X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/c2074d3e54a4288f56317bd5bbe721af4c8511f3..017aeb6d0fd9ffde498ea94208667356e3585e80:/app/models/orvos_model.rb diff --git a/app/models/orvos_model.rb b/app/models/orvos_model.rb index adaaf35c8e..271b8fd2ba 100644 --- a/app/models/orvos_model.rb +++ b/app/models/orvos_model.rb @@ -54,25 +54,22 @@ class OrvosModel < ActiveRecord::Base return false end return true if current_user.is_admin - if self.owner_changed? and - self.owner_was != current_user.uuid and - 0 == Link.where(link_class: 'permission', - name: 'can_pillage', - tail_uuid: self.owner_was, - head_uuid: current_user.uuid).count - logger.warn "User #{current_user.uuid} tried to change owner of #{self.class.to_s} #{self.uuid} to #{self.owner}" - return false + if self.owner_changed? + if current_user.uuid == self.owner or + current_user.can? write: self.owner + # current_user is, or has :write permission on, the new owner + else + logger.warn "User #{current_user.uuid} tried to change owner of #{self.class.to_s} #{self.uuid} to #{self.owner} but does not have permission to write to #{self.owner}" + return false + end end - if self.owner_was == current_user.uuid or - current_user.is_admin or - current_user.uuid == self.uuid or - Link.where(link_class: 'permission', - name: 'can_write', - tail_uuid: self.owner_was, - head_uuid: current_user.uuid).count > 0 + if current_user.uuid == self.owner_was or + current_user.uuid == self.uuid or + current_user.can? write: self.owner_was + # current user is, or has :write permission on, the previous owner return true else - logger.warn "User #{current_user.uuid} tried to modify #{self.class.to_s} #{self.uuid} but does not have can_write permission and owner is #{self.owner_was}" + logger.warn "User #{current_user.uuid} tried to modify #{self.class.to_s} #{self.uuid} but does not have permission to write #{self.owner_was}" return false end end