Archives/gristlabs_grist-core
1
0
Fork 0
mirror of https://github.com/gristlabs/grist-core.git synced 2026-03-02 04:09:24 +00:00
Code Issues Projects Releases Wiki Activity

(core) Add support for special ACL rules, for viewing rules and downloading documents.

Browse Source 
Summary:
- Use special ACLResources of the form "*SPECIAL:<RuleType>" to represent
  special document-wide rules.
- Include default rules that give Read access to these resources to Owners only.
- Add UI with a checkbox to give access to everyone instead.
- Allow expanding the UI for advanced configuration.

- These rules don't actually have any behavior yet.

Test Plan: WIP

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D2764
This commit is contained in:
Dmitry S
2021-03-24 23:00:58 -04:00
parent d8df2404c2
commit e14488bcc8
3 changed files with 247 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/server/lib/GranularAccess.ts
View File

@@ -21,7 +21,8 @@ import { compileAclFormula } from 'app/server/lib/ACLFormula';
import { DocClients } from 'app/server/lib/DocClients';
import { getDocSessionAccess, getDocSessionUser, OptDocSession } from 'app/server/lib/DocSession';
import * as log from 'app/server/lib/log';
import { IPermissionInfo, PermissionInfo, PermissionSetWithContext, TablePermissionSetWithContext } from 'app/server/lib/PermissionInfo';
import { IPermissionInfo, PermissionInfo, PermissionSetWithContext } from 'app/server/lib/PermissionInfo';
import { TablePermissionSetWithContext } from 'app/server/lib/PermissionInfo';
import { integerParam } from 'app/server/lib/requestUtils';
import { getRelatedRows, getRowIdsFromDocAction } from 'app/server/lib/RowAccess';
import cloneDeep = require('lodash/cloneDeep');
@@ -135,7 +136,7 @@ export class GranularAccess implements GranularAccessForBundle {
// affected rows for the relevant table before and after each DocAction. It
// may contain some unaffected rows as well. Other metadata is included if
// needed.
private _steps: Promise<Array<ActionStep>>|null = null;
private _steps: Promise<ActionStep[]>|null = null;
// Access control is done sequentially, bundle by bundle. This is the current bundle.
private _activeBundle: {
docSession: OptDocSession,
@@ -173,7 +174,7 @@ export class GranularAccess implements GranularAccessForBundle {
* Update granular access from DocData.
*/
public async update() {
this._ruler.update(this._docData);
await this._ruler.update(this._docData);
// Also clear the per-docSession cache of user attributes.
this._userAttributesMap = new WeakMap();