From 0c039ee64fbd377ed2742222a9818680e5c1f16b Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Thu, 26 Sep 2024 22:12:58 +0300 Subject: [PATCH] fix tempalte clone roles --- app/controllers/templates_controller.rb | 3 ++- app/views/templates/new.html.erb | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/controllers/templates_controller.rb b/app/controllers/templates_controller.rb index 253eede8..d2f2c9c1 100644 --- a/app/controllers/templates_controller.rb +++ b/app/controllers/templates_controller.rb @@ -116,7 +116,8 @@ class TemplatesController < ApplicationController end def authorized_clone_account_id?(account_id) - true_user.account_id.to_s == account_id.to_s || true_user.account.linked_accounts.exists?(id: account_id) + true_user.account_id.to_s == account_id.to_s || + true_user.account.linked_accounts.accessible_by(current_ability).exists?(id: account_id) end def maybe_redirect_to_template(template) diff --git a/app/views/templates/new.html.erb b/app/views/templates/new.html.erb index c3c51d06..073a62b7 100644 --- a/app/views/templates/new.html.erb +++ b/app/views/templates/new.html.erb @@ -3,9 +3,9 @@ <% if @base_template %> <%= hidden_field_tag :base_template_id, @base_template.id %> <% end %> - <% if @base_template && (can?(:manage, :tenants) || true_user != current_user) && true_user.account.linked_accounts.active.exists? %> + <% if @base_template && (can?(:manage, :tenants) || true_user != current_user) && true_user.account.linked_accounts.active.accessible_by(current_ability).exists? %>
- <%= select_tag :account_id, options_for_select([true_user.account, *true_user.account.linked_accounts.active].uniq.map { |e| [e.name, e.id] }, current_account.id), required: true, class: 'base-select' %> + <%= select_tag :account_id, options_for_select([true_user.account, *true_user.account.linked_accounts.active.accessible_by(current_ability)].uniq.map { |e| [e.name, e.id] }, current_account.id), required: true, class: 'base-select' %>
<% end %>