Archives/gristlabs_grist-core
1
0
Fork 0
mirror of https://github.com/gristlabs/grist-core.git synced 2026-03-02 04:09:24 +00:00
Code Issues Projects Releases Wiki Activity

(core) support subscriptions to a doc with row-dependent column read permissions

Browse Source 
Summary: This addresses a weakness in the following case: rules controlling view access for a column, with a dependency on the values of other columns. We had disabled support for such rules, since the existing implementation worked only on table loads and not on broadcast changes. This diff adds in logic to enrich broadcasts as needed, and allows such rules.

Test Plan: added test

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2774
This commit is contained in:
Paul Fitzpatrick
2021-04-16 14:21:20 -04:00
parent 35303fad21
commit 2dfa427d63
2 changed files with 56 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
app/client/aclui/AccessRules.ts
View File

@@ -20,7 +20,6 @@ import {emptyPermissionSet, MixedPermissionValue, PartialPermissionSet} from 'ap
import {parsePermissions, permissionSetToText} from 'app/common/ACLPermissions';
import {summarizePermissions, summarizePermissionSet} from 'app/common/ACLPermissions';
import {ACLRuleCollection, SPECIAL_RULES_TABLE_ID} from 'app/common/ACLRuleCollection';
import {ApiError} from 'app/common/ApiError';
import {BulkColValues, RowRecord, UserAction} from 'app/common/DocActions';
import {FormulaProperties, RulePart, RuleSet, UserAttributeRule} from 'app/common/GranularAccessClause';
import {getFormulaProperties} from 'app/common/GranularAccessClause';
@@ -1146,19 +1145,7 @@ class ObsRulePart extends Disposable {
* Verify that the rule is in a good state, optionally given a proposed permission change.
*/
public sanityCheck(pset?: PartialPermissionSet) {
if (this._ruleSet.hasColumns() &&
(pset || this._permissions.get()).read &&
this._formulaProperties.get().hasRecOrNewRec) {
if (pset && pset.read && this._permissions.get().read) {
// We don't want users to set either allow or deny read permissions in
// row-dependent rules, but if such a permission is set, allow it to be
// toggled to enable the deny->allow->unset cycling in the UI.
return;
}
throw new ApiError('Control of the read permission for column rules is unavailable ' +
'when the formula uses the rec variable. ' +
'Sorry! We will get to it, promise.', 400);
}
// Nothing to do! We now support all expressible rule permutations.
}
public buildRulePartDom(wide: boolean = false) {