From d8d2d75631e78e263d75d846d7b916109fbaf413 Mon Sep 17 00:00:00 2001
From: Oleksii Kriuchykhin <okriuchykhin@biosistemika.com>
Date: Mon, 2 Apr 2018 20:48:44 +0200
Subject: [PATCH] Fix repository rows permissions [SCI-2265]

---
 app/controllers/repository_rows_controller.rb | 6 ++----
 app/permissions/team.rb                       | 7 -------
 2 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/app/controllers/repository_rows_controller.rb b/app/controllers/repository_rows_controller.rb
index 775a1757a..d6a53258d 100644
--- a/app/controllers/repository_rows_controller.rb
+++ b/app/controllers/repository_rows_controller.rb
@@ -170,7 +170,7 @@ class RepositoryRowsController < ApplicationController
     if selected_params
       selected_params.each do |row_id|
         row = @repository.repository_rows.find_by_id(row_id)
-        if row && can_manage_repository_row?(row)
+        if row && can_manage_repository_rows?(@repository.team)
           row.destroy && deleted_count += 1
         end
       end
@@ -221,9 +221,7 @@ class RepositoryRowsController < ApplicationController
   end
 
   def check_manage_permissions
-    render_403 unless @repository.repository_rows.all? do |row|
-      can_manage_repository_row?(row)
-    end
+    render_403 unless can_manage_repository_rows?(@repository.team)
   end
 
   def record_params
diff --git a/app/permissions/team.rb b/app/permissions/team.rb
index a27c56585..e411e06cc 100644
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@@ -114,13 +114,6 @@ Canaid::Permissions.register_for(Repository) do
   end
 end
 
-Canaid::Permissions.register_for(RepositoryRow) do
-  # repository: update/delete record
-  can :manage_repository_row do |user, repository_row|
-    can_create_repository_rows?(user, repository_row.repository.team)
-  end
-end
-
 Canaid::Permissions.register_for(RepositoryColumn) do
   # repository: update/delete field
   can :manage_repository_column do |user, repository_column|