From 45efc9a43a8391989b926b516ee83e70131cc186 Mon Sep 17 00:00:00 2001
From: aignatov-bio <aignatov@biosistemika.com>
Date: Thu, 12 Nov 2020 13:21:47 +0100
Subject: [PATCH] Remove skip asset permission check for wopi creation

---
 app/controllers/assets_controller.rb | 6 +++---
 app/controllers/wopi_controller.rb   | 4 +---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/app/controllers/assets_controller.rb b/app/controllers/assets_controller.rb
index af44ef7c0..05fe68420 100644
--- a/app/controllers/assets_controller.rb
+++ b/app/controllers/assets_controller.rb
@@ -17,7 +17,7 @@ class AssetsController < ApplicationController
   helper_method :wopi_file_edit_button_status
 
   before_action :load_vars, except: :create_wopi_file
-  before_action :check_read_permission, except: %i(edit destroy)
+  before_action :check_read_permission, except: %i(edit destroy create_wopi_file)
   before_action :check_edit_permission, only: %i(edit destroy)
 
   def file_preview
@@ -204,11 +204,11 @@ class AssetsController < ApplicationController
   end
 
   def check_read_permission
-    render_403 unless can_read_asset?(@asset)
+    render_403 and return unless can_read_asset?(@asset)
   end
 
   def check_edit_permission
-    render_403 unless can_manage_asset?(@asset)
+    render_403 and return unless can_manage_asset?(@asset)
   end
 
   def append_wd_params(url)
diff --git a/app/controllers/wopi_controller.rb b/app/controllers/wopi_controller.rb
index bc04e7411..b0e4d811e 100644
--- a/app/controllers/wopi_controller.rb
+++ b/app/controllers/wopi_controller.rb
@@ -1,6 +1,4 @@
-# frozen_string_literal: true
-
-class WopiController < ApplicationController
+class WopiController < ActionController::Base
   include WopiUtil
 
   skip_before_action :verify_authenticity_token