From df7aa59f6f232dd5bc344603f70491fb4e27c6e4 Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete.matsy@gmail.com>
Date: Thu, 15 Feb 2024 11:13:05 +0200
Subject: [PATCH] allow to clone templates to linked accounts

---
 app/controllers/templates_controller.rb | 6 +++++-
 app/views/templates/new.html.erb        | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/controllers/templates_controller.rb b/app/controllers/templates_controller.rb
index 41c8c7d4..5e47d331 100644
--- a/app/controllers/templates_controller.rb
+++ b/app/controllers/templates_controller.rb
@@ -51,7 +51,7 @@ class TemplatesController < ApplicationController
       @template.folder = TemplateFolders.find_or_create_by_name(current_user, params[:folder_name])
     end
 
-    if params[:account_id].present? && current_account.linked_accounts.exists?(id: params[:account_id])
+    if params[:account_id].present? && authorized_clone_account_id?(params[:account_id])
       @template.account_id = params[:account_id]
       @template.folder = @template.account.default_template_folder
     else
@@ -86,6 +86,10 @@ class TemplatesController < ApplicationController
 
   private
 
+  def authorized_clone_account_id?(account_id)
+    true_user.account_id.to_s == account_id.to_s || true_user.account.linked_accounts.exists?(id: account_id)
+  end
+
   def maybe_redirect_to_template(template)
     if template.account == current_account
       redirect_to(edit_template_path(@template))
diff --git a/app/views/templates/new.html.erb b/app/views/templates/new.html.erb
index d65222b2..b5aa62b8 100644
--- a/app/views/templates/new.html.erb
+++ b/app/views/templates/new.html.erb
@@ -17,9 +17,9 @@
         </a>
       </folder-autocomplete>
     </div>
-    <% if @base_template && can?(:manage, :tenants) && current_account.account_linked_accounts.exists?(account_type: :linked) %>
+    <% if @base_template && (can?(:manage, :tenants) || true_user != current_user) && true_user.account.account_linked_accounts.exists?(account_type: :linked) %>
       <div class="form-control mb-4">
-        <%= select_tag :account_id, options_for_select([current_account, *current_account.linked_accounts.where.not(id: current_account.testing_accounts)].map { |e| [e.name, e.id] }, current_account.id), required: true, class: 'base-select' %>
+        <%= select_tag :account_id, options_for_select([true_user.account, *true_user.account.linked_accounts.where.not(id: true_user.account.testing_accounts)].map { |e| [e.name, e.id] }, current_account.id), required: true, class: 'base-select' %>
       </div>
     <% end %>
     <div class="form-control">