(core) Remove UI-imposed restriction against combining public edit access and access rules

Test Plan: TBD

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D3272
This commit is contained in:
Dmitry S 2022-02-16 16:40:42 -05:00
parent 8d34b70899
commit 9855a145d1
2 changed files with 2 additions and 27 deletions

View File

@ -36,10 +36,8 @@ import {
} from 'app/common/GranularAccessClause'; } from 'app/common/GranularAccessClause';
import {isHiddenCol} from 'app/common/gristTypes'; import {isHiddenCol} from 'app/common/gristTypes';
import {isObject} from 'app/common/gutil'; import {isObject} from 'app/common/gutil';
import * as roles from 'app/common/roles';
import {SchemaTypes} from 'app/common/schema'; import {SchemaTypes} from 'app/common/schema';
import {MetaRowRecord} from 'app/common/TableData'; import {MetaRowRecord} from 'app/common/TableData';
import {ANONYMOUS_USER_EMAIL, EVERYONE_EMAIL, getRealAccess} from 'app/common/UserAPI';
import { import {
BaseObservable, BaseObservable,
Computed, Computed,
@ -115,8 +113,6 @@ export class AccessRules extends Disposable {
private _aclUsersPopup = ACLUsersPopup.create(this); private _aclUsersPopup = ACLUsersPopup.create(this);
private _publicEditAccess = Observable.create(this, false);
constructor(private _gristDoc: GristDoc) { constructor(private _gristDoc: GristDoc) {
super(); super();
this._ruleStatus = Computed.create(this, (use) => { this._ruleStatus = Computed.create(this, (use) => {
@ -137,7 +133,7 @@ export class AccessRules extends Disposable {
}); });
this._savingEnabled = Computed.create(this, this._ruleStatus, (use, s) => this._savingEnabled = Computed.create(this, this._ruleStatus, (use, s) =>
(s === RuleStatus.ChangedValid) && !use(this._publicEditAccess)); (s === RuleStatus.ChangedValid));
this._userAttrChoices = Computed.create(this, this._userAttrRules, (use, rules) => { this._userAttrChoices = Computed.create(this, this._userAttrRules, (use, rules) => {
const result: IAttrOption[] = [ const result: IAttrOption[] = [
@ -341,10 +337,6 @@ export class AccessRules extends Disposable {
dom.style('visibility', use => use(this._aclUsersPopup.isInitialized) ? '' : 'hidden')), dom.style('visibility', use => use(this._aclUsersPopup.isInitialized) ? '' : 'hidden')),
), ),
cssConditionError({style: 'margin-left: 16px'}, cssConditionError({style: 'margin-left: 16px'},
dom.maybe(this._publicEditAccess, () => dom('div',
'Public "Editor" access is incompatible with Access Rules. ' +
'To set rules, remove it or reduce to "Viewer".'
)),
dom.text(this._errorMessage), dom.text(this._errorMessage),
testId('access-rules-error') testId('access-rules-error')
), ),
@ -469,16 +461,6 @@ export class AccessRules extends Disposable {
if (this.isDisposed()) { return; } if (this.isDisposed()) { return; }
this._aclUsersPopup.init(pageModel, permissionData); this._aclUsersPopup.init(pageModel, permissionData);
// We do not allow Public Editor access in combination with Granular ACL rules. When
// _publicEditAccess is on, we show a warning and prevent saving rules.
if (permissionData) {
const publicEditAccess = permissionData.users.some(user => (
(user.email === EVERYONE_EMAIL || user.email === ANONYMOUS_USER_EMAIL) &&
roles.canEdit(getRealAccess(user, permissionData))
));
this._publicEditAccess.set(publicEditAccess);
}
} }
} }

View File

@ -1,7 +1,6 @@
import {GristDoc} from 'app/client/components/GristDoc'; import {GristDoc} from 'app/client/components/GristDoc';
import {AppModel} from 'app/client/models/AppModel'; import {AppModel} from 'app/client/models/AppModel';
import {DocPageModel} from 'app/client/models/DocPageModel'; import {DocPageModel} from 'app/client/models/DocPageModel';
import {reportWarning} from 'app/client/models/errors';
import {ShareAnnotations, ShareAnnotator} from 'app/common/ShareAnnotator'; import {ShareAnnotations, ShareAnnotator} from 'app/common/ShareAnnotator';
import {normalizeEmail} from 'app/common/emails'; import {normalizeEmail} from 'app/common/emails';
import {GristLoadConfig} from 'app/common/gristUrls'; import {GristLoadConfig} from 'app/common/gristUrls';
@ -255,13 +254,7 @@ export class UserManagerModelImpl extends Disposable implements UserManagerModel
} }
// Loop through the members and update the delta. // Loop through the members and update the delta.
for (const m of members) { for (const m of members) {
let access = m.access.get(); const access = m.access.get();
if (m === this.publicMember && access === roles.EDITOR && this.gristDoc?.hasGranularAccessRules()) {
access = roles.VIEWER;
if (!options?.silent) {
reportWarning('Public "Editor" access is incompatible with Access Rules. Reduced to "Viewer".');
}
}
if (!roles.isValidRole(access)) { if (!roles.isValidRole(access)) {
if (!options?.silent) { if (!options?.silent) {
throw new Error(`Cannot update user to invalid role ${access}`); throw new Error(`Cannot update user to invalid role ${access}`);