gristlabs_grist-core/sandbox/grist
Paul Fitzpatrick 45d2d5f897 (core) back-end support for tables that are accessible only by owners
Summary:
This makes it possible to serve a table or tables only to owners.

 * The _grist_ACLResources table is abused (temporarily) such that rows of the form `{colId: '~o', tableId}` are interpreted as meaning that `tableId` is private to owners.
 * Many websocket and api endpoints are updated to preserve the privacy of these tables.
 * In a document where some tables are private, a lot of capabilities are turned off for non-owners to avoid leaking info indirectly.
 * The client is tweaked minimally, to show '-' where a page with some private material would otherwise go.

No attempt is made to protect data from private tables pulled into non-private tables via formulas.

There are some known leaks remaining:
 * Changes to the schema of private tables are still broadcast to all clients (fixable).
 * Non-owner may be able to access snapshots or make forks or use other corners of API (fixable).
 * Changing name of table makes it public, since tableId in ACLResource is not updated (fixable).

Security will require some work, the attack surface is large.

Test Plan: added tests

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2604
2020-09-14 18:05:27 -04:00
..
functions (core) Improve suggestions for formula autocomplete 2020-09-12 00:21:29 -04:00
imports (core) move data engine code to core 2020-07-29 08:57:25 -04:00
acl.py (core) back-end support for tables that are accessible only by owners 2020-09-14 18:05:27 -04:00
action_obj.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
actions.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
autocomplete_context.py (core) Improve suggestions for formula autocomplete 2020-09-12 00:21:29 -04:00
codebuilder.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
column.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
csv_patch.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
depend.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
docactions.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
docmodel.py (core) Fix lookups in default formulas 2020-09-10 18:06:06 -04:00
engine.py (core) Improve suggestions for formula autocomplete 2020-09-12 00:21:29 -04:00
gencode.py (core) Filter out gristHelper columns from the code listing in CodeEditor 2020-07-30 23:18:19 -04:00
gpath.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
grist.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
identifiers.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
import_actions.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
logger.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
lookup.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
main.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
match_counter.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
migrations.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
moment_parse.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
moment.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
objtypes.py (core) Improve object serialization, to help get RECORD data to Custom Widgets. 2020-08-21 18:33:28 -04:00
records.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
relabeling.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
relation.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
repl.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
runtests.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
sandbox.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
schema.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
summary.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
table_data_set.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
table.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_acl.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_actions.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_codebuilder.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_column_actions.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_completion.py (core) Improve suggestions for formula autocomplete 2020-09-12 00:21:29 -04:00
test_default_formulas.py (core) Fix lookups in default formulas 2020-09-10 18:06:06 -04:00
test_derived.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_display_cols.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_docmodel.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_engine.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_find_col.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_formula_error.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_functions.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_gencode.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_gpath.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_import_actions.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_import_transform.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_logger.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_lookups.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_match_counter.py (core) After a spate of spurious test failures, try to fix a few. 2020-09-14 16:17:12 -04:00
test_migrations.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_moment.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_record_func.py (core) Improve object serialization, to help get RECORD data to Custom Widgets. 2020-08-21 18:33:28 -04:00
test_relabeling.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_renames2.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_renames.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_side_effects.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_summary2.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_summary.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_table_actions.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_table_data_set.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_textbuilder.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_treeview.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_twowaymap.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_types.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
test_useractions.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
testsamples.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
testscript.json (core) move data engine code to core 2020-07-29 08:57:25 -04:00
testutil.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
textbuilder.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
treeview.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
twowaymap.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
tzdata.data (core) move data engine code to core 2020-07-29 08:57:25 -04:00
useractions.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
usercode.py (core) move data engine code to core 2020-07-29 08:57:25 -04:00
usertypes.py (core) Improve object serialization, to help get RECORD data to Custom Widgets. 2020-08-21 18:33:28 -04:00