File view permissions issue

#1434
2023-03-23 10:54:09 +01:00 · 2023-03-23 10:54:09 +01:00 · 2b73e59c8f
commit 2b73e59c8f
parent 3d42e71f1a
2 changed files with 4 additions and 3 deletions
--- a/app/controllers/dmsf_files_controller.rb
+++ b/app/controllers/dmsf_files_controller.rb
@ -43,7 +43,7 @@ class DmsfFilesController < ApplicationController

  def permissions
    if @file
-      render_403 unless DmsfFolder.permissions?(@file.dmsf_folder)
+      render_403 unless DmsfFolder.permissions?(@file.dmsf_folder, true, true)
    end
    true
  end
--- a/app/models/dmsf_folder.rb
+++ b/app/models/dmsf_folder.rb
@ -107,11 +107,12 @@ class DmsfFolder < ActiveRecord::Base
    true
  end

-  def self.permissions?(folder, allow_system = true)
+  def self.permissions?(folder, allow_system = true, file = false)
    # Administrator?
    return true if (User.current&.admin? || folder.nil?)
    # Permissions to the project?
-    return false unless User.current&.allowed_to?(:view_dmsf_folders, folder.project)
+    # If file is true we work just with the file and not viewing the folder
+    return false unless file || User.current&.allowed_to?(:view_dmsf_folders, folder.project)
    # System folder?
    if folder && folder.system
      return false unless allow_system || User.current.allowed_to?(:display_system_folders, folder.project)