(core) make AccessRules and FullCopies effective

Summary: This allows `*SPECIAL:AccessRules` to give read access to the access rules to more users, and `*SPECIAL:FullCopies` to grant download/copy rights to more users. This diff also changes forks to be owned by the user who forked them (previously they were an editor), since that feels more natural. Test Plan: Added and updated tests. Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2760
2026-03-02 04:09:24 +00:00 · 2021-03-25 13:37:09 -04:00
parent e14488bcc8
commit 9d1bc5a518
10 changed files with 86 additions and 36 deletions
--- a/app/client/aclui/ACLUsers.ts
+++ b/app/client/aclui/ACLUsers.ts
@@ -57,7 +57,11 @@ export class ACLUsersPopup extends Disposable {
  public async init(pageModel: DocPageModel) {
    this._currentUser = pageModel.userOverride.get()?.user || pageModel.appModel.currentValidUser;
    const doc = pageModel.currentDoc.get();
-    if (doc) {
+    // Disabling "View as user" for forks for the moment.  The getDocAccess endpoint
+    // only succeeds for documents that exist in the DB currently.
+    // TODO: modify the getDocAccess endpoint to accept forks, through the kind of
+    // manipulation that getDoc does.  Then we can enable this button for forks.
+    if (doc && !doc.isFork) {
      const permissionData = await pageModel.appModel.api.getDocAccess(doc.id);
      if (this.isDisposed()) { return; }
      this._usersInDoc = permissionData.users.map(user => ({
--- a/app/client/aclui/AccessRules.ts
+++ b/app/client/aclui/AccessRules.ts
@@ -318,9 +318,10 @@ export class AccessRules extends Disposable {
          ),
        ),
        bigBasicButton('Add User Attributes', dom.on('click', () => this._addUserAttributes())),
-        bigBasicButton('Users', cssDropdownIcon('Dropdown'), elem => this._aclUsersPopup.attachPopup(elem),
-          dom.style('visibility', use => use(this._aclUsersPopup.isInitialized) ? '' : 'hidden'),
-        ),
+        !this._gristDoc.docPageModel.isFork.get() ?
+          bigBasicButton('Users', cssDropdownIcon('Dropdown'), elem => this._aclUsersPopup.attachPopup(elem),
+            dom.style('visibility', use => use(this._aclUsersPopup.isInitialized) ? '' : 'hidden'),
+          ) : null,
      ),
      cssConditionError(dom.text(this._errorMessage), {style: 'margin-left: 16px'},
        testId('access-rules-error')
--- a/app/client/models/DocModel.ts
+++ b/app/client/models/DocModel.ts
@@ -24,6 +24,7 @@ import * as rowset from 'app/client/models/rowset';
 import {RowId} from 'app/client/models/rowset';
 import {schema, SchemaTypes} from 'app/common/schema';

+import {ACLRuleRec, createACLRuleRec} from 'app/client/models/entities/ACLRuleRec';
 import {ColumnRec, createColumnRec} from 'app/client/models/entities/ColumnRec';
 import {createDocInfoRec, DocInfoRec} from 'app/client/models/entities/DocInfoRec';
 import {createPageRec, PageRec} from 'app/client/models/entities/PageRec';
@@ -111,6 +112,7 @@ export class DocModel {
  public validations: MTM<ValidationRec> = this._metaTableModel("_grist_Validations", createValidationRec);
  public replHist: MTM<REPLRec> = this._metaTableModel("_grist_REPL_Hist", createREPLRec);
  public pages: MTM<PageRec> = this._metaTableModel("_grist_Pages", createPageRec);
+  public rules: MTM<ACLRuleRec> = this._metaTableModel("_grist_ACLRules", createACLRuleRec);

  public allTables: KoArray<TableRec>;
  public allTableIds: KoArray<string>;
--- a/app/client/models/entities/ACLRuleRec.ts
+++ b/app/client/models/entities/ACLRuleRec.ts
@@ -0,0 +1,7 @@
+import {DocModel, IRowModel} from 'app/client/models/DocModel';
+
+export type ACLRuleRec = IRowModel<"_grist_ACLRules">;
+
+export function createACLRuleRec(this: ACLRuleRec, docModel: DocModel): void {
+  // currently don't care much about content.
+}
--- a/app/client/ui/ShareMenu.ts
+++ b/app/client/ui/ShareMenu.ts
@@ -123,7 +123,7 @@ function shareButton(buttonText: string|null, menuCreateFunc: MenuCreateFunc,
 function menuManageUsers(doc: DocInfo, pageModel: DocPageModel) {
  return [
    menuItem(() => manageUsers(doc, pageModel), 'Manage Users',
-      dom.cls('disabled', !roles.canEditAccess(doc.access)),
+      dom.cls('disabled', !roles.canEditAccess(doc.access) || doc.isFork),
      testId('tb-share-option')
    ),
    menuDivider(),
--- a/app/client/ui/Tools.ts
+++ b/app/client/ui/Tools.ts
@@ -9,7 +9,7 @@ import { colors } from 'app/client/ui2018/cssVars';
 import { icon } from 'app/client/ui2018/icons';
 import { cssLink } from 'app/client/ui2018/links';
 import { userOverrideParams } from 'app/common/gristUrls';
-import { Disposable, dom, makeTestId, Observable, styled } from "grainjs";
+import { Disposable, dom, makeTestId, Observable, observable, styled } from "grainjs";

 const testId = makeTestId('test-tools-');

@@ -17,7 +17,13 @@ export function tools(owner: Disposable, gristDoc: GristDoc, leftPanelOpen: Obse
  const aclUIEnabled = Boolean(urlState().state.get().params?.aclUI);
  const isOwner = gristDoc.docPageModel.currentDoc.get()?.access === 'owners';
  const isOverridden = Boolean(gristDoc.docPageModel.userOverride.get());
-  const canUseAccessRules = isOwner && !isOverridden;
+  const canViewAccessRules = observable(false);
+  function updateCanViewAccessRules() {
+    canViewAccessRules.set((isOwner && !isOverridden) ||
+                           gristDoc.docModel.rules.getNumRows() > 0);
+  }
+  owner.autoDispose(gristDoc.docModel.rules.tableData.tableActionEmitter.addListener(updateCanViewAccessRules));
+  updateCanViewAccessRules();
  return cssTools(
    cssTools.cls('-collapsed', (use) => !use(leftPanelOpen)),
    cssSectionHeader("TOOLS"),
@@ -25,12 +31,15 @@ export function tools(owner: Disposable, gristDoc: GristDoc, leftPanelOpen: Obse
    (aclUIEnabled ?
      cssPageEntry(
        cssPageEntry.cls('-selected', (use) => use(gristDoc.activeViewId) === 'acl'),
-        cssPageEntry.cls('-disabled', !isOwner),
-        cssPageLink(cssPageIcon('EyeShow'),
-          cssLinkText('Access Rules'),
-          canUseAccessRules ? urlState().setLinkUrl({docPage: 'acl'}) : null,
-          isOverridden ? addRevertViewAsUI() : null,
-        ),
+        cssPageEntry.cls('-disabled', (use) => !use(canViewAccessRules)),
+        dom.domComputed(canViewAccessRules, (_canViewAccessRules) => {
+          return cssPageLink(
+            cssPageIcon('EyeShow'),
+            cssLinkText('Access Rules'),
+            _canViewAccessRules ? urlState().setLinkUrl({docPage: 'acl'}) : null,
+            isOverridden ? addRevertViewAsUI() : null,
+          );
+        }),
        testId('access-rules'),
      ) :
      null