From 22e96d42f3c1d2414a52f266096b74011deabbf2 Mon Sep 17 00:00:00 2001 From: Peter Amstutz Date: Fri, 5 Jun 2020 17:02:28 -0400 Subject: [PATCH] 16007: Fix typo & use query parameters Arvados-DCO-1.1-Signed-off-by: Peter Amstutz --- services/api/app/models/user.rb | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb index 747254f6c0..a2922cb7b3 100644 --- a/services/api/app/models/user.rb +++ b/services/api/app/models/user.rb @@ -121,7 +121,7 @@ class User < ArvadosModel target_owner_uuid = target.owner_uuid if target.respond_to? :owner_uuid - user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: VAL_FOR_PERM[action]} + user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: "$3"} unless ActiveRecord::Base.connection. exec_query(%{ @@ -172,9 +172,11 @@ SELECT 1 FROM #{PERMISSION_VIEW} def self.all_group_permissions all_perms = {} ActiveRecord::Base.connection. - exec_query("SELECT user_uuid, target_uuid, perm_level + exec_query(%{ +SELECT user_uuid, target_uuid, perm_level FROM #{PERMISSION_VIEW} - WHERE traverse_owned", + WHERE traverse_owned +}, # "name" arg is a query label that appears in logs: "all_group_permissions"). rows.each do |user_uuid, group_uuid, max_p_val| @@ -190,13 +192,13 @@ SELECT 1 FROM #{PERMISSION_VIEW} def group_permissions(level=1) group_perms = {} - user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: VAL_FOR_PERM[action]} + user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: "$2"} ActiveRecord::Base.connection. exec_query(%{ SELECT target_uuid, perm_level FROM #{PERMISSION_VIEW} - WHERE user_uuid = user_uuid in (#{user_uuids_subquery}) and perm_level >= $2 + WHERE user_uuid in (#{user_uuids_subquery}) and perm_level >= $2 }, # "name" arg is a query label that appears in logs: "User.group_permissions", -- 2.30.2