Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <ldipentima@veritasgenetics.com>
# Administrators can grant permissions
return true if current_user.is_admin
- # All users can grant permissions on objects they own or can manage
head_obj = ArvadosModel.find_by_uuid(head_uuid)
+
+ # No permission links can be pointed to past collection versions
+ return false if head_obj.is_a?(Collection) && head_obj.current_version_uuid != head_uuid
+
+ # All users can grant permissions on objects they own or can manage
return true if current_user.can?(manage: head_obj)
# Default = deny.
updated_at: 2015-02-09T10:53:38Z
manifest_text: ". 4c6c2c0ac8aa0696edd7316a3be5ca3c+5 0:5:w\\040\\141\\040z\n"
name: "\"w a z\" file"
+ version: 2
+
+w_a_z_file_version_1:
+ uuid: zzzzz-4zz18-25k12570yk1ver1
+ current_version_uuid: zzzzz-4zz18-25k12570yk134b3
+ portable_data_hash: 8706aadd12a0ebc07d74cae88762ba9e+56
+ owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ created_at: 2015-02-09T10:53:38Z
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ modified_at: 2015-02-09T10:53:38Z
+ updated_at: 2015-02-09T10:53:38Z
+ manifest_text: ". 4c6c2c0ac8aa0696edd7316a3be5ca3c+5 0:5:w\\040\\141\\040z\n"
+ name: "waz file"
+ version: 1
multilevel_collection_1:
uuid: zzzzz-4zz18-pyw8yp9g3pr7irn
test "link granting project permissions to unreadable user is invalid" do
refute new_active_link_valid?(tail_uuid: users(:admin).uuid)
end
+
+ test "permission link can't exist on past collection versions" do
+ refute new_active_link_valid?(tail_uuid: groups(:public).uuid,
+ head_uuid: collections(:w_a_z_file_version_1).uuid)
+ end
end
projects / arvados.git / commitdiff