X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0eb72b526bf8bbb011551ecf019f604e17a534f1..29afa4d9270a8ca0ea7d9756589170b718135465:/services/api/app/controllers/arvados/v1/repositories_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/repositories_controller.rb b/services/api/app/controllers/arvados/v1/repositories_controller.rb
index a28cee2254..9dff6227bc 100644
--- a/services/api/app/controllers/arvados/v1/repositories_controller.rb
+++ b/services/api/app/controllers/arvados/v1/repositories_controller.rb
@@ -3,9 +3,9 @@
 # SPDX-License-Identifier: AGPL-3.0
 
 class Arvados::V1::RepositoriesController < ApplicationController
-  skip_before_filter :find_object_by_uuid, :only => :get_all_permissions
-  skip_before_filter :render_404_if_no_object, :only => :get_all_permissions
-  before_filter :admin_required, :only => :get_all_permissions
+  skip_before_action :find_object_by_uuid, :only => :get_all_permissions
+  skip_before_action :render_404_if_no_object, :only => :get_all_permissions
+  before_action :admin_required, :only => :get_all_permissions
 
   def get_all_permissions
     # user_aks is a map of {user_uuid => array of public keys}
@@ -46,7 +46,7 @@ class Arvados::V1::RepositoriesController < ApplicationController
           # group also has access to the repository. Access level is
           # min(group-to-repo permission, user-to-group permission).
           user_aks.each do |user_uuid, _|
-            perm_mask = all_group_permissions[user_uuid][perm.tail_uuid]
+            perm_mask = all_group_permissions[user_uuid].andand[perm.tail_uuid]
             if not perm_mask
               next
             elsif perm_mask[:manage] and perm.name == 'can_manage'