X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/44c95f99098fa6c6acbfa82d4b6cbc6015eb6e39..ef35a5388d60e892835309df2b46b221f8df221d:/services/api/app/models/log.rb

diff --git a/services/api/app/models/log.rb b/services/api/app/models/log.rb
index 73f143e8c3..75e1a4e402 100644
--- a/services/api/app/models/log.rb
+++ b/services/api/app/models/log.rb
@@ -60,21 +60,19 @@ class Log < ArvadosModel
   end
 
   def self.readable_by(*users_list)
+    if users_list.last.is_a? Hash
+      users_list.pop
+    end
     if users_list.select { |u| u.is_admin }.any?
       return self
     end
     user_uuids = users_list.map { |u| u.uuid }
-    uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
-    uuid_list.uniq!
-    permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:uuids))"
+
     joins("LEFT JOIN container_requests ON container_requests.container_uuid=logs.object_uuid").
-      where("logs.object_uuid IN #{permitted} OR "+
-            "container_requests.uuid IN (:uuids) OR "+
-            "container_requests.owner_uuid IN (:uuids) OR "+
-            "logs.object_uuid IN (:uuids) OR "+
-            "logs.owner_uuid IN (:uuids) OR "+
-            "logs.object_owner_uuid IN (:uuids)",
-            uuids: uuid_list)
+      where("EXISTS(SELECT target_uuid FROM #{PERMISSION_VIEW} "+
+            "WHERE user_uuid IN (:user_uuids) AND perm_level >= 1 AND "+
+            "target_uuid IN (container_requests.uuid, container_requests.owner_uuid, logs.object_uuid, logs.owner_uuid, logs.object_owner_uuid))",
+            user_uuids: user_uuids)
   end
 
   protected