From 4a206414681380ce516674f440dfa4183b915a97 Mon Sep 17 00:00:00 2001
From: Karel Picman <karel.picman@kontron.com>
Date: Fri, 4 Apr 2014 15:13:38 +0200
Subject: [PATCH] Wrong authorization in case of global approval workflows

---
 app/controllers/dmsf_workflows_controller.rb | 17 ++++++++++++-----
 app/views/dmsf_workflows/new.html.erb        |  2 +-
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/app/controllers/dmsf_workflows_controller.rb b/app/controllers/dmsf_workflows_controller.rb
index a95fed73..c08331cc 100644
--- a/app/controllers/dmsf_workflows_controller.rb
+++ b/app/controllers/dmsf_workflows_controller.rb
@@ -335,12 +335,19 @@ class DmsfWorkflowsController < ApplicationController
 private    
 
   def find_project    
-    if @dmsf_workflow && @dmsf_workflow.project
-      @project = @dmsf_workflow.project
-    elsif params[:project_id].present?
-       @project = Project.find_by_id params[:project_id]
+    if @dmsf_workflow
+      if @dmsf_workflow.project # Project workflow
+        @project = @dmsf_workflow.project
+      else # Global workflow
+        revision = DmsfFileRevision.find_by_id params[:dmsf_file_revision_id]
+        @project = revision.project if revision
+      end
     else
-      @project = Project.find_by_identifier params[:id]
+      if params[:project_id].present?
+        @project = Project.find_by_id params[:project_id]
+      else
+        @project = Project.find_by_identifier params[:id]
+      end
     end    
   end
   
diff --git a/app/views/dmsf_workflows/new.html.erb b/app/views/dmsf_workflows/new.html.erb
index 5b5ab230..c7b59a9d 100644
--- a/app/views/dmsf_workflows/new.html.erb
+++ b/app/views/dmsf_workflows/new.html.erb
@@ -24,7 +24,7 @@
 <% end %>
 
 <%= labelled_form_for @dmsf_workflow do |f| %>
-  <%= error_messages_for 'workflow' %>
+  <%= error_messages_for 'dmsf_workflow' %>
   <div class="box tabular">
     <p><%= f.label :label_dmsf_workflow_name %><%= text_field_tag :name %></p>
     <% if project %>