Allow users to access annotations of other users (if they know the li…

…nk) (#3348)

* Allow users to access annotations of other users (if they know the link)

* update changelog

CHANGELOG.md

@@ -19,6 +19,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.md).
 - The UI for editing experience domains of users was improved. [#3254](https://github.com/scalableminds/webknossos/pull/3254)
 - The tracing layout was changed to be more compact. [#3256](https://github.com/scalableminds/webknossos/pull/3256)
 - It is no longer possible to draw outside of a viewport with the brush tool in volume tracing. [#3283](https://github.com/scalableminds/webknossos/pull/3283)
+- Users can now access the annotations of other users (of the same organization) given the link, even if they are non-public. [#3348](https://github.com/scalableminds/webknossos/pull/3348)
 
 ### Fixed
 

app/models/annotation/AnnotationRestrictions.scala

@@ -1,5 +1,6 @@
 package models.annotation
 
+import com.scalableminds.util.accesscontext.GlobalAccessContext
 import com.scalableminds.util.tools.{Fox, FoxImplicits}
 import javax.inject.Inject
 import models.user.{User, UserService}
@@ -55,9 +56,9 @@ class AnnotationRestrictionDefaults @Inject()(userService: UserService) extends
         else
           (for {
             user <- option2Fox(userOption)
-            isTeamManagerOrAdminOfTeam <- userService.isTeamManagerOrAdminOf(user, annotation._team)
+            owner <- userService.findOneById(annotation._user, true)(GlobalAccessContext)
           } yield {
-            annotation._user == user._id || isTeamManagerOrAdminOfTeam
+            owner._organization == user._organization
           }).orElse(Fox.successful(false))
       }