From d8d2d75631e78e263d75d846d7b916109fbaf413 Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin <okriuchykhin@biosistemika.com> Date: Mon, 2 Apr 2018 20:48:44 +0200 Subject: [PATCH] Fix repository rows permissions [SCI-2265] --- app/controllers/repository_rows_controller.rb | 6 ++---- app/permissions/team.rb | 7 ------- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/app/controllers/repository_rows_controller.rb b/app/controllers/repository_rows_controller.rb index 775a1757a..d6a53258d 100644 --- a/app/controllers/repository_rows_controller.rb +++ b/app/controllers/repository_rows_controller.rb @@ -170,7 +170,7 @@ class RepositoryRowsController < ApplicationController if selected_params selected_params.each do |row_id| row = @repository.repository_rows.find_by_id(row_id) - if row && can_manage_repository_row?(row) + if row && can_manage_repository_rows?(@repository.team) row.destroy && deleted_count += 1 end end @@ -221,9 +221,7 @@ class RepositoryRowsController < ApplicationController end def check_manage_permissions - render_403 unless @repository.repository_rows.all? do |row| - can_manage_repository_row?(row) - end + render_403 unless can_manage_repository_rows?(@repository.team) end def record_params diff --git a/app/permissions/team.rb b/app/permissions/team.rb index a27c56585..e411e06cc 100644 --- a/app/permissions/team.rb +++ b/app/permissions/team.rb @@ -114,13 +114,6 @@ Canaid::Permissions.register_for(Repository) do end end -Canaid::Permissions.register_for(RepositoryRow) do - # repository: update/delete record - can :manage_repository_row do |user, repository_row| - can_create_repository_rows?(user, repository_row.repository.team) - end -end - Canaid::Permissions.register_for(RepositoryColumn) do # repository: update/delete field can :manage_repository_column do |user, repository_column|