Commit de422e12 authored by HERBERT Ryan's avatar HERBERT Ryan
Browse files

VidjilAuth.py fix file permissions check

Resolved an issue where attempting to remove a file from a patient or
run which was attached to a patient or run that was previously deleted
could cause a server error when checking permissions
parent 92f74918
......@@ -268,10 +268,13 @@ class VidjilAuth(Auth):
if self.is_admin(user) :
return True
sample_set_list = db(db.sample_set_membership.sequence_file_id == file_id).select(db.sample_set_membership.sample_set_id)
sample_set_list = db(
(db.sample_set_membership.sequence_file_id == file_id) &
(db.sample_set.id == db.sample_set_membership.sample_set_id)
).select(db.sample_set.id)
for row in sample_set_list :
if self.can_modify_sample_set(row.sample_set_id, user=user) :
if self.can_modify_sample_set(row.id, user=user) :
return True
return False
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment