From 4c7c7ccdf1816d2c2f789dad30b9e843a7ad4ebb Mon Sep 17 00:00:00 2001 From: Mojca Lorber Date: Fri, 26 Jul 2019 15:41:23 +0200 Subject: [PATCH] Add ability to browse through shared inventories to smart annotations --- app/controllers/at_who_controller.rb | 3 +-- app/services/smart_annotations/permission_eval.rb | 7 +++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/app/controllers/at_who_controller.rb b/app/controllers/at_who_controller.rb index 37d166827..387d62de8 100644 --- a/app/controllers/at_who_controller.rb +++ b/app/controllers/at_who_controller.rb @@ -51,8 +51,7 @@ class AtWhoController < ApplicationController end def repositories - repositories = - @team.repositories.limit(Rails.configuration.x.repositories_limit) + repositories = Repository.accessible_by_teams(@team) respond_to do |format| format.json do render json: { diff --git a/app/services/smart_annotations/permission_eval.rb b/app/services/smart_annotations/permission_eval.rb index f53ce8b27..58f30c7ee 100644 --- a/app/services/smart_annotations/permission_eval.rb +++ b/app/services/smart_annotations/permission_eval.rb @@ -26,7 +26,8 @@ module SmartAnnotations def validate_rep_item_permissions(user, team, object) if object.repository - return object.repository.team.id == team.id && + return (object.repository.team.id == team.id || + object.repository.team_repositories.where(team_id: team.id).take[:team_id] == team.id) && can_read_repository?(user, object.repository) end @@ -35,7 +36,9 @@ module SmartAnnotations # evaluate to false if repository not found return false unless repository - repository.team.id == team && can_read_repository?(user, repository) + (repository.team.id == team.id || + repository.team_repositories.where(team_id: team.id).take[:team_id] == team.id) && + can_read_repository?(user, repository) end end end