(core) make AccessRules and FullCopies effective

Summary: This allows `*SPECIAL:AccessRules` to give read access to the access rules to more users, and `*SPECIAL:FullCopies` to grant download/copy rights to more users. This diff also changes forks to be owned by the user who forked them (previously they were an editor), since that feels more natural. Test Plan: Added and updated tests. Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2760
2026-03-02 04:09:24 +00:00 · 2021-03-25 13:37:09 -04:00
parent e14488bcc8
commit 9d1bc5a518
10 changed files with 86 additions and 36 deletions
--- a/app/gen-server/lib/HomeDBManager.ts
+++ b/app/gen-server/lib/HomeDBManager.ts
@@ -983,19 +983,16 @@ export class HomeDBManager extends EventEmitter {
      doc.trunkAccess = doc.access;

      // Forks without a user id are editable by anyone with view access to the trunk.
-      if (forkUserId === undefined && doc.access === 'viewers') { doc.access = 'editors'; }
+      if (forkUserId === undefined && roles.canView(doc.access)) { doc.access = 'owners'; }
      if (forkUserId !== undefined) {
        // A fork user id is known, so only that user should get to edit the fork.
        if (userId === forkUserId) {
-          // Promote to editor if just a viewer of the trunk.
-          if (doc.access === 'viewers') { doc.access = 'editors'; }
+          if (roles.canView(doc.access)) { doc.access = 'owners'; }
        } else {
          // reduce to viewer if not already viewer
          doc.access = roles.getWeakestRole('viewers', doc.access);
        }
      }
-      // No-one may be an owner of a fork, since there's no way to set up ACLs for it.
-      if (doc.access === 'owners') { doc.access = 'editors'; }

      // Finally, if we are viewing a snapshot, we can't edit it.
      if (snapshotId) {