mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
(core) confirm owner's right to download snapshots
Summary: All users are treated as viewers for snapshot documents, since they cannot reasonably be edited. This is a bit dubious and confusing now that granular access rules exist. More urgently, owners of the trunk document may be locked out of downloading a snapshot, and so also locked out of replacing the trunk with a snapshot. This diff explicitly gives an owner of a trunk document the right to download its snapshots. Test Plan: updated a snapshots test to something that fails without this diff Reviewers: dsagal, georgegevoian Reviewed By: dsagal, georgegevoian Subscribers: jarek, dsagal Differential Revision: https://phab.getgrist.com/D3721
This commit is contained in:
parent
92d4fca855
commit
bd762628e4
@ -3,6 +3,7 @@ import {ApiError} from 'app/common/ApiError';
|
|||||||
import {BrowserSettings} from "app/common/BrowserSettings";
|
import {BrowserSettings} from "app/common/BrowserSettings";
|
||||||
import {BulkColValues, ColValues, fromTableDataAction, TableColValues, TableRecordValue} from 'app/common/DocActions';
|
import {BulkColValues, ColValues, fromTableDataAction, TableColValues, TableRecordValue} from 'app/common/DocActions';
|
||||||
import {isRaisedException} from "app/common/gristTypes";
|
import {isRaisedException} from "app/common/gristTypes";
|
||||||
|
import {parseUrlId} from "app/common/gristUrls";
|
||||||
import {isAffirmative} from "app/common/gutil";
|
import {isAffirmative} from "app/common/gutil";
|
||||||
import {SortFunc} from 'app/common/SortFunc';
|
import {SortFunc} from 'app/common/SortFunc';
|
||||||
import {Sort} from 'app/common/SortSpec';
|
import {Sort} from 'app/common/SortSpec';
|
||||||
@ -400,7 +401,7 @@ export class DocWorkerApi {
|
|||||||
// We want to be have a way download broken docs that ActiveDoc may not be able
|
// We want to be have a way download broken docs that ActiveDoc may not be able
|
||||||
// to load. So, if the user owns the document, we unconditionally let them
|
// to load. So, if the user owns the document, we unconditionally let them
|
||||||
// download.
|
// download.
|
||||||
if (await this._isOwner(req)) {
|
if (await this._isOwner(req, {acceptTrunkForSnapshot: true})) {
|
||||||
if (dryRun) { dryRunSuccess(); return; }
|
if (dryRun) { dryRunSuccess(); return; }
|
||||||
try {
|
try {
|
||||||
// We carefully avoid creating an ActiveDoc for the document being downloaded,
|
// We carefully avoid creating an ActiveDoc for the document being downloaded,
|
||||||
@ -1073,11 +1074,20 @@ export class DocWorkerApi {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if user is an owner of the document.
|
* Check if user is an owner of the document.
|
||||||
|
* If acceptTrunkForSnapshot is set, being an owner of the trunk of the document (if it is a snapshot)
|
||||||
|
* is sufficient. Uses cachedDoc, which could be stale if access has changed recently.
|
||||||
*/
|
*/
|
||||||
private async _isOwner(req: Request) {
|
private async _isOwner(req: Request, options?: { acceptTrunkForSnapshot?: boolean }) {
|
||||||
const scope = getDocScope(req);
|
const scope = getDocScope(req);
|
||||||
const docAuth = await getOrSetDocAuth(req as RequestWithLogin, this._dbManager, this._grist, scope.urlId);
|
const docAuth = await getOrSetDocAuth(req as RequestWithLogin, this._dbManager, this._grist, scope.urlId);
|
||||||
return docAuth.access === 'owners';
|
if (docAuth.access === 'owners') {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
if (options?.acceptTrunkForSnapshot && docAuth.cachedDoc?.trunkAccess === 'owners') {
|
||||||
|
const parts = parseUrlId(scope.urlId);
|
||||||
|
if (parts.snapshotId) { return true; }
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Helper to generate a 503 if the ActiveDoc has been muted.
|
// Helper to generate a 503 if the ActiveDoc has been muted.
|
||||||
|
Loading…
Reference in New Issue
Block a user