fix ownership-change permission check

author Tom Clegg <tom@clinicalfuture.com>

Fri, 25 Jan 2013 23:11:18 +0000 (15:11 -0800)

committer Tom Clegg <tom@clinicalfuture.com>

Fri, 25 Jan 2013 23:11:18 +0000 (15:11 -0800)
author Tom Clegg <tom@clinicalfuture.com>
Fri, 25 Jan 2013 23:11:18 +0000 (15:11 -0800)
committer Tom Clegg <tom@clinicalfuture.com>
Fri, 25 Jan 2013 23:11:18 +0000 (15:11 -0800)
diff --git a/app/models/orvos_model.rb b/app/models/orvos_model.rb

index 49f24dba3677f2236131d335f8d68522fde71a67..bdd27a67c31584a2c736b5eb0522bb63ef585ebc 100644 (file)
--- a/app/models/orvos_model.rb
+++ b/app/models/orvos_model.rb
@@ -32,11 +32,13 @@ class OrvosModel < ActiveRecord::Base
  
    def permission_to_update
      return false unless current_user
-    if self.owner_changed? and self.owner_was != current_user.uuid
-      return Metadatum.where(metadata_class: 'permission',
+    if self.owner_changed? and
+        self.owner_was != current_user.uuid and
+        0 == Metadatum.where(metadata_class: 'permission',
                               name: 'can_pillage',
                               tail: self.owner,
-                             head: current_user.uuid).count > 0
+                             head: current_user.uuid).count
+      return false
      end
      self.owner == current_user.uuid or
        current_user.is_admin or
author	Tom Clegg <tom@clinicalfuture.com>
	Fri, 25 Jan 2013 23:11:18 +0000 (15:11 -0800)
committer	Tom Clegg <tom@clinicalfuture.com>
	Fri, 25 Jan 2013 23:11:18 +0000 (15:11 -0800)