Repository access permission fixes [SCI-12145]

app/controllers/access_permissions/base_controller.rb

@@ -139,7 +139,7 @@ module AccessPermissions
     end
 
     def load_available_users
-      @available_users = current_team.users.where.not(id: @model.user_assignments.select(:user_id)).order(users: { full_name: :asc })
+      @available_users = current_team.users.where.not(id: @model.user_assignments.where(team: current_team).select(:user_id)).order(users: { full_name: :asc })
     end
 
     def propagate_job(destroy: false)

app/models/concerns/shareable.rb

@@ -29,6 +29,8 @@ module Shareable
     scope :viewable_by_user, lambda { |user, teams = user.current_team|
       readable_ids = if permission_class == StorageLocation
                        readable_by_user(user).where(team: teams).pluck(:id)
+                     elsif teams.permission_granted?(user, TeamPermissions::MANAGE)
+                       where(team: teams).pluck(:id)
                      else
                        with_granted_permissions(user, "#{permission_class.name}Permissions::READ".constantize, teams).pluck(:id)
                      end

app/permissions/repository.rb

@@ -8,7 +8,8 @@ Canaid::Permissions.register_for(RepositoryBase) do
       # If original repository is deleted, snapshot ownership should be transferred to task
       (!original_repository || original_repository.permission_granted?(user, RepositoryPermissions::READ)) && can_read_my_module?(user, repository.my_module)
     else
-      repository.can_manage_shared?(user) ||
+      repository.team.permission_granted?(user, TeamPermissions::MANAGE) ||
+        repository.can_manage_shared?(user) ||
         repository.permission_granted?(user, RepositoryPermissions::READ)
     end
   end
@@ -132,7 +133,8 @@ Canaid::Permissions.register_for(Repository) do
   end
 
   can :manage_repository_users do |user, repository|
-    repository.can_manage_shared?(user) ||
+    repository.team.permission_granted?(user, TeamPermissions::MANAGE) ||
+      repository.can_manage_shared?(user) ||
       repository.permission_granted?(user, RepositoryPermissions::USERS_MANAGE)
   end
 end

app/serializers/lists/repository_serializer.rb

@@ -18,7 +18,7 @@ module Lists
     end
 
     def team
-      current_user.current_team.name
+      object.team.name
     end
 
     def created_at
@@ -38,7 +38,7 @@ module Lists
     end
 
     def assigned_users
-      users = object.user_assignments.map do |ua|
+      users = object.user_assignments.where(team: current_user.current_team).map do |ua|
         {
           avatar: avatar_path(ua.user, :icon_small),
           full_name: ua.user_name_with_role

app/services/toolbars/repositories_service.rb

@@ -10,7 +10,7 @@ module Toolbars
     def initialize(current_user, current_team, repository_ids: [])
       @current_user = current_user
       @current_team = current_team
-      @repositories = Repository.readable_by_user(current_user)
+      @repositories = Repository.viewable_by_user(current_user)
                                 .where(id: repository_ids)
                                 .distinct
       @repository = @repositories.first

config/locales/en.yml

@@ -2342,6 +2342,8 @@ en:
         notification:
           error:
             title: "Your Inventories export failed. Please contact support."
+      table:
+        access: "Access"
     show:
       name: "Name"
       archived_inventory_items: "%{repository_name} archived items"