Merge pull request #1977 from urbanrotnik/ur-sci-3761-unable-to-access-shared-inventory

Fix for inventory-sharing [SCI-3761]
2025-11-04 12:07:23 +08:00 · 2019-08-12 13:47:10 +02:00 · 2019-08-12 13:47:10 +02:00 · c213f2fe2a
commit c213f2fe2a
parent b1dba8013a dc4751e49a
4 changed files with 10 additions and 8 deletions
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@ -304,7 +304,7 @@ class RepositoriesController < ApplicationController

  def load_vars
    repository_id = params[:id] || params[:repository_id]
-    @repository = current_team.repositories.find_by_id(repository_id)
+    @repository = Repository.accessible_by_teams(current_team).find_by_id(repository_id)
    render_404 unless @repository
  end

--- a/app/controllers/repository_columns_controller.rb
+++ b/app/controllers/repository_columns_controller.rb
@ -173,14 +173,14 @@ class RepositoryColumnsController < ApplicationController
  AvailableRepositoryColumn = Struct.new(:id, :name)

  def load_vars
-    @repository = current_team.repositories.find_by_id(params[:repository_id])
+    @repository = Repository.accessible_by_teams(current_team).find_by_id(params[:repository_id])
    render_404 unless @repository
    @repository_column = @repository.repository_columns.find_by_id(params[:id])
    render_404 unless @repository_column
  end

  def load_vars_nested
-    @repository = current_team.repositories.find_by_id(params[:repository_id])
+    @repository = Repository.accessible_by_teams(current_team).find_by_id(params[:repository_id])
    render_404 unless @repository
  end

--- a/app/controllers/repository_rows_controller.rb
+++ b/app/controllers/repository_rows_controller.rb
@ -348,9 +348,10 @@ class RepositoryRowsController < ApplicationController
  end

  def load_vars
-    @repository = current_team.repositories
-                              .eager_load(:repository_columns)
-                              .find_by_id(params[:repository_id])
+    @repository = Repository.accessible_by_teams(current_team)
+                            .eager_load(:repository_columns)
+                            .find_by_id(params[:repository_id])
+
    @record = @repository.repository_rows
                         .eager_load(:repository_columns)
                         .find_by_id(params[:id])
@ -358,7 +359,7 @@ class RepositoryRowsController < ApplicationController
  end

  def load_repository
-    @repository = current_team.repositories.find_by_id(params[:repository_id])
+    @repository = Repository.accessible_by_teams(current_team).find_by_id(params[:repository_id])
    render_404 unless @repository
    render_403 unless can_read_repository?(@repository)
  end
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@ -31,7 +31,8 @@ class Repository < ApplicationRecord
  scope :accessible_by_teams, lambda { |teams|
    left_outer_joins(:team_repositories)
      .where('repositories.team_id IN (?) OR team_repositories.team_id IN (?)', teams, teams)
-      .uniq.sort_by(&:created_at)
+      .distinct
+      .order(:created_at)
  }

  def self.search(