[ARVADOS] created: 49c507b0bb60e35b951e2f4946c28d7c6729ce88

git at public.curoverse.com git at public.curoverse.com
Fri Oct 3 17:42:48 EDT 2014


        at  49c507b0bb60e35b951e2f4946c28d7c6729ce88 (commit)


commit 49c507b0bb60e35b951e2f4946c28d7c6729ce88
Author: Tom Clegg <tom at curoverse.com>
Date:   Fri Oct 3 17:41:54 2014 -0400

    3687: in User#can?, consider permission links with head_uuid pointing directly at the target.

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 446a61f..2738e60 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -70,6 +70,27 @@ class User < ArvadosModel
         next if (group_permissions[target.owner_uuid] and
                  group_permissions[target.owner_uuid][action])
       end
+      sufficient_perms = case action
+                         when :manage
+                           ['can_manage']
+                         when :write
+                           ['can_manage', 'can_write']
+                         when :read
+                           ['can_manage', 'can_write', 'can_read']
+                         else
+                           # (Skip this kind of permission opportunity
+                           # if action is an unknown permission type)
+                         end
+      if sufficient_perms
+        # Check permission links with head_uuid pointing directly at
+        # the target object
+        if Link.where(link_class: 'permission',
+                      name: sufficient_perms,
+                      tail_uuid: groups_i_can(action) + [self.uuid],
+                      head_uuid: target_uuid).any?
+          return true
+        end
+      end
       return false
     end
     true

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list