[ARVADOS] created: 49c507b0bb60e35b951e2f4946c28d7c6729ce88
git at public.curoverse.com
git at public.curoverse.com
Fri Oct 3 17:42:48 EDT 2014
at 49c507b0bb60e35b951e2f4946c28d7c6729ce88 (commit)
commit 49c507b0bb60e35b951e2f4946c28d7c6729ce88
Author: Tom Clegg <tom at curoverse.com>
Date: Fri Oct 3 17:41:54 2014 -0400
3687: in User#can?, consider permission links with head_uuid pointing directly at the target.
diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 446a61f..2738e60 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -70,6 +70,27 @@ class User < ArvadosModel
next if (group_permissions[target.owner_uuid] and
group_permissions[target.owner_uuid][action])
end
+ sufficient_perms = case action
+ when :manage
+ ['can_manage']
+ when :write
+ ['can_manage', 'can_write']
+ when :read
+ ['can_manage', 'can_write', 'can_read']
+ else
+ # (Skip this kind of permission opportunity
+ # if action is an unknown permission type)
+ end
+ if sufficient_perms
+ # Check permission links with head_uuid pointing directly at
+ # the target object
+ if Link.where(link_class: 'permission',
+ name: sufficient_perms,
+ tail_uuid: groups_i_can(action) + [self.uuid],
+ head_uuid: target_uuid).any?
+ return true
+ end
+ end
return false
end
true
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list