VidjilAuth.py fix file permissions check

Resolved an issue where attempting to remove a file from a patient or run which was attached to a patient or run that was previously deleted could cause a server error when checking permissions

VidjilAuth.py fix file permissions check
Resolved an issue where attempting to remove a file from a patient or run which was attached to a patient or run that was previously deleted could cause a server error when checking permissions
de422e12 · HERBERT Ryan · 92f74918 · de422e12
Commit de422e12 authored Jul 05, 2016 by HERBERT Ryan
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

server/web2py/applications/vidjil/models/VidjilAuth.py server/web2py/applications/vidjil/models/VidjilAuth.py +5 -2

No files found.
--- a/server/web2py/applications/vidjil/models/VidjilAuth.py
+++ b/server/web2py/applications/vidjil/models/VidjilAuth.py
@@ -268,10 +268,13 @@ class VidjilAuth(Auth):
        if self.is_admin(user) :
            return True
        
-        sample_set_list = db(db.sample_set_membership.sequence_file_id == file_id).select(db.sample_set_membership.sample_set_id)
+        sample_set_list = db(
+                (db.sample_set_membership.sequence_file_id == file_id) &
+                (db.sample_set.id == db.sample_set_membership.sample_set_id)
+            ).select(db.sample_set.id)
        
        for row in sample_set_list : 
-            if self.can_modify_sample_set(row.sample_set_id, user=user) :
+            if self.can_modify_sample_set(row.id, user=user) :
                return True
            
        return False