Merge pull request #4500 from okriuchykhin/ok_SCI_7293

Fix project visibility for team admins [SCI-7293]

app/models/project.rb

@@ -95,10 +95,14 @@ class Project < ApplicationRecord
     # Admins see all projects in the team
     # Member of the projects can view
     # If project is visible everyone from the team can view it
+    owner_role = UserRole.find_predefined_owner_role
     projects = Project.where(team: teams)
-                      .left_outer_joins(team: :user_teams)
-                      .left_outer_joins(user_assignments: :user_role)
-    projects.where('projects.visibility = 1 OR (user_teams.user_id = ? AND user_teams.role = 2)', user)
+                      .left_outer_joins(:team, user_assignments: :user_role)
+                      .joins("LEFT OUTER JOIN user_assignments team_user_assignments "\
+                             "ON team_user_assignments.assignable_type = 'Team' "\
+                             "AND team_user_assignments.assignable_id = team.id")
+    projects.where(visibility: visibilities[:visible])
+            .or(projects.where(team: { team_user_assignments: { user_id: user, user_role_id: owner_role } }))
             .or(projects.with_granted_permissions(user, ProjectPermissions::READ))
             .distinct
   end

app/models/user_role.rb

@@ -49,6 +49,10 @@ class UserRole < ApplicationRecord
     )
   end
 
+  def self.find_predefined_owner_role
+    predefined.find_by(name: UserRole.public_send('owner_role').name)
+  end
+
   def owner?
     name == I18n.t('user_roles.predefined.owner')
   end

app/permissions/team.rb

@@ -63,7 +63,7 @@ end
 Canaid::Permissions.register_for(ProjectFolder) do
   # ProjectFolder: delete
   can :delete_project_folder do |user, project_folder|
-    can_manage_team?(user, team) &&
+    can_manage_team?(user, project_folder.team) &&
       project_folder.projects.none? &&
       project_folder.project_folders.none?
   end