From bdded3aac4cba0b11b3d5057b94b269121d825ea Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Fri, 9 Feb 2024 09:35:41 +0100
Subject: [PATCH] Fix: Handle permission_clause for result permissions.

---
 src/manage_acl.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/manage_acl.c b/src/manage_acl.c
index ed8173f68..e7c5eefeb 100644
--- a/src/manage_acl.c
+++ b/src/manage_acl.c
@@ -1143,9 +1143,10 @@ acl_where_owned_user (const char *user_id, const char *user_sql,
           else if (strcmp (type, "result") == 0)
             permission_clause
              = g_strdup_printf ("%s"
-                                " OR results%s.task IN"
+                                " OR EXISTS"
                                 " (SELECT id FROM %spermissions_subject"
-                                "  WHERE resource_type = 'task'"
+                                "  WHERE resource = results%s.task"
+                                "  AND resource_type = 'task'"
                                 "  AND (%s))",
                                 clause,
                                 get->trash ? "_trash" : "",