X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/e488ae9a299575bdf3d449a72e85fc65294a1390..56ed6a78103cea6223caad2add84d0c900d9d53d:/app/models/orvos_model.rb diff --git a/app/models/orvos_model.rb b/app/models/orvos_model.rb index 49f24dba36..c26ac7e0ba 100644 --- a/app/models/orvos_model.rb +++ b/app/models/orvos_model.rb @@ -20,10 +20,10 @@ class OrvosModel < ActiveRecord::Base re = col.name.match /^(.*)_kind$/ if (re and self.respond_to? re[1].to_sym and - (auuid = self.send(re[1].to_sym)) and + (auuid = self.send((re[1] + '_uuid').to_sym)) and (aclass = self.class.kind_class(self.send(col.name.to_sym))) and (aobject = aclass.where('uuid=?', auuid).first)) - self.send((re[1]+'=').to_sym, aobject) + self.instance_variable_set('@'+re[1], aobject) end end end @@ -32,19 +32,23 @@ class OrvosModel < ActiveRecord::Base def permission_to_update return false unless current_user - if self.owner_changed? and self.owner_was != current_user.uuid - return Metadatum.where(metadata_class: 'permission', - name: 'can_pillage', - tail: self.owner, - head: current_user.uuid).count > 0 + return true if current_user.is_admin + if self.owner_changed? and + self.owner_was != current_user.uuid and + 0 == Link.where(link_class: 'permission', + name: 'can_pillage', + tail_uuid: self.owner, + head_uuid: current_user.uuid).count + logger.warn "User #{current_user.uuid} tried to change owner of #{self.class.to_s} #{self.uuid} to #{self.owner}" + return false end self.owner == current_user.uuid or current_user.is_admin or current_user.uuid == self.uuid or - Metadatum.where(metadata_class: 'permission', - name: 'can_write', - tail: self.owner, - head: current_user.uuid).count > 0 + Link.where(link_class: 'permission', + name: 'can_write', + tail_uuid: self.owner, + head_uuid: current_user.uuid).count > 0 end def update_modified_by_fields