do not render attributes of non-owned objects with x-editable

author Tom Clegg <tom@clinicalfuture.com>

Mon, 10 Jun 2013 00:46:32 +0000 (20:46 -0400)

committer Tom Clegg <tom@clinicalfuture.com>

Mon, 10 Jun 2013 00:46:32 +0000 (20:46 -0400)
author Tom Clegg <tom@clinicalfuture.com>
Mon, 10 Jun 2013 00:46:32 +0000 (20:46 -0400)
committer Tom Clegg <tom@clinicalfuture.com>
Mon, 10 Jun 2013 00:46:32 +0000 (20:46 -0400)
diff --git a/apps/workbench/app/models/arvados_base.rb b/apps/workbench/app/models/arvados_base.rb

index baceae968540a8da20fa6c9dc0ee580a85ef0d6e..172c91d4bc00a3eb7aca6dda2d2e6b3aa813ef28 100644 (file)
--- a/apps/workbench/app/models/arvados_base.rb
+++ b/apps/workbench/app/models/arvados_base.rb
@@ -216,7 +216,7 @@ class ArvadosBase < ActiveRecord::Base
      elsif "uuid owner".index(attr.to_s)
        current_user and current_user.is_admin
      else
-      true
+      current_user and current_user.uuid == owner
      end
    end
author	Tom Clegg <tom@clinicalfuture.com>
	Mon, 10 Jun 2013 00:46:32 +0000 (20:46 -0400)
committer	Tom Clegg <tom@clinicalfuture.com>
	Mon, 10 Jun 2013 00:46:32 +0000 (20:46 -0400)