Improve hadling of unaccessible inventories in snapshot versions sidebar [SCI-7577]

2025-09-24 05:55:53 +08:00 · 2022-12-13 16:12:08 +01:00 · 2022-12-13 16:12:08 +01:00 · 9900b62e03
commit 9900b62e03
parent ff6471ce14
3 changed files with 5 additions and 10 deletions
--- a/app/controllers/my_module_repository_snapshots_controller.rb
+++ b/app/controllers/my_module_repository_snapshots_controller.rb
@ -71,12 +71,7 @@ class MyModuleRepositorySnapshotsController < ApplicationController
  end

  def full_view_sidebar
-    @repository = Repository.find_by(id: params[:repository_id])
-
-    if @repository
-      return render_403 unless can_read_repository?(@repository)
-    end
-
+    @repository = Repository.viewable_by_user(current_user, current_team).find_by(id: params[:repository_id])
    @repository_snapshots = @my_module.repository_snapshots
                                      .where(parent_id: params[:repository_id])
                                      .order(created_at: :desc)
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@ -170,8 +170,8 @@ class Repository < RepositoryBase
    team_shared_objects.where(team: team, permission_level: :shared_write).any?
  end

-  def self.viewable_by_user(_user, teams)
-    accessible_by_teams(teams)
+  def self.viewable_by_user(user, teams)
+    accessible_by_teams(teams).with_granted_permissions(user, RepositoryPermissions::READ)
  end

  def self.name_like(query)
--- a/app/permissions/repository.rb
+++ b/app/permissions/repository.rb
@ -4,9 +4,9 @@ Canaid::Permissions.register_for(RepositoryBase) do
  # repository: read/export
  can :read_repository do |user, repository|
    if repository.is_a?(RepositorySnapshot)
-      user.teams.include?(repository.team)
+      can_read_my_module?(user, repository.my_module)
    else
-      user.teams.include?(repository.team) || repository.shared_with?(user.current_team)
+      repository.permission_granted?(user, RepositoryPermissions::READ)
    end
  end
 end