(core) apply SchemaEdit flag to metadata changes in general

Summary: A user without SchemaEdit permission was able to reorder pages, since this changes _grist_Pages, and that table was left under control of regular access rules. This diff tightens things up, to require SchemaEdit for all metadata edits. The one remaining exception is _grist_Attachments, which needs some reworking to play well with granular access. Test Plan: extended test Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D3025
3 years ago · d5a7fb23fe
parent 4fcdd2ba07
commit d5a7fb23fe
1 changed files with 6 additions and 3 deletions
--- a/app/server/lib/GranularAccess.ts
+++ b/app/server/lib/GranularAccess.ts
@ -1664,13 +1664,16 @@ export class GranularAccess implements GranularAccessForBundle {
      return dummyAccessCheck;
    }
    const tableId = getTableId(a);
-    if (STRUCTURAL_TABLES.has(tableId)) {
-      // Special case: ensure owners always have full access to ACL tables, so they
+    if (tableId.startsWith('_grist') && tableId !== '_grist_Attachments') {
+      // Actions on any metadata table currently require the schemaEdit flag.
+      // Exception: the attachments table, which needs to be reworked to be compatible
+      // with granular access.
+
+      // Another exception: ensure owners always have full access to ACL tables, so they
      // can change rules and don't get stuck.
      if (isAclTable(tableId) && await this.isOwner(docSession)) {
        return dummyAccessCheck;
      }
-      // Otherwise, access to structural tables currently follows the schemaEdit flag.
      return accessChecks[severity].schemaEdit;
    } else if (a[0] === 'UpdateRecord' || a[0] === 'BulkUpdateRecord') {
      return accessChecks[severity].update;