diff --git a/app/controllers/my_module_repository_snapshots_controller.rb b/app/controllers/my_module_repository_snapshots_controller.rb index 1159fc48a..0bce20eb6 100644 --- a/app/controllers/my_module_repository_snapshots_controller.rb +++ b/app/controllers/my_module_repository_snapshots_controller.rb @@ -71,12 +71,7 @@ class MyModuleRepositorySnapshotsController < ApplicationController end def full_view_sidebar - @repository = Repository.find_by(id: params[:repository_id]) - - if @repository - return render_403 unless can_read_repository?(@repository) - end - + @repository = Repository.viewable_by_user(current_user, current_team).find_by(id: params[:repository_id]) @repository_snapshots = @my_module.repository_snapshots .where(parent_id: params[:repository_id]) .order(created_at: :desc) diff --git a/app/models/repository.rb b/app/models/repository.rb index 1503ddaac..551d0cbca 100644 --- a/app/models/repository.rb +++ b/app/models/repository.rb @@ -170,8 +170,8 @@ class Repository < RepositoryBase team_shared_objects.where(team: team, permission_level: :shared_write).any? end - def self.viewable_by_user(_user, teams) - accessible_by_teams(teams) + def self.viewable_by_user(user, teams) + accessible_by_teams(teams).with_granted_permissions(user, RepositoryPermissions::READ) end def self.name_like(query) diff --git a/app/permissions/repository.rb b/app/permissions/repository.rb index e50857783..68ae1c042 100644 --- a/app/permissions/repository.rb +++ b/app/permissions/repository.rb @@ -4,9 +4,9 @@ Canaid::Permissions.register_for(RepositoryBase) do # repository: read/export can :read_repository do |user, repository| if repository.is_a?(RepositorySnapshot) - user.teams.include?(repository.team) + can_read_my_module?(user, repository.my_module) else - user.teams.include?(repository.team) || repository.shared_with?(user.current_team) + repository.permission_granted?(user, RepositoryPermissions::READ) end end end