Merge pull request #340 from af83/5950_allow_user_to_see_ccset_from_other_organisation

Refs #5950 Fix 404 error when user wants to see CCSet from other orga…

3 files changed, 15 insertions, 8 deletions

diff --git a/app/controllers/compliance_control_sets_controller.rb b/app/controllers/compliance_control_sets_controller.rb
index 8f9251155..6461b38c8 100644
--- a/app/controllers/compliance_control_sets_controller.rb
+++ b/app/controllers/compliance_control_sets_controller.rb
@@ -36,11 +36,15 @@ class ComplianceControlSetsController < ChouetteController
   private
 
   def collection
-    scope = self.ransack_period_range(scope: ComplianceControlSet.all, error_message: t('imports.filters.error_period_filter'), query: :where_updated_at_between)
-    @q_for_form = scope.ransack(params[:q])
-    compliance_control_sets = @q_for_form.result
-    compliance_control_sets = joins_with_associated_objects(compliance_control_sets).order(sort_column + ' ' + sort_direction) if sort_column && sort_direction
-    @compliance_control_sets = compliance_control_sets.paginate(page: params[:page], per_page: 30)
+    @compliance_control_sets ||= begin
+      scope = end_of_association_chain.all
+      scope = self.ransack_period_range(scope: scope, error_message: t('imports.filters.error_period_filter'), query: :where_updated_at_between)
+      @q_for_form = scope.ransack(params[:q])
+      compliance_control_sets = @q_for_form.result
+      compliance_control_sets = joins_with_associated_objects(compliance_control_sets).order(sort_column + ' ' + sort_direction) if sort_column && sort_direction
+      compliance_control_sets = compliance_control_sets.paginate(page: params[:page], per_page: 30)
+    end
+
   end
 
   def decorate_compliance_control_sets(compliance_control_sets)
@@ -82,9 +86,9 @@ class ComplianceControlSetsController < ChouetteController
     case params[:sort]
       when 'owner_jdc'
         collection.joins("LEFT JOIN organisations ON compliance_control_sets.organisation_id = organisations.id")
-      when 'control_numbers' 
+      when 'control_numbers'
         collection.joins("LEFT JOIN compliance_controls ON compliance_controls.compliance_control_set_id = compliance_control_sets.id").group(:id)
-      else 
+      else
         collection
     end
   end
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index c44937c9e..33d88660c 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -95,7 +95,6 @@ class ApplicationPolicy
     referential.try(:organisation_id) || record.try(:organisation_id)
   end
 
-
   #
   #  Helpers
   #  -------
diff --git a/app/policies/compliance_control_set_policy.rb b/app/policies/compliance_control_set_policy.rb
index 011f6c0c7..55507ffd9 100644
--- a/app/policies/compliance_control_set_policy.rb
+++ b/app/policies/compliance_control_set_policy.rb
@@ -5,6 +5,10 @@ class ComplianceControlSetPolicy < ApplicationPolicy
     end
   end
 
+  def show?
+    organisation_match?
+  end
+
   def destroy?
     user.has_permission?('compliance_control_sets.destroy')
   end