From af462fc938a70e76d8b38531e8c36a3ba4155860 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaros=C5=82aw=20Sadzi=C5=84ski?= Date: Thu, 17 Nov 2022 15:14:49 +0100 Subject: [PATCH] (core) Fixing the ViewAs feature when the example user exists Summary: View as feature uses example.com emails for simulated users. This can break when such a user already exists in the home db. Here we pretend that these users don't exist during ACL checks. Test Plan: Updated and existing Reviewers: paulfitz Reviewed By: paulfitz Subscribers: paulfitz Differential Revision: https://phab.getgrist.com/D3705 --- app/server/lib/GranularAccess.ts | 12 ++++++++---- test/nbrowser/gristUtils.ts | 23 ++--------------------- 2 files changed, 10 insertions(+), 25 deletions(-) diff --git a/app/server/lib/GranularAccess.ts b/app/server/lib/GranularAccess.ts index 700e12bb..1f437733 100644 --- a/app/server/lib/GranularAccess.ts +++ b/app/server/lib/GranularAccess.ts @@ -1837,7 +1837,11 @@ export class GranularAccess implements GranularAccessForBundle { const dbUser = linkParameters.aclAsUserId ? (await this._homeDbManager.getUser(integerParam(linkParameters.aclAsUserId, 'aclAsUserId'))) : (await this._homeDbManager.getExistingUserByLogin(linkParameters.aclAsUser)); - if (!dbUser && linkParameters.aclAsUser) { + // If this is one of example users we will pretend that it doesn't exist, otherwise we would + // end up using permissions of the real user. + const isExampleUser = this.getExampleViewAsUsers().some(e => e.email === dbUser?.loginEmail); + const userExists = dbUser && !isExampleUser; + if (!userExists && linkParameters.aclAsUser) { // Look further for the user, in user attribute tables or examples. const otherUsers = (await this.collectViewAsUsersFromUserAttributeTables()) .concat(this.getExampleViewAsUsers()); @@ -1854,12 +1858,12 @@ export class GranularAccess implements GranularAccessForBundle { }; } } - const docAuth = dbUser && await this._homeDbManager.getDocAuthCached({ + const docAuth = userExists ? await this._homeDbManager.getDocAuthCached({ urlId: this._docId, userId: dbUser.id - }); + }) : null; const access = docAuth?.access || null; - const user = dbUser && this._homeDbManager.makeFullUser(dbUser) || null; + const user = userExists ? this._homeDbManager.makeFullUser(dbUser) : null; return { access, user }; } diff --git a/test/nbrowser/gristUtils.ts b/test/nbrowser/gristUtils.ts index cced2ce6..d010defa 100644 --- a/test/nbrowser/gristUtils.ts +++ b/test/nbrowser/gristUtils.ts @@ -1103,13 +1103,6 @@ export async function selectWidget( await waitForServer(); } -export async function changeWidget(type: string) { - await openWidgetPanel(); - await driver.findContent('.test-right-panel button', /Change Widget/).click(); - await selectWidget(type); - await waitForServer(); -} - /** * Toggle elem if not selected. Expects elem to be clickable and to have a class ending with * -selected when selected. @@ -1336,14 +1329,6 @@ export async function openWidgetPanel() { await driver.find('.test-right-tab-pagewidget').click(); } -/** - * Opens a Creator Panel on Widget/Table settings tab. - */ - export async function openColumnPanel() { - await toggleSidePanel('right', 'open'); - await driver.find('.test-right-tab-field').click(); -} - /** * Moves a column from a hidden to visible section. * Needs a visible Creator panel. @@ -1536,17 +1521,13 @@ export async function deleteColumn(col: IColHeader|string) { /** * Sets the type of the currently selected field to value. */ -export async function setType(type: RegExp|string, options: {skipWait?: boolean, apply?: boolean} = {}) { +export async function setType(type: RegExp|string, options: {skipWait?: boolean} = {}) { await toggleSidePanel('right', 'open'); await driver.find('.test-right-tab-field').click(); await driver.find('.test-fbuilder-type-select').click(); type = typeof type === 'string' ? exactMatch(type) : type; await driver.findContentWait('.test-select-menu .test-select-row', type, 500).click(); - if (!options.skipWait || options.apply) { await waitForServer(); } - if (options.apply) { - await driver.findWait('.test-type-transform-apply', 1000).click(); - await waitForServer(); - } + if (!options.skipWait) { await waitForServer(); } } /**