(core) limit access to list of snapshots for documents with granular access

Summary: Snapshots can now only be listed for users with non-nuanced access (no access rules, or owners on docs with rules). If a snapshot URL leaks, or is shared by a user who can list snapshots, that URL behaves as before -- it gives access to the snapshot according to access rules in that snapshot. Test Plan: added test Reviewers: georgegevoian, dsagal Reviewed By: georgegevoian, dsagal Subscribers: jarek Differential Revision: https://phab.getgrist.com/D3698
2026-03-02 04:09:24 +00:00 · 2022-11-15 10:58:25 -05:00
parent ea71312d0e
commit 7b7b26c983
4 changed files with 24 additions and 8 deletions
--- a/static/locales/en.client.json
+++ b/static/locales/en.client.json
@@ -111,6 +111,7 @@
  "DocHistory": {
    "Activity": "Activity",
    "Snapshots": "Snapshots",
+    "SnapshotsUnavailable": "Snapshots are unavailable.",
    "OpenSnapshot": "Open Snapshot",
    "CompareToCurrent": "Compare to Current",
    "CompareToPrevious": "Compare to Previous",