From ca9846bdc2383725001c09af2e25f0a0136ab401 Mon Sep 17 00:00:00 2001
From: Ryan Herbert <rya.herb@gmail.com>
Date: Mon, 19 Oct 2020 13:13:25 +0000
Subject: [PATCH] single query permissions

use auth.vidjil_accessible_query to include permissions
---
 server/web2py/applications/vidjil/models/sample_set_list.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/web2py/applications/vidjil/models/sample_set_list.py b/server/web2py/applications/vidjil/models/sample_set_list.py
index 8c8061625..a36ec1ebd 100644
--- a/server/web2py/applications/vidjil/models/sample_set_list.py
+++ b/server/web2py/applications/vidjil/models/sample_set_list.py
@@ -42,7 +42,8 @@ class SampleSetList():
             groupby = [s_table.id, s_table.sample_set_id, s_table.name, s_table.info, db.auth_user.last_name],
 
         self.result = db(
-            (s_table.sample_set_id > 0) &
+            (auth.vidjil_accessible_query('read', db.sample_set)) &
+            (s_table.sample_set_id == db.sample_set.id) &
             (s_table.creator == db.auth_user.id)
         ).select(
             s_table.id.with_alias('id'),
-- 
GitLab