projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 10a5150)
use old owner, not new owner, when checking permission to change attributes
authorTom Clegg <tom@clinicalfuture.com>
Thu, 7 Feb 2013 19:57:44 +0000 (14:57 -0500)
committerTom Clegg <tom@clinicalfuture.com>
Thu, 7 Feb 2013 19:57:44 +0000 (14:57 -0500)
app/models/orvos_model.rb patch | blob | history

diff --git a/app/models/orvos_model.rb b/app/models/orvos_model.rb
index 99a273c79406894a1b229e5624e7030c7d588feb..f9bc59d2bed0c160b5ea81509f54a3547670a77e 100644 (file)
--- a/app/models/orvos_model.rb
+++ b/app/models/orvos_model.rb
@@ -57,21 +57,21 @@ class OrvosModel < ActiveRecord::Base
         self.owner_was != current_user.uuid and
         0 == Link.where(link_class: 'permission',
                         name: 'can_pillage',
-                        tail_uuid: self.owner,
+                        tail_uuid: self.owner_was,
                         head_uuid: current_user.uuid).count
       logger.warn "User #{current_user.uuid} tried to change owner of #{self.class.to_s} #{self.uuid} to #{self.owner}"
       return false
     end
-    if self.owner == current_user.uuid or
+    if self.owner_was == current_user.uuid or
       current_user.is_admin or
       current_user.uuid == self.uuid or
       Link.where(link_class: 'permission',
                  name: 'can_write',
-                 tail_uuid: self.owner,
+                 tail_uuid: self.owner_was,
                  head_uuid: current_user.uuid).count > 0
       return true
     else
-      logger.warn "User #{current_user.uuid} tried to modify #{self.class.to_s} #{self.uuid} but does not can_write permission and owner is #{self.owner}"
+      logger.warn "User #{current_user.uuid} tried to modify #{self.class.to_s} #{self.uuid} but does not have can_write permission and owner is #{self.owner_was}"
       return false
     end
   end