From: Peter Amstutz Date: Fri, 5 Jun 2020 21:02:28 +0000 (-0400) Subject: 16007: Fix typo & use query parameters X-Git-Tag: 2.1.0~193^2~5 X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/22e96d42f3c1d2414a52f266096b74011deabbf2?hp=1a599ec69ad8d533da1f12ad5d2c5789aa1c14e2 16007: Fix typo & use query parameters Arvados-DCO-1.1-Signed-off-by: Peter Amstutz --- diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb index 747254f6c0..a2922cb7b3 100644 --- a/services/api/app/models/user.rb +++ b/services/api/app/models/user.rb @@ -121,7 +121,7 @@ class User < ArvadosModel target_owner_uuid = target.owner_uuid if target.respond_to? :owner_uuid - user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: VAL_FOR_PERM[action]} + user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: "$3"} unless ActiveRecord::Base.connection. exec_query(%{ @@ -172,9 +172,11 @@ SELECT 1 FROM #{PERMISSION_VIEW} def self.all_group_permissions all_perms = {} ActiveRecord::Base.connection. - exec_query("SELECT user_uuid, target_uuid, perm_level + exec_query(%{ +SELECT user_uuid, target_uuid, perm_level FROM #{PERMISSION_VIEW} - WHERE traverse_owned", + WHERE traverse_owned +}, # "name" arg is a query label that appears in logs: "all_group_permissions"). rows.each do |user_uuid, group_uuid, max_p_val| @@ -190,13 +192,13 @@ SELECT 1 FROM #{PERMISSION_VIEW} def group_permissions(level=1) group_perms = {} - user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: VAL_FOR_PERM[action]} + user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: "$2"} ActiveRecord::Base.connection. exec_query(%{ SELECT target_uuid, perm_level FROM #{PERMISSION_VIEW} - WHERE user_uuid = user_uuid in (#{user_uuids_subquery}) and perm_level >= $2 + WHERE user_uuid in (#{user_uuids_subquery}) and perm_level >= $2 }, # "name" arg is a query label that appears in logs: "User.group_permissions",