gristlabs_grist-core/app
Paul Fitzpatrick 42c3568835 (core) be stricter when replacing documents in the presence of granular access rules
Summary:
The /replace endpoint was built with home-level access control in mind. Updates needed:
  * Only an owner can now replace a document. Only owners are permitted to change granular access rules, and a document replacement could change granular access rules.
  * For the document being substituted in: the user must have complete access to view all material within it.

Test Plan: extended test

Reviewers: georgegevoian, dsagal

Reviewed By: georgegevoian, dsagal

Differential Revision: https://phab.getgrist.com/D3694
2022-11-09 14:14:09 -05:00
..
client (core) Support for $ syntax in ACL rules 2022-11-09 16:33:11 +01:00
common (core) Revealing hidden pages with visible children. 2022-10-31 14:02:38 +01:00
gen-server (core) Tweak autocomplete to only suggest team members 2022-10-18 08:08:05 -07:00
plugin Use relative imports only in plugin folder (#328) 2022-10-26 10:41:38 -04:00
server (core) be stricter when replacing documents in the presence of granular access rules 2022-11-09 14:14:09 -05:00
tsconfig.json (core) move home server into core 2020-07-21 20:39:10 -04:00