(core) granular access control in the presence of schema changes

Summary: - Support schema changes in the presence of non-trivial ACL rules. - Fix update of `aclFormulaParsed` when updating formulas automatically after schema change. - Filter private metadata in broadcasts, not just fetches. Censorship method is unchanged, just refactored. - Allow only owners to change ACL rules. - Force reloads if rules are changed. - Track rule changes within bundle, for clarity during schema changes - tableId and colId changes create a muddle otherwise. - Show or forbid pages dynamically depending on user's access to its sections. Logic unchanged, just no longer requires reload. - Fix calculation of pre-existing rows touched by a bundle, in the presence of schema changes. - Gray out acl page for non-owners. Test Plan: added tests Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2734
2026-03-02 04:09:24 +00:00 · 2021-03-01 11:51:30 -05:00
parent aae4a58300
commit 4ab096d179
18 changed files with 930 additions and 454 deletions
--- a/sandbox/grist/acl.py
+++ b/sandbox/grist/acl.py
@@ -4,7 +4,7 @@

 import json

-from acl_formula import parse_acl_grist_entities
+from acl_formula import parse_acl_grist_entities, parse_acl_formula_json
 import action_obj
 import logger
 import textbuilder
@@ -128,7 +128,9 @@ def prepare_acl_col_renames(docmodel, useractions, col_renames_dict):
        patches.append(patch)

      replacer = textbuilder.Replacer(textbuilder.Text(formula), patches)
-      rule_updates.append((rule_rec, {'aclFormula': replacer.get_text().encode('utf8')}))
+      txt = replacer.get_text().encode('utf8')
+      rule_updates.append((rule_rec, {'aclFormula': txt,
+                                      'aclFormulaParsed': parse_acl_formula_json(txt)}))

  def do_renames():
    useractions.doBulkUpdateFromPairs('_grist_ACLResources', resource_updates)