From 986af0793e247af4b74aed033590ab8c56915e46 Mon Sep 17 00:00:00 2001
From: Sergey Motornyuk <sergey.motornyuk@linkdigital.com.au>
Date: Wed, 26 Jun 2024 13:04:45 +0300
Subject: [PATCH] chore: fix cascade permission check

---
 ckanext/files/logic/auth.py | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/ckanext/files/logic/auth.py b/ckanext/files/logic/auth.py
index baa3abe..67ac92e 100644
--- a/ckanext/files/logic/auth.py
+++ b/ckanext/files/logic/auth.py
@@ -37,12 +37,10 @@ def _owner_allows(
             {"id": owner_id},
         )
 
-    except tk.NotAuthorized:
+    except (tk.NotAuthorized, ValueError):
         return False
 
-    except ValueError:
-        pass
-    return False
+    return True
 
 
 def _file_allows(
@@ -58,22 +56,22 @@ def _file_allows(
 
     info = file.owner_info if file else None
 
-    if info and info.owner_type in shared.config.cascade_access():
-        func_name = f"{info.owner_type}_{operation}"
+    if not info or info.owner_type not in shared.config.cascade_access():
+        return False
 
-        try:
-            tk.check_access(
-                func_name,
-                tk.fresh_context(context),
-                {"id": info.owner_id},
-            )
+    func_name = f"{info.owner_type}_{operation}"
 
-        except tk.NotAuthorized:
-            return False
+    try:
+        tk.check_access(
+            func_name,
+            tk.fresh_context(context),
+            {"id": info.owner_id},
+        )
+
+    except (tk.NotAuthorized, ValueError):
+        return False
 
-        except ValueError:
-            pass
-    return False
+    return True
 
 
 def _get_user(context: Context) -> model.User | None: