name}.uuid #{or_object_uuid}) AND permissions.tail_uuid in (#{sanitized_uuid_list}) AND permissions.link_class='permission'")
-        .where(sql_conds.join(' OR '), *sql_params).uniq
-
+      where(sql_conds.join(' OR '), *sql_params)
     else
       # At least one user is admin, so don't bother to apply any restrictions.
       self
     end
-
   end
 
   def logged_attributes