From 7e9be932f34ca56b4367238878427959bd0d707f Mon Sep 17 00:00:00 2001
From: Mojca Lorber <mlorber@biosistemika.com>
Date: Wed, 24 Jul 2019 16:01:02 +0200
Subject: [PATCH] Make scope for repositories accessible by teams and simplify
 read permission

---
 app/controllers/repositories_controller.rb |  2 +-
 app/models/repository.rb                   |  9 +++++++++
 app/permissions/repository.rb              | 10 ++--------
 app/views/repositories/_sidebar.html.erb   |  2 +-
 4 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index 5106ebd0d..1a8c9777a 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -303,7 +303,7 @@ class RepositoriesController < ApplicationController
   def load_parent_vars
     @team = current_team
     render_404 unless @team
-    @repositories = (@team.repositories + @team.shared_repositories).uniq.sort_by(&:created_at)
+    @repositories = Repository.accessible_by_teams(@team)
   end
 
   def check_team
diff --git a/app/models/repository.rb b/app/models/repository.rb
index 0198dace7..dfe1300a7 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -28,6 +28,11 @@ class Repository < ApplicationRecord
   validates :created_by, presence: true
 
   default_scope -> { kept }
+  scope :accessible_by_teams, lambda { |teams|
+    left_outer_joins(:team_repositories)
+      .where('repositories.team_id IN (?) OR team_repositories.team_id IN (?)', teams, teams)
+      .uniq.sort_by(&:created_at)
+  }
 
   def self.search(
     user,
@@ -66,6 +71,10 @@ class Repository < ApplicationRecord
     end
   end
 
+  def shared_with?(team)
+    team_repositories.where(team: team).any?
+  end
+
   def self.viewable_by_user(_user, teams)
     where(team: teams)
   end
diff --git a/app/permissions/repository.rb b/app/permissions/repository.rb
index 770a564dc..072f39f8c 100644
--- a/app/permissions/repository.rb
+++ b/app/permissions/repository.rb
@@ -3,14 +3,8 @@
 Canaid::Permissions.register_for(Repository) do
   # repository: read/export
   can :read_repository do |user, repository|
-    if user.teams.include?(repository.team)
-      user.is_member_of_team?(repository.team)
-    elsif (read_team_repo = repository
-                                .team_repositories
-                                .where(team: user.teams).take)
-      # When has some repository's relations with read permissions for at least one of user's teams.
-
-      user.is_member_of_team?(read_team_repo.team)
+    if user.teams.include?(repository.team) || repository.team_repositories.where(team: user.teams).any?
+      true
     else
       false
     end
diff --git a/app/views/repositories/_sidebar.html.erb b/app/views/repositories/_sidebar.html.erb
index 7f50339cd..071152383 100644
--- a/app/views/repositories/_sidebar.html.erb
+++ b/app/views/repositories/_sidebar.html.erb
@@ -13,7 +13,7 @@
                             data: { 'no-turbolink' => 'true' } %>
               <% end %>
 
-              <% if repository.team_repositories.where(team: current_team).any? %>
+              <% if repository.shared_with?(current_team) %>
                 <i class="fas fa-user-friends"></i>
               <% end %>
             </span>