From f620a995777e66094a9ccb990aedec7c04ec81e9 Mon Sep 17 00:00:00 2001
From: Martin Artnik <martin@scinote.net>
Date: Mon, 2 Oct 2023 16:18:08 +0200
Subject: [PATCH] Fix checking asset blob permissions [SCI-9353]

---
 .../concerns/active_storage/check_blob_permissions.rb         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/concerns/active_storage/check_blob_permissions.rb b/app/controllers/concerns/active_storage/check_blob_permissions.rb
index 8e207156e..3202b32f6 100644
--- a/app/controllers/concerns/active_storage/check_blob_permissions.rb
+++ b/app/controllers/concerns/active_storage/check_blob_permissions.rb
@@ -17,6 +17,8 @@ module ActiveStorage
     end
 
     def check_attachment_read_permissions(attachment)
+      current_user.permission_team = attachment.record.team || current_team if attachment.record.respond_to?(:team)
+
       case attachment.record_type
       when 'Asset'
         check_asset_read_permissions(attachment.record)
@@ -58,8 +60,6 @@ module ActiveStorage
     def check_tinymce_asset_read_permissions(asset)
       return render_403 unless asset
 
-      current_user.permission_team = asset.team || current_team
-
       return true if asset.object.nil? && can_read_team?(asset.team)
 
       case asset.object_type