2020-07-21 13:20:51 +00:00
|
|
|
import {BrowserSettings} from 'app/common/BrowserSettings';
|
2020-09-02 18:17:17 +00:00
|
|
|
import {Role} from 'app/common/roles';
|
2021-03-18 22:40:02 +00:00
|
|
|
import {FullUser} from 'app/common/UserAPI';
|
|
|
|
import {Document} from 'app/gen-server/entity/Document';
|
2020-07-21 13:20:51 +00:00
|
|
|
import {ActiveDoc} from 'app/server/lib/ActiveDoc';
|
2020-10-19 14:25:21 +00:00
|
|
|
import {Authorizer, getUser, getUserId, RequestWithLogin} from 'app/server/lib/Authorizer';
|
2020-07-21 13:20:51 +00:00
|
|
|
import {Client} from 'app/server/lib/Client';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* OptDocSession allows for certain ActiveDoc operations to work with or without an open document.
|
|
|
|
* It is useful in particular for actions when importing a file to create a new document.
|
|
|
|
*/
|
|
|
|
export interface OptDocSession {
|
|
|
|
client: Client|null;
|
|
|
|
shouldBundleActions?: boolean;
|
|
|
|
linkId?: number;
|
|
|
|
browserSettings?: BrowserSettings;
|
|
|
|
req?: RequestWithLogin;
|
2020-12-07 21:15:58 +00:00
|
|
|
// special permissions for creating, plugins, system, and share access
|
|
|
|
mode?: 'nascent'|'plugin'|'system'|'share';
|
2020-09-02 18:17:17 +00:00
|
|
|
authorizer?: Authorizer;
|
2021-07-20 20:20:31 +00:00
|
|
|
forkingAsOwner?: boolean; // Set if it is appropriate in a pre-fork state to become an owner.
|
2020-07-21 13:20:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
export function makeOptDocSession(client: Client|null, browserSettings?: BrowserSettings): OptDocSession {
|
|
|
|
if (client && !browserSettings) { browserSettings = client.browserSettings; }
|
2021-08-26 16:35:11 +00:00
|
|
|
if (client && browserSettings && !browserSettings.locale) { browserSettings.locale = client.locale; }
|
2020-07-21 13:20:51 +00:00
|
|
|
return {client, browserSettings};
|
|
|
|
}
|
|
|
|
|
2020-09-02 18:17:17 +00:00
|
|
|
/**
|
|
|
|
* Create an OptDocSession with special access rights.
|
|
|
|
* - nascent: user is treated as owner (because doc is being created)
|
|
|
|
* - plugin: user is treated as editor (because plugin access control is crude)
|
|
|
|
* - system: user is treated as owner (because of some operation bypassing access control)
|
|
|
|
*/
|
2020-12-07 21:15:58 +00:00
|
|
|
export function makeExceptionalDocSession(mode: 'nascent'|'plugin'|'system'|'share',
|
2020-09-02 18:17:17 +00:00
|
|
|
options: {client?: Client,
|
|
|
|
req?: RequestWithLogin,
|
|
|
|
browserSettings?: BrowserSettings} = {}): OptDocSession {
|
|
|
|
const docSession = makeOptDocSession(options.client || null, options.browserSettings);
|
|
|
|
docSession.mode = mode;
|
|
|
|
docSession.req = options.req;
|
|
|
|
return docSession;
|
|
|
|
}
|
|
|
|
|
2020-09-11 20:27:09 +00:00
|
|
|
/**
|
|
|
|
* Create an OptDocSession from a request. Request should have user and doc access
|
|
|
|
* middleware.
|
|
|
|
*/
|
|
|
|
export function docSessionFromRequest(req: RequestWithLogin): OptDocSession {
|
|
|
|
return {client: null, req};
|
|
|
|
}
|
|
|
|
|
2020-07-21 13:20:51 +00:00
|
|
|
/**
|
|
|
|
* DocSession objects maintain information for a single session<->doc instance.
|
|
|
|
*/
|
|
|
|
export class DocSession implements OptDocSession {
|
|
|
|
/**
|
|
|
|
* Flag to indicate that user actions 'bundle' process is started and in progress (`true`),
|
|
|
|
* otherwise it's `false`
|
|
|
|
*/
|
|
|
|
public shouldBundleActions?: boolean;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Indicates the actionNum of the previously applied action
|
|
|
|
* to which the first action in actions should be linked.
|
|
|
|
* Linked actions appear as one action and can be undone/redone in a single step.
|
|
|
|
*/
|
|
|
|
public linkId?: number;
|
|
|
|
|
2021-07-20 20:20:31 +00:00
|
|
|
public forkingAsOwner?: boolean;
|
|
|
|
|
2020-07-21 13:20:51 +00:00
|
|
|
constructor(
|
|
|
|
public readonly activeDoc: ActiveDoc,
|
|
|
|
public readonly client: Client,
|
|
|
|
public readonly fd: number,
|
|
|
|
public readonly authorizer: Authorizer
|
|
|
|
) {}
|
|
|
|
|
|
|
|
// Browser settings (like timezone) obtained from the Client.
|
|
|
|
public get browserSettings(): BrowserSettings { return this.client.browserSettings; }
|
|
|
|
}
|
2020-09-02 18:17:17 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Extract userId from OptDocSession. Use Authorizer if available (for web socket
|
|
|
|
* sessions), or get it from the Request if that is available (for rest api calls),
|
|
|
|
* or from the Client if that is available. Returns null if userId information is
|
|
|
|
* not available or not cached.
|
|
|
|
*/
|
|
|
|
export function getDocSessionUserId(docSession: OptDocSession): number|null {
|
|
|
|
if (docSession.authorizer) {
|
|
|
|
return docSession.authorizer.getUserId();
|
|
|
|
}
|
|
|
|
if (docSession.req) {
|
|
|
|
return getUserId(docSession.req);
|
|
|
|
}
|
|
|
|
if (docSession.client) {
|
|
|
|
return docSession.client.getCachedUserId();
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
(core) add a `user.SessionID` value for trigger formulas and granular access rules
Summary:
This makes a `user.SessionID` value available in information about the user, for use with trigger formulas and granular access rules. The ID should be constant within a browser session for anonymous user. For logged in users it simply reflects their user id.
This ID makes it possible to write access rules and trigger formulas that allow different anonymous users to create, view, and edit their own records in a document.
For example, you could have a brain-storming document for puns, and allow anyone to add to it (without logging in), letting people edit their own records, but not showing the records to others until they are approved by a moderator. Without something like this, we could only let anonymous people add one field of a record, and not have a secure way to let them edit that field or others in the same record.
Also adds a `user.IsLoggedIn` flag in passing.
Test Plan: Added a test, updated tests. The test added is a mini-moderation doc, don't use it for real because it allows users to edit their entries after a moderator has approved them.
Reviewers: georgegevoian
Reviewed By: georgegevoian
Subscribers: dsagal
Differential Revision: https://phab.getgrist.com/D3273
2022-02-22 15:42:06 +00:00
|
|
|
export function getDocSessionAltSessionId(docSession: OptDocSession): string|null {
|
|
|
|
if (docSession.req) {
|
|
|
|
return docSession.req.altSessionId || null;
|
|
|
|
}
|
|
|
|
if (docSession.client) {
|
|
|
|
return docSession.client.getAltSessionId() || null;
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2020-10-19 14:25:21 +00:00
|
|
|
/**
|
|
|
|
* Get as much of user profile as we can (id, name, email).
|
|
|
|
*/
|
|
|
|
export function getDocSessionUser(docSession: OptDocSession): FullUser|null {
|
|
|
|
if (docSession.authorizer) {
|
|
|
|
return docSession.authorizer.getUser();
|
|
|
|
}
|
|
|
|
if (docSession.req) {
|
|
|
|
const user = getUser(docSession.req);
|
|
|
|
const email = user.loginEmail;
|
|
|
|
if (email) {
|
2023-01-24 13:13:18 +00:00
|
|
|
return {id: user.id, name: user.name, email, ref: user.ref, locale: user.options?.locale};
|
2020-10-19 14:25:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if (docSession.client) {
|
|
|
|
const id = docSession.client.getCachedUserId();
|
2022-10-03 14:45:44 +00:00
|
|
|
const ref = docSession.client.getCachedUserRef();
|
2020-10-19 14:25:21 +00:00
|
|
|
const profile = docSession.client.getProfile();
|
|
|
|
if (id && profile) {
|
|
|
|
return {
|
|
|
|
id,
|
2022-10-03 14:45:44 +00:00
|
|
|
ref,
|
2020-10-19 14:25:21 +00:00
|
|
|
...profile
|
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2020-09-02 18:17:17 +00:00
|
|
|
/**
|
|
|
|
* Extract user's role from OptDocSession. Method depends on whether using web
|
|
|
|
* sockets or rest api. Assumes that access has already been checked by wrappers
|
|
|
|
* for api methods and that cached access information is therefore available.
|
|
|
|
*/
|
|
|
|
export function getDocSessionAccess(docSession: OptDocSession): Role {
|
|
|
|
// "nascent" DocSessions are for when a document is being created, and user is
|
|
|
|
// its only owner as yet.
|
|
|
|
// "system" DocSessions are for access without access control.
|
|
|
|
if (docSession.mode === 'nascent' || docSession.mode === 'system') { return 'owners'; }
|
|
|
|
// "plugin" DocSessions are for access from plugins, which is currently quite crude,
|
|
|
|
// and granted only to editors.
|
|
|
|
if (docSession.mode === 'plugin') { return 'editors'; }
|
|
|
|
if (docSession.authorizer) {
|
|
|
|
const access = docSession.authorizer.getCachedAuth().access;
|
|
|
|
if (!access) { throw new Error('getDocSessionAccess expected authorizer.getCachedAuth'); }
|
|
|
|
return access;
|
|
|
|
}
|
|
|
|
if (docSession.req) {
|
|
|
|
const access = docSession.req.docAuth?.access;
|
|
|
|
if (!access) { throw new Error('getDocSessionAccess expected req.docAuth.access'); }
|
|
|
|
return access;
|
|
|
|
}
|
|
|
|
throw new Error('getDocSessionAccess could not find access information in DocSession');
|
|
|
|
}
|
2021-03-18 22:40:02 +00:00
|
|
|
|
(core) add initial support for special shares
Summary:
This gives a mechanism for controlling access control within a document that is distinct from (though implemented with the same machinery as) granular access rules.
It was hard to find a good way to insert this that didn't dissolve in a soup of complications, so here's what I went with:
* When reading rules, if there are shares, extra rules are added.
* If there are shares, all rules are made conditional on a "ShareRef" user property.
* "ShareRef" is null when a doc is accessed in normal way, and the row id of a share when accessed via a share.
There's no UI for controlling shares (George is working on it for forms), but you can do it by editing a `_grist_Shares` table in a document. Suppose you make a fresh document with a single page/table/widget, then to create an empty share you can do:
```
gristDocPageModel.gristDoc.get().docData.sendAction(['AddRecord', '_grist_Shares', null, {linkId: 'xyz', options: '{"publish": true}'}])
```
If you look at the home db now there should be something in the `shares` table:
```
$ sqlite3 -table landing.db "select * from shares"
+----+------------------------+------------------------+--------------+---------+
| id | key | doc_id | link_id | options |
+----+------------------------+------------------------+--------------+---------+
| 1 | gSL4g38PsyautLHnjmXh2K | 4qYuace1xP2CTcPunFdtan | xyz | ... |
+----+------------------------+------------------------+--------------+---------+
```
If you take the key from that (gSL4g38PsyautLHnjmXh2K in this case) and replace the document's urlId in its URL with `s.<key>` (in this case `s.gSL4g38PsyautLHnjmXh2K` then you can use the regular document landing page (it will be quite blank initially) or API endpoint via the share.
E.g. for me `http://localhost:8080/o/docs/s0gSL4g38PsyautLHnjmXh2K/share-inter-3` accesses the doc.
To actually share some material - useful commands:
```
gristDocPageModel.gristDoc.get().docData.getMetaTable('_grist_Views_section').getRecords()
gristDocPageModel.gristDoc.get().docData.sendAction(['UpdateRecord', '_grist_Views_section', 1, {shareOptions: '{"publish": true, "form": true}'}])
gristDocPageModel.gristDoc.get().docData.getMetaTable('_grist_Pages').getRecords()
gristDocPageModel.gristDoc.get().docData.sendAction(['UpdateRecord', '_grist_Pages', 1, {shareRef: 1}])
```
For a share to be effective, at least one page needs to have its shareRef set to the rowId of the share, and at least one widget on one of those pages needs to have its shareOptions set to {"publish": "true", "form": "true"} (meaning turn on sharing, and include form sharing), and the share itself needs {"publish": true} on its options.
I think special shares are kind of incompatible with public sharing, since by their nature (allowing access to all endpoints) they easily expose the docId, and changing that would be hard.
Test Plan: tests added
Reviewers: dsagal, georgegevoian
Reviewed By: dsagal, georgegevoian
Subscribers: jarek, dsagal
Differential Revision: https://phab.getgrist.com/D4144
2024-01-03 16:53:20 +00:00
|
|
|
export function getDocSessionShare(docSession: OptDocSession): string|null {
|
|
|
|
if (docSession.authorizer) {
|
|
|
|
return docSession.authorizer.getCachedAuth().cachedDoc?.linkId || null;
|
|
|
|
}
|
|
|
|
if (docSession.req) {
|
|
|
|
return docSession.req.docAuth?.cachedDoc?.linkId || null;
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2021-10-25 13:29:06 +00:00
|
|
|
export function getDocSessionAccessOrNull(docSession: OptDocSession): Role|null {
|
|
|
|
try {
|
|
|
|
return getDocSessionAccess(docSession);
|
|
|
|
} catch (err) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-03-18 22:40:02 +00:00
|
|
|
/**
|
|
|
|
* Get cached information about the document, if available. May be stale.
|
|
|
|
*/
|
|
|
|
export function getDocSessionCachedDoc(docSession: OptDocSession): Document|undefined {
|
|
|
|
return (docSession.req as RequestWithLogin)?.docAuth?.cachedDoc;
|
|
|
|
}
|