From a0fc11c8d13af9084c72813f28cedbae4f29d3ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaros=C5=82aw=20Sadzi=C5=84ski?= Date: Tue, 5 Sep 2023 11:11:46 +0200 Subject: [PATCH] (core) Fixing memos in record dependent rules. Summary: Memos in row dependent rules were ignored if the action was denied unconditionally. It prevented creating different memos for different users. Now ACL is forced to check each row, to find the correct memo to show when create/update/delete action is denied. Test Plan: Existing and new. Reviewers: paulfitz, dsagal Reviewed By: paulfitz, dsagal Subscribers: dsagal Differential Revision: https://phab.getgrist.com/D4024 --- app/server/lib/PermissionInfo.ts | 39 +++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/app/server/lib/PermissionInfo.ts b/app/server/lib/PermissionInfo.ts index 897dc8d5..164db7ad 100644 --- a/app/server/lib/PermissionInfo.ts +++ b/app/server/lib/PermissionInfo.ts @@ -202,7 +202,8 @@ export class PermissionInfo extends RuleInfo = ['create', 'update', 'delete']; + const changesData = (perm: string) => dataChangePerms.includes(perm as keyof PermissionSet); + pset = mapValues(pset, (val, perm) => val === 'denySome' && changesData(perm) ? "mixed" : val); + } } else { // Unexpected error. Interpret rule pessimistically. // Anything it would explicitly allow, no longer allow through this rule.