(core) granular access control in the presence of schema changes

Summary: - Support schema changes in the presence of non-trivial ACL rules. - Fix update of `aclFormulaParsed` when updating formulas automatically after schema change. - Filter private metadata in broadcasts, not just fetches. Censorship method is unchanged, just refactored. - Allow only owners to change ACL rules. - Force reloads if rules are changed. - Track rule changes within bundle, for clarity during schema changes - tableId and colId changes create a muddle otherwise. - Show or forbid pages dynamically depending on user's access to its sections. Logic unchanged, just no longer requires reload. - Fix calculation of pre-existing rows touched by a bundle, in the presence of schema changes. - Gray out acl page for non-owners. Test Plan: added tests Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2734
2026-03-02 04:09:24 +00:00 · 2021-03-01 11:51:30 -05:00
parent aae4a58300
commit 4ab096d179
18 changed files with 930 additions and 454 deletions
--- a/app/common/GranularAccessClause.ts
+++ b/app/common/GranularAccessClause.ts
@@ -22,12 +22,19 @@ export interface RulePart {
  memo?: string;
 }

-// Light wrapper around characteristics or records.
+// Light wrapper for reading records or user attributes.
 export interface InfoView {
  get(key: string): CellValue;
  toJSON(): {[key: string]: any};
 }

+// As InfoView, but also supporting writing.
+export interface InfoEditor {
+  get(key: string): CellValue;
+  set(key: string, val: CellValue): this;
+  toJSON(): {[key: string]: any};
+}
+
 // Represents user info, which may include properties which are themselves RowRecords.
 export type UserInfo = Record<string, CellValue|InfoView|Record<string, string>>;