From faed0500c78eba084364cdd6da46c38867893e68 Mon Sep 17 00:00:00 2001
From: zmagod <zmago_devetak@yahoo.com>
Date: Thu, 8 Sep 2016 09:23:29 +0200
Subject: [PATCH] set move and clone permissions to also validate the user on
 the organizational level [fixes SCI-372]

---
 app/helpers/permission_helper.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/helpers/permission_helper.rb b/app/helpers/permission_helper.rb
index 93941d8fb..8f31ac072 100644
--- a/app/helpers/permission_helper.rb
+++ b/app/helpers/permission_helper.rb
@@ -351,8 +351,6 @@ module PermissionHelper
 
   def can_view_experiment_actions(experiment)
     can_edit_experiment(experiment) &&
-      can_clone_experiment(experiment) &&
-      can_move_experiment(experiment) &&
       can_archive_experiment(experiment)
   end
 
@@ -385,11 +383,13 @@ module PermissionHelper
   end
 
   def can_clone_experiment(experiment)
-    is_user_or_higher_of_project(experiment.project)
+    is_user_or_higher_of_project(experiment.project) &&
+      is_normal_user_or_admin_of_organization(experiment.project.organization)
   end
 
   def can_move_experiment(experiment)
-    is_user_or_higher_of_project(experiment.project)
+    is_user_or_higher_of_project(experiment.project) &&
+      is_normal_user_or_admin_of_organization(experiment.project.organization)
   end
   # ---- WORKFLOW PERMISSIONS ----