scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-09-20 14:45:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix checking asset blob permissions [SCI-9353]

Browse source
This commit is contained in:
Martin Artnik 2023-10-02 16:18:08 +02:00
parent 20be895938
commit f620a99577
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/concerns/active_storage/check_blob_permissions.rb
View file

@ -17,6 +17,8 @@ module ActiveStorage
end
def check_attachment_read_permissions(attachment)
current_user.permission_team = attachment.record.team || current_team if attachment.record.respond_to?(:team)
case attachment.record_type
when 'Asset'
check_asset_read_permissions(attachment.record)
@ -58,8 +60,6 @@ module ActiveStorage
def check_tinymce_asset_read_permissions(asset)
return render_403 unless asset
current_user.permission_team = asset.team || current_team
return true if asset.object.nil? && can_read_team?(asset.team)
case asset.object_type