From b3c708458d2077d2cafdfc5b4101fecf79144028 Mon Sep 17 00:00:00 2001
From: Allen Gilliland <agilliland@gmail.com>
Date: Tue, 2 Jun 2015 19:06:21 -0700
Subject: [PATCH] we want >= rather than <= on our read perms check.

---
 src/metabase/models/common.clj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/metabase/models/common.clj b/src/metabase/models/common.clj
index 20b34c06ecf..93c47e80a33 100644
--- a/src/metabase/models/common.clj
+++ b/src/metabase/models/common.clj
@@ -44,7 +44,7 @@
          public_perms    500 "Can't check user permissions: object doesn't have :public_perms.")
   (cond (:is_superuser *current-user*)   #{:read :write}    ; superusers have full access to everything
         (= creator_id *current-user-id*) #{:read :write}    ; if user created OBJ they have all permissions
-        (>= perms-read public_perms)     #{:read}           ; if the object is public then everyone gets :read
+        (<= perms-read public_perms)     #{:read}           ; if the object is public then everyone gets :read
         :else                            #{}))              ; default is user has no permissions a.k.a private
 
 (defn user-can?
-- 
GitLab