gristlabs_grist-core/sandbox/grist/acl.py

# This file used to implement (partially) old plans for granular ACLs.
# It now retains only the minimum needed to keep new documents openable by old code,
# and to produce the ActionBundles expected by other code.

import action_obj

class Permissions(object):
  # Permission types and their combination are represented as bits of a single integer.
  VIEW          = 0x1
  UPDATE        = 0x2
  ADD           = 0x4
  REMOVE        = 0x8
  SCHEMA_EDIT   = 0x10
  ACL_EDIT      = 0x20
  EDITOR        = VIEW | UPDATE | ADD | REMOVE
  ADMIN         = EDITOR | SCHEMA_EDIT
  OWNER         = ADMIN | ACL_EDIT


# Special recipients, or instanceIds. ALL is the special recipient for schema actions that
# should be shared with all collaborators of the document.
ALL = '#ALL'
ALL_SET = frozenset([ALL])


def acl_read_split(action_group):
  """
  Returns an ActionBundle containing actions from the given action_group, all in one envelope.
  With the deprecation of old-style ACL rules, envelopes are not used at all, and only kept to
  avoid triggering unrelated code changes.
  """
  bundle = action_obj.ActionBundle()
  bundle.envelopes.append(action_obj.Envelope(ALL_SET))
  bundle.stored.extend((0, da) for da in action_group.stored)
  bundle.calc.extend((0, da) for da in action_group.calc)
  bundle.undo.extend((0, da) for da in action_group.undo)
  bundle.retValues = action_group.retValues
  return bundle
(core) Remove the old attempt at ACLs implemented in Python. Summary: The new plans for granular access control are different and handled by node.js. Some of the same tables will be reused, of which we never made real use before except for expecting certain specific initial records. This diff removes the old logic, replacing it with a stub that satisfies the interface expected by other code. It also removes several unused UserActions: AddUser/RemoveUser/ AddInstance/RemoveInstance. Test Plan: Existing tests should pass. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D2662 2020-11-12 04:56:05 +00:00			`# This file used to implement (partially) old plans for granular ACLs.`
			`# It now retains only the minimum needed to keep new documents openable by old code,`
			`# and to produce the ActionBundles expected by other code.`
(core) move data engine code to core Summary: this moves sandbox/grist to core, and adds a requirements.txt file for reconstructing the content of sandbox/thirdparty. Test Plan: existing tests pass. Tested core functionality manually. Tested docker build manually. Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2563 2020-07-27 18:57:36 +00:00
			`import action_obj`

			`class Permissions(object):`
			`# Permission types and their combination are represented as bits of a single integer.`
			`VIEW = 0x1`
			`UPDATE = 0x2`
			`ADD = 0x4`
			`REMOVE = 0x8`
			`SCHEMA_EDIT = 0x10`
			`ACL_EDIT = 0x20`
			`EDITOR = VIEW \| UPDATE \| ADD \| REMOVE`
			`ADMIN = EDITOR \| SCHEMA_EDIT`
			`OWNER = ADMIN \| ACL_EDIT`


(core) Remove the old attempt at ACLs implemented in Python. Summary: The new plans for granular access control are different and handled by node.js. Some of the same tables will be reused, of which we never made real use before except for expecting certain specific initial records. This diff removes the old logic, replacing it with a stub that satisfies the interface expected by other code. It also removes several unused UserActions: AddUser/RemoveUser/ AddInstance/RemoveInstance. Test Plan: Existing tests should pass. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D2662 2020-11-12 04:56:05 +00:00			`# Special recipients, or instanceIds. ALL is the special recipient for schema actions that`
			`# should be shared with all collaborators of the document.`
			`ALL = '#ALL'`
			`ALL_SET = frozenset([ALL])`
(core) move data engine code to core Summary: this moves sandbox/grist to core, and adds a requirements.txt file for reconstructing the content of sandbox/thirdparty. Test Plan: existing tests pass. Tested core functionality manually. Tested docker build manually. Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2563 2020-07-27 18:57:36 +00:00

(core) Remove the old attempt at ACLs implemented in Python. Summary: The new plans for granular access control are different and handled by node.js. Some of the same tables will be reused, of which we never made real use before except for expecting certain specific initial records. This diff removes the old logic, replacing it with a stub that satisfies the interface expected by other code. It also removes several unused UserActions: AddUser/RemoveUser/ AddInstance/RemoveInstance. Test Plan: Existing tests should pass. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D2662 2020-11-12 04:56:05 +00:00			`def acl_read_split(action_group):`
(core) move data engine code to core Summary: this moves sandbox/grist to core, and adds a requirements.txt file for reconstructing the content of sandbox/thirdparty. Test Plan: existing tests pass. Tested core functionality manually. Tested docker build manually. Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2563 2020-07-27 18:57:36 +00:00			`"""`
(core) Remove the old attempt at ACLs implemented in Python. Summary: The new plans for granular access control are different and handled by node.js. Some of the same tables will be reused, of which we never made real use before except for expecting certain specific initial records. This diff removes the old logic, replacing it with a stub that satisfies the interface expected by other code. It also removes several unused UserActions: AddUser/RemoveUser/ AddInstance/RemoveInstance. Test Plan: Existing tests should pass. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D2662 2020-11-12 04:56:05 +00:00			`Returns an ActionBundle containing actions from the given action_group, all in one envelope.`
			`With the deprecation of old-style ACL rules, envelopes are not used at all, and only kept to`
			`avoid triggering unrelated code changes.`
(core) move data engine code to core Summary: this moves sandbox/grist to core, and adds a requirements.txt file for reconstructing the content of sandbox/thirdparty. Test Plan: existing tests pass. Tested core functionality manually. Tested docker build manually. Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2563 2020-07-27 18:57:36 +00:00			`"""`
(core) Remove the old attempt at ACLs implemented in Python. Summary: The new plans for granular access control are different and handled by node.js. Some of the same tables will be reused, of which we never made real use before except for expecting certain specific initial records. This diff removes the old logic, replacing it with a stub that satisfies the interface expected by other code. It also removes several unused UserActions: AddUser/RemoveUser/ AddInstance/RemoveInstance. Test Plan: Existing tests should pass. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D2662 2020-11-12 04:56:05 +00:00			`bundle = action_obj.ActionBundle()`
			`bundle.envelopes.append(action_obj.Envelope(ALL_SET))`
			`bundle.stored.extend((0, da) for da in action_group.stored)`
			`bundle.calc.extend((0, da) for da in action_group.calc)`
			`bundle.undo.extend((0, da) for da in action_group.undo)`
			`bundle.retValues = action_group.retValues`
			`return bundle`