X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/e2a4e065951ea459570ae75dbe2ed4fd4b6d4bd8..c371555926e3f361497b2bb1c9531fcaf7283ed4:/services/api/app/controllers/arvados/v1/repositories_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/repositories_controller.rb b/services/api/app/controllers/arvados/v1/repositories_controller.rb
index a2c2528b90..9dff6227bc 100644
--- a/services/api/app/controllers/arvados/v1/repositories_controller.rb
+++ b/services/api/app/controllers/arvados/v1/repositories_controller.rb
@@ -1,7 +1,11 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 class Arvados::V1::RepositoriesController < ApplicationController
-  skip_before_filter :find_object_by_uuid, :only => :get_all_permissions
-  skip_before_filter :render_404_if_no_object, :only => :get_all_permissions
-  before_filter :admin_required, :only => :get_all_permissions
+  skip_before_action :find_object_by_uuid, :only => :get_all_permissions
+  skip_before_action :render_404_if_no_object, :only => :get_all_permissions
+  before_action :admin_required, :only => :get_all_permissions
 
   def get_all_permissions
     # user_aks is a map of {user_uuid => array of public keys}
@@ -42,7 +46,7 @@ class Arvados::V1::RepositoriesController < ApplicationController
           # group also has access to the repository. Access level is
           # min(group-to-repo permission, user-to-group permission).
           user_aks.each do |user_uuid, _|
-            perm_mask = all_group_permissions[user_uuid][perm.tail_uuid]
+            perm_mask = all_group_permissions[user_uuid].andand[perm.tail_uuid]
             if not perm_mask
               next
             elsif perm_mask[:manage] and perm.name == 'can_manage'