[ARVADOS] updated: 1.3.0-2618-g22e96d42f

Git user git at public.arvados.org
Fri Jun 5 21:06:16 UTC 2020 

Summary of changes:
 services/api/app/models/user.rb | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

       via  22e96d42f3c1d2414a52f266096b74011deabbf2 (commit)
      from  1a599ec69ad8d533da1f12ad5d2c5789aa1c14e2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 22e96d42f3c1d2414a52f266096b74011deabbf2
Author: Peter Amstutz <peter.amstutz at curii.com>
Date:   Fri Jun 5 17:02:28 2020 -0400

    16007: Fix typo & use query parameters
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index 747254f6c..a2922cb7b 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -121,7 +121,7 @@ class User < ArvadosModel
 
       target_owner_uuid = target.owner_uuid if target.respond_to? :owner_uuid
 
-      user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: VAL_FOR_PERM[action]}
+      user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: "$3"}
 
       unless ActiveRecord::Base.connection.
         exec_query(%{
@@ -172,9 +172,11 @@ SELECT 1 FROM #{PERMISSION_VIEW}
   def self.all_group_permissions
     all_perms = {}
     ActiveRecord::Base.connection.
-      exec_query("SELECT user_uuid, target_uuid, perm_level
+      exec_query(%{
+SELECT user_uuid, target_uuid, perm_level
                   FROM #{PERMISSION_VIEW}
-                  WHERE traverse_owned",
+                  WHERE traverse_owned
+},
                   # "name" arg is a query label that appears in logs:
                  "all_group_permissions").
       rows.each do |user_uuid, group_uuid, max_p_val|
@@ -190,13 +192,13 @@ SELECT 1 FROM #{PERMISSION_VIEW}
   def group_permissions(level=1)
     group_perms = {}
 
-    user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: VAL_FOR_PERM[action]}
+    user_uuids_subquery = USER_UUIDS_SUBQUERY_TEMPLATE % {user: "$1", perm_level: "$2"}
 
     ActiveRecord::Base.connection.
       exec_query(%{
 SELECT target_uuid, perm_level
   FROM #{PERMISSION_VIEW}
-  WHERE user_uuid = user_uuid in (#{user_uuids_subquery}) and perm_level >= $2
+  WHERE user_uuid in (#{user_uuids_subquery}) and perm_level >= $2
 },
                   # "name" arg is a query label that appears in logs:
                   "User.group_permissions",

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list