From d357dd6d20f45abc5b761e2c1947cc59bde74b03 Mon Sep 17 00:00:00 2001
From: Florian M <fm3@users.noreply.github.com>
Date: Thu, 25 Aug 2022 14:30:34 +0200
Subject: [PATCH] Fix dataset access by sharing token (#6425)

---
 app/models/binary/DataSet.scala | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/app/models/binary/DataSet.scala b/app/models/binary/DataSet.scala
index 0c3304bccca..f6964d3906a 100755
--- a/app/models/binary/DataSet.scala
+++ b/app/models/binary/DataSet.scala
@@ -112,14 +112,12 @@ class DataSetDAO @Inject()(sqlClient: SQLClient,
     }
 
   override def anonymousReadAccessQ(token: Option[String]): String =
-    "isPublic" + token
-      .map(
-        t =>
-          " or sharingToken = '$t' or _id in (select ans._dataset " +
-            "from webknossos.annotation_privateLinks_ apl " +
-            "join webknossos.annotations_ ans ON apl._annotation = ans._id " +
-            s"where apl.accessToken = '$t')")
-      .getOrElse("")
+    "isPublic" + token.map(t => s""" or sharingToken = '$t'
+               or _id in
+                 (select ans._dataset
+                 from webknossos.annotation_privateLinks_ apl
+                 join webknossos.annotations_ ans ON apl._annotation = ans._id
+                 where apl.accessToken = '$t')""").getOrElse("")
 
   override def readAccessQ(requestingUserId: ObjectId) =
     s"""isPublic