(core) allow a doc owner to test access as a different user

Summary: This adds back-end support for query parameters `aclAsUser_` and `aclAsUserId_` which, when either is present, direct Grist to process granular access control rules from the point of view of that user (specified by email or id respectively). Some front end support is added, in the form of a tag that shows up when in this mode, and a way to cancel the mode. No friendly way to initiate the mode is offered yet. Test Plan: added test Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2704
2026-03-02 04:09:24 +00:00 · 2021-01-15 16:56:58 -05:00
parent d8e742aa0d
commit 3ad9b18ddf
8 changed files with 94 additions and 13 deletions
--- a/app/client/ui2018/breadcrumbs.ts
+++ b/app/client/ui2018/breadcrumbs.ts
@@ -9,6 +9,7 @@ import { urlState } from 'app/client/models/gristUrlState';
 import { colors, testId } from 'app/client/ui2018/cssVars';
 import { editableLabel } from 'app/client/ui2018/editableLabel';
 import { icon } from 'app/client/ui2018/icons';
+import { UserOverride } from 'app/common/DocListAPI';
 import { BindableValue, dom, Observable, styled } from 'grainjs';
 import { tooltip } from 'popweasel';

@@ -85,11 +86,13 @@ export function docBreadcrumbs(
    docNameSave: (val: string) => Promise<void>,
    pageNameSave: (val: string) => Promise<void>,
    cancelRecoveryMode: () => Promise<void>,
+    cancelUserOverride: () => Promise<void>,
    isDocNameReadOnly?: BindableValue<boolean>,
    isPageNameReadOnly?: BindableValue<boolean>,
    isFork: Observable<boolean>,
    isFiddle: Observable<boolean>,
    isRecoveryMode: Observable<boolean>,
+    userOverride: Observable<UserOverride|null>,
    isSnapshot?: Observable<boolean>,
    isPublic?: Observable<boolean>,
  }
@@ -118,11 +121,17 @@ export function docBreadcrumbs(
        }
        if (use(options.isRecoveryMode)) {
          return cssAlertTag('recovery mode',
-                             dom('a', dom.on('click', async () => {
-                               await options.cancelRecoveryMode()
-                             }), icon('CrossSmall')),
+                             dom('a', dom.on('click', () => options.cancelRecoveryMode()),
+                                 icon('CrossSmall')),
                             testId('recovery-mode-tag'));
        }
+        const userOverride = use(options.userOverride);
+        if (userOverride) {
+          return cssAlertTag(userOverride.user?.email || 'override',
+                             dom('a', dom.on('click', () => options.cancelUserOverride()),
+                                 icon('CrossSmall')),
+                             testId('user-override-tag'));
+        }
        if (use(options.isFiddle)) {
          return cssTag('fiddle', tooltip({title: fiddleExplanation}), testId('fiddle-tag'));
        }