3687: in User#can?, consider permission links with head_uuid pointing directly at...

author Tom Clegg <tom@curoverse.com>

Fri, 3 Oct 2014 21:41:54 +0000 (17:41 -0400)

committer Tom Clegg <tom@curoverse.com>

Fri, 3 Oct 2014 21:41:54 +0000 (17:41 -0400)
author Tom Clegg <tom@curoverse.com>
Fri, 3 Oct 2014 21:41:54 +0000 (17:41 -0400)
committer Tom Clegg <tom@curoverse.com>
Fri, 3 Oct 2014 21:41:54 +0000 (17:41 -0400)
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb

index 446a61f255761f5ff37eb6e3a895def86c477cde..2738e6070f36b845e5e438e0541be72e3f0522e7 100644 (file)
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -70,6 +70,27 @@ class User < ArvadosModel
          next if (group_permissions[target.owner_uuid] and
                   group_permissions[target.owner_uuid][action])
        end
+      sufficient_perms = case action
+                         when :manage
+                           ['can_manage']
+                         when :write
+                           ['can_manage', 'can_write']
+                         when :read
+                           ['can_manage', 'can_write', 'can_read']
+                         else
+                           # (Skip this kind of permission opportunity
+                           # if action is an unknown permission type)
+                         end
+      if sufficient_perms
+        # Check permission links with head_uuid pointing directly at
+        # the target object
+        if Link.where(link_class: 'permission',
+                      name: sufficient_perms,
+                      tail_uuid: groups_i_can(action) + [self.uuid],
+                      head_uuid: target_uuid).any?
+          return true
+        end
+      end
        return false
      end
      true
author	Tom Clegg <tom@curoverse.com>
	Fri, 3 Oct 2014 21:41:54 +0000 (17:41 -0400)
committer	Tom Clegg <tom@curoverse.com>
	Fri, 3 Oct 2014 21:41:54 +0000 (17:41 -0400)