(core) Trim unapplicable permissions bits for column rules, both at parse time, and in UI

Summary: - UI now trims column rules before saving. - When rules are loaded, bits that aren't applicable to a resource get ignored. This should fix the incorrect behavior in existing docs without a migration. Test Plan: - Added test of UI, that it now sends trimmed rules - Added a unitteset of new trimPermissions() function - Add test of fixed interpretation of existing rules: now only permission bits applicable to a resource get respected. I.e. create/delete/schemaEdit are ignored in column rules, and schemaEdit is also ignored in table rules. - Note that DuplicateTest was affected: updated on the assumption that schemaEdit still can't actually apply at a table level. Reviewers: georgegevoian, paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D4205
2026-03-02 04:09:24 +00:00 · 2024-03-03 22:41:48 -05:00
parent 0532ed6547
commit ca8ac806db
6 changed files with 63 additions and 16 deletions
--- a/test/common/ACLPermissions.ts
+++ b/test/common/ACLPermissions.ts
@@ -1,7 +1,7 @@
-import {emptyPermissionSet, PartialPermissionSet,
+import {emptyPermissionSet, PartialPermissionSet, PermissionKey,
        summarizePermissions, summarizePermissionSet} from 'app/common/ACLPermissions';
 import {makePartialPermissions, parsePermissions, permissionSetToText} from 'app/common/ACLPermissions';
-import {mergePartialPermissions, mergePermissions} from 'app/common/ACLPermissions';
+import {mergePartialPermissions, mergePermissions, trimPermissions} from 'app/common/ACLPermissions';
 import {assert} from 'chai';

 describe("ACLPermissions", function() {
@@ -112,6 +112,17 @@ describe("ACLPermissions", function() {
    );
  });

+  it('should support trimPermissions', function() {
+    const trim = (permissionsText: string, availableBits: PermissionKey[]) =>
+      permissionSetToText(trimPermissions(parsePermissions(permissionsText), availableBits));
+    assert.deepEqual(trim("+CRUD", ["read", "update"]), "+RU");
+    assert.deepEqual(trim("all", ["read", "update"]), "+RU");
+    assert.deepEqual(trim("-C+R-U+D-S", ["update", "read"]), "+R-U");
+    assert.deepEqual(trim("none", ["read", "update", "create", "delete", "schemaEdit"]), "none");
+    assert.deepEqual(trim("none", ["read", "update", "create", "delete"]), "-CRUD");
+    assert.deepEqual(trim("none", ["read"]), "-R");
+  });
+
  it ('should allow summarization of permission sets', function() {
    assert.deepEqual(summarizePermissionSet(parsePermissions("+U-D")), 'mixed');
    assert.deepEqual(summarizePermissionSet(parsePermissions("+U+D")), 'allow');