X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/6603d04024c256bbaa53cb2d3764342d48124665..defb2d0579873df0006abf90ad742a85b34cfb08:/app/controllers/application_controller.rb?ds=sidebyside

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 4fda8f9419..d8fdbbca61 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -50,11 +50,15 @@ class ApplicationController < ActionController::Base
   end
 
   def index
+    uuid_list = [current_user.uuid, *current_user.groups_i_can(:read)]
+    sanitized_uuid_list = uuid_list.
+      collect { |uuid| model_class.sanitize(uuid) }.join(', ')
     @objects ||= model_class.
-      joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid=#{model_class.sanitize current_user.uuid} AND permissions.link_class='permission'").
-      where("?=? OR #{table_name}.owner=? OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
+      joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid in (#{sanitized_uuid_list}) AND permissions.link_class='permission'").
+      where("?=? OR #{table_name}.owner in (?) OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
             true, current_user.is_admin,
-            current_user.uuid, current_user.uuid)
+            uuid_list,
+            current_user.uuid)
     if params[:where]
       where = params[:where]
       where = Oj.load(where) if where.is_a?(String)