diff --git a/app/models/project.rb b/app/models/project.rb index 66762756b..6bbc3b05c 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -95,10 +95,14 @@ class Project < ApplicationRecord # Admins see all projects in the team # Member of the projects can view # If project is visible everyone from the team can view it + owner_role = UserRole.find_predefined_owner_role projects = Project.where(team: teams) - .left_outer_joins(team: :user_teams) - .left_outer_joins(user_assignments: :user_role) - projects.where('projects.visibility = 1 OR (user_teams.user_id = ? AND user_teams.role = 2)', user) + .left_outer_joins(:team, user_assignments: :user_role) + .joins("LEFT OUTER JOIN user_assignments team_user_assignments "\ + "ON team_user_assignments.assignable_type = 'Team' "\ + "AND team_user_assignments.assignable_id = team.id") + projects.where(visibility: visibilities[:visible]) + .or(projects.where(team: { team_user_assignments: { user_id: user, user_role_id: owner_role } })) .or(projects.with_granted_permissions(user, ProjectPermissions::READ)) .distinct end diff --git a/app/models/user_role.rb b/app/models/user_role.rb index 6974e00e6..a443de076 100644 --- a/app/models/user_role.rb +++ b/app/models/user_role.rb @@ -49,6 +49,10 @@ class UserRole < ApplicationRecord ) end + def self.find_predefined_owner_role + predefined.find_by(name: UserRole.public_send('owner_role').name) + end + def owner? name == I18n.t('user_roles.predefined.owner') end diff --git a/app/permissions/team.rb b/app/permissions/team.rb index b66cac222..e1a1c6925 100644 --- a/app/permissions/team.rb +++ b/app/permissions/team.rb @@ -63,7 +63,7 @@ end Canaid::Permissions.register_for(ProjectFolder) do # ProjectFolder: delete can :delete_project_folder do |user, project_folder| - can_manage_team?(user, team) && + can_manage_team?(user, project_folder.team) && project_folder.projects.none? && project_folder.project_folders.none? end