mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-03-05 04:03:45 +08:00
Fix repository asset permission checks [SCI-11238]
This commit is contained in:
Martin Artnik
parent
2bb695a17f
commit
0a4ddb8038
1 changed files with 2 additions and 1 deletions
|
|
@ -453,7 +453,8 @@ class AssetsController < ApplicationController
|
|||
@asset = Asset.find_by(id: params[:id])
|
||||
return render_404 unless @asset
|
||||
|
||||
current_user.permission_team = @asset.team
|
||||
# don't overwrite permission team if asset is in a repositoy, since then sharing rules may apply and depend on user's current team
|
||||
current_user.permission_team = @asset.team unless @asset.repository_cell
|
||||
|
||||
@assoc ||= @asset.step
|
||||
@assoc ||= @asset.result
|
||||
|
|
|
|||
Loading…
Reference in a new issue