diff --git a/CHANGELOG.unreleased.md b/CHANGELOG.unreleased.md index 2f620aff16a..0582feccc2a 100644 --- a/CHANGELOG.unreleased.md +++ b/CHANGELOG.unreleased.md @@ -18,6 +18,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.released ### Changed - The warning about a mismatch between the scale of a pre-computed mesh and the dataset scale's factor now also considers all supported mags of the active segmentation layer. This reduces the false posive rate regarding this warning. [#7921](https://github.com/scalableminds/webknossos/pull/7921/) +- It is no longer allowed to edit annotations of other organizations, even if they are set to public and to others-may-edit. [#7923](https://github.com/scalableminds/webknossos/pull/7923) ### Fixed - Fixed a bug that allowed the default newly created bounding box to appear outside the dataset. In case the whole bounding box would be outside it is created regardless. [#7892](https://github.com/scalableminds/webknossos/pull/7892) diff --git a/app/models/annotation/AnnotationRestrictions.scala b/app/models/annotation/AnnotationRestrictions.scala index 4d5a27f0276..c1cc14c7b57 100755 --- a/app/models/annotation/AnnotationRestrictions.scala +++ b/app/models/annotation/AnnotationRestrictions.scala @@ -68,9 +68,13 @@ class AnnotationRestrictionDefaults @Inject()(userService: UserService)(implicit override def allowUpdate(user: Option[User]): Fox[Boolean] = for { accessAllowed <- allowAccess(user) + annotationOwner <- userService.findOneCached(annotation._user)(GlobalAccessContext) } yield user.exists { user => - (annotation._user == user._id || accessAllowed && annotation.othersMayEdit) && !(annotation.state == Finished) && !annotation.isLockedByOwner + (annotation._user == user._id || (accessAllowed && annotation.othersMayEdit)) && + !(annotation.state == Finished) && + !annotation.isLockedByOwner && + annotationOwner._organization == user._organization } override def allowFinish(userOption: Option[User]): Fox[Boolean] =