mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
(core) respect table wildcard in granular acl rules for censorship
Summary: The client relies on metadata tables for laying out pages and sections. These tables are filtered according to what tables the user has access to, in a crude way. This diff updates the logic to at least support the table wildcard. Test Plan: added tests Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2690
This commit is contained in:
parent
de35be6b0a
commit
b2fabb0ebc
@ -376,12 +376,12 @@ export class GranularAccess {
|
||||
const columnCode = (tableRef: number, colId: string) => `${tableRef} ${colId}`;
|
||||
const censoredColumnCodes: Set<string> = new Set();
|
||||
const permInfo = await this._getAccess(docSession);
|
||||
for (const tableId of this._ruleCollection.getAllTableIds()) {
|
||||
for (const rec of this._docData.getTable('_grist_Tables')!.getRecords()) {
|
||||
const tableId = rec.tableId as string;
|
||||
const tableRef = rec.id;
|
||||
const tableAccess = permInfo.getTableAccess(tableId);
|
||||
let tableRef: number|undefined = 0;
|
||||
if (tableAccess.read === 'deny') {
|
||||
tableRef = this._docData.getTable('_grist_Tables')?.findRow('tableId', tableId);
|
||||
if (tableRef) { censoredTables.add(tableRef); }
|
||||
censoredTables.add(tableRef);
|
||||
}
|
||||
// TODO If some columns are allowed and the rest (*) are denied, we need to be able to
|
||||
// censor all columns outside a set.
|
||||
@ -389,10 +389,7 @@ export class GranularAccess {
|
||||
if (Array.isArray(ruleSet.colIds)) {
|
||||
for (const colId of ruleSet.colIds) {
|
||||
if (permInfo.getColumnAccess(tableId, colId).read === 'deny') {
|
||||
if (!tableRef) {
|
||||
tableRef = this._docData.getTable('_grist_Tables')?.findRow('tableId', tableId);
|
||||
}
|
||||
if (tableRef) { censoredColumnCodes.add(columnCode(tableRef, colId)); }
|
||||
censoredColumnCodes.add(columnCode(tableRef, colId));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user