mirror of
https://github.com/gristlabs/grist-core.git
synced 2026-03-02 04:09:24 +00:00
(core) deal with write access for attachments
Summary: Attachments are a special case for granular access control. A user is now allowed to read a given attachment if they have read access to a cell containing its id. So when a user writes to a cell in an attachment column, it is important that they can only write the ids of cells to which they have access. This diff allows a user to add an attachment id in a cell if: * The user already has access to that a attachment via some existing cell, or * The user recently updated the attachment, or * The attachment change is from an undo/redo of a previous action attributed to that user Test Plan: Updated tests Reviewers: georgegevoian, dsagal Reviewed By: georgegevoian, dsagal Differential Revision: https://phab.getgrist.com/D3681
This commit is contained in:
Paul Fitzpatrick
@@ -46,6 +46,7 @@ export interface UserInfo {
|
||||
LinkKey: Record<string, string | undefined>;
|
||||
UserID: number | null;
|
||||
UserRef: string | null;
|
||||
SessionID: string | null;
|
||||
[attributes: string]: unknown;
|
||||
toJSON(): {[key: string]: any};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user