mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
(core) For getting access info, include the first-level doc and workspace users.
Summary: When listing access on a doc or workspaces, include all users associated with the resource or its parents. Previously we only considered org-level users. This is normally sufficient since doc and workspace users are automatically added as guests of the org. But there are exceptions for special users (like everyone@), and generally, in case of any divergence, it's important to list everyone who affects access decisions. Test Plan: Added a test that everyone@ user gets included in listings Reviewers: paulfitz Reviewed By: paulfitz Subscribers: paulfitz Differential Revision: https://phab.getgrist.com/D2533
This commit is contained in:
parent
0e131c2546
commit
053d714655
@ -1924,7 +1924,7 @@ export class HomeDBManager extends EventEmitter {
|
|||||||
// The orgMap gives the org access inherited by each user.
|
// The orgMap gives the org access inherited by each user.
|
||||||
const orgMap = getMemberUserRoles(workspace.org, this.defaultBasicGroupNames);
|
const orgMap = getMemberUserRoles(workspace.org, this.defaultBasicGroupNames);
|
||||||
// Iterate through the org since all users will be in the org.
|
// Iterate through the org since all users will be in the org.
|
||||||
const users: UserAccessData[] = getResourceUsers(workspace.org).map(u => {
|
const users: UserAccessData[] = getResourceUsers([workspace, workspace.org]).map(u => {
|
||||||
return {
|
return {
|
||||||
id: u.id,
|
id: u.id,
|
||||||
name: u.name,
|
name: u.name,
|
||||||
@ -1959,7 +1959,7 @@ export class HomeDBManager extends EventEmitter {
|
|||||||
const orgMap = getMemberUserRoles(doc.workspace.org, this.defaultBasicGroupNames);
|
const orgMap = getMemberUserRoles(doc.workspace.org, this.defaultBasicGroupNames);
|
||||||
const wsMaxInheritedRole = this._getMaxInheritedRole(doc.workspace);
|
const wsMaxInheritedRole = this._getMaxInheritedRole(doc.workspace);
|
||||||
// Iterate through the org since all users will be in the org.
|
// Iterate through the org since all users will be in the org.
|
||||||
const users: UserAccessData[] = getResourceUsers(doc.workspace.org).map(u => {
|
const users: UserAccessData[] = getResourceUsers([doc, doc.workspace, doc.workspace.org]).map(u => {
|
||||||
// Merge the strongest roles from the resource and parent resources. Note that the parent
|
// Merge the strongest roles from the resource and parent resources. Note that the parent
|
||||||
// resource access levels must be tempered by the maxInheritedRole values of their children.
|
// resource access levels must be tempered by the maxInheritedRole values of their children.
|
||||||
const inheritFromOrg = roles.getWeakestRole(orgMap[u.id] || null, wsMaxInheritedRole);
|
const inheritFromOrg = roles.getWeakestRole(orgMap[u.id] || null, wsMaxInheritedRole);
|
||||||
|
Loading…
Reference in New Issue
Block a user