(core) give more detailed reasons for access denied when memos are present

Summary: With this change, if a comment is added to an ACL formula, then that comment will be offered to the user if access is denied and that rule could potentially have granted access. The code is factored so that when access is permitted, or when partially visible tables are being filtered, there is little overhead. Comments are gathered only when an explicit denial of access. Test Plan: added tests, updated tests Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2730
2026-03-02 04:09:24 +00:00 · 2021-02-15 16:36:33 -05:00
parent 422560504e
commit 6af811f7ab
17 changed files with 420 additions and 186 deletions
--- a/sandbox/grist/acl_formula.py
+++ b/sandbox/grist/acl_formula.py
@@ -1,5 +1,7 @@
 import ast
+import io
 import json
+import tokenize
 from collections import namedtuple

 import asttokens
@@ -22,10 +24,16 @@ def parse_acl_formula(acl_formula):
    Const                   value (number, string, bool)
    Name                    name (string)
    Attr                    node, attr_name
+    Comment                 node, comment
  """
  try:
    tree = ast.parse(acl_formula, mode='eval')
-    return _TreeConverter().visit(tree)
+    result = _TreeConverter().visit(tree)
+    for part in tokenize.generate_tokens(io.StringIO(acl_formula.decode('utf-8')).readline):
+      if part[0] == tokenize.COMMENT and part[1].startswith('#'):
+        result = ['Comment', result, part[1][1:].strip()]
+        break
+    return result
  except SyntaxError as err:
    # In case of an error, include line and offset.
    raise SyntaxError("%s on line %s col %s" % (err.args[0], err.lineno, err.offset))
--- a/sandbox/grist/test_acl_formula.py
+++ b/sandbox/grist/test_acl_formula.py
@@ -79,6 +79,24 @@ class TestACLFormula(unittest.TestCase):
        ['Attr', ['Attr', ['Name', 'user'], 'Status'], 'IsActive']
      ])

+    self.assertEqual(parse_acl_formula(
+      "True # Comment!  "),
+      ['Comment', ['Const', True], 'Comment!'])
+
+    self.assertEqual(parse_acl_formula(
+      "\"#x\" == \" # Not a comment \"#Comment!"),
+      ['Comment',
+       ['Eq', ['Const', '#x'], ['Const', ' # Not a comment ']],
+       'Comment!'
+      ])
+
+    self.assertEqual(parse_acl_formula(
+      "# Allow owners\nuser.Access == 'owners' # ignored\n# comment ignored"),
+      ['Comment',
+       ['Eq', ['Attr', ['Name', 'user'], 'Access'], ['Const', 'owners']],
+       'Allow owners'
+      ])
+
  def test_unsupported(self):
    # Test a few constructs we expect to fail
    # Not an expression