Archives/gristlabs_grist-core
1
0
Fork 0
mirror of https://github.com/gristlabs/grist-core.git synced 2024-10-27 20:44:07 +00:00
Code Issues Projects Releases Wiki Activity
77775401fc
gristlabs_grist-core/app/client/widgets
History
Paul Fitzpatrick f91f45b26d (core) support granular read access for attachments 
Summary:
When a user requests to read the contents of an attachment, only allow the request if there exists a cell in an attachment column that contains the attachment and which they have read access to.

This does not cover:
 * Granular write access for attachments. In particular, a user who can write to any attachment column should be considered to have full read access to all attachment columns, currently.
 * Access control of attachment metadata such as name and format.

The implementation uses a sql query that requires a scan, and some notes on how this could be optimized in future. The web client was updated to specify the cell to check for access, and performance seemed fine in casual testing on a doc with 1000s of attachments. I'm not sure how performance would hold up as the set of access rules grows as well.

Test Plan: added tests

Reviewers: alexmojaki

Reviewed By: alexmojaki

Differential Revision: https://phab.getgrist.com/D3490
2022-07-07 07:22:02 -04:00
..
AbstractWidget.js (core) Adding font options to the style picker 2022-04-07 20:35:03 +02:00
AttachmentsEditor.ts (core) support granular read access for attachments 2022-07-07 07:22:02 -04:00
AttachmentsWidget.css (core) Revamp attachment editor + preview UI, and support more types, including PDFs. 2020-11-19 21:30:09 -05:00
AttachmentsWidget.ts (core) support granular read access for attachments 2022-07-07 07:22:02 -04:00
BaseEditor.js Correct spelling mistakes 2022-02-19 09:46:49 +00:00
CellStyle.ts (core) Adding font options to the style picker 2022-04-07 20:35:03 +02:00
CheckBox.css (core) Making cells colors effective also in Card and Card List views 2021-02-09 15:08:44 +01:00
CheckBox.js (core) Add new color select to the app 2021-03-02 16:41:37 +01:00
CheckBoxEditor.js (core) Readonly editors 2021-06-17 19:12:16 +02:00
ChoiceEditor.js (core) Fixing bug on a fresh Choice and ChoiceList column 2021-07-21 15:44:10 +02:00
ChoiceListCell.ts (core) Redirect less often in welcomeNewUser 2022-06-06 11:26:49 -07:00
ChoiceListEditor.ts (core) Redirect less often in welcomeNewUser 2022-06-06 11:26:49 -07:00
ChoiceListEntry.ts (core) Enabling clipboard events on Choice entry field 2022-06-09 16:12:35 +02:00
ChoiceTextBox.ts (core) Speed up and upgrade build. 2022-06-27 16:10:10 -04:00
ChoiceToken.ts (core) Redirect less often in welcomeNewUser 2022-06-06 11:26:49 -07:00
CurrencyPicker.ts (core) Simple localization support and currency selector. 2021-08-26 13:36:49 -07:00
DateEditor.js (core) Change datepicker in DateEditor to use moment format, show AltText in DateEditor 2021-12-07 11:33:49 -05:00
DateTextBox.js (core) Guess date format during type conversion 2022-02-21 22:39:47 +02:00
DateTimeEditor.css (core) move client code to core 2020-10-02 13:24:21 -04:00
DateTimeEditor.js (core) Change datepicker in DateEditor to use moment format, show AltText in DateEditor 2021-12-07 11:33:49 -05:00
DateTimeTextBox.js (core) Guess date format during type conversion 2022-02-21 22:39:47 +02:00
DiffBox.ts (core) Configure more comprehensive eslint rules for Typescript 2021-04-26 18:54:55 -04:00
EditorButtons.ts (core) Add support for editing on mobile. 2021-02-03 23:10:51 -05:00
EditorPlacement.ts (core) Speed up and upgrade build. 2022-06-27 16:10:10 -04:00
EditorTooltip.ts (core) Add a button and a tooltip to Access Rules page item, in View-As mode. 2021-03-08 16:08:21 -05:00
ErrorDom.ts (core) move client code to core 2020-10-02 13:24:21 -04:00
FieldBuilder.css (core) move client code to core 2020-10-02 13:24:21 -04:00
FieldBuilder.ts (core) Show summary tables on Raw Data page 2022-07-06 09:41:48 -07:00
FieldEditor.ts (core) support granular read access for attachments 2022-07-07 07:22:02 -04:00
FormulaEditor.ts (core) support granular read access for attachments 2022-07-07 07:22:02 -04:00
HyperLinkEditor.ts (core) move client code to core 2020-10-02 13:24:21 -04:00
HyperLinkTextBox.ts (core) Showing links in text cells 2021-10-13 23:22:03 +02:00
NewAbstractWidget.ts (core) Speed up and upgrade build. 2022-06-27 16:10:10 -04:00
NewBaseEditor.ts (core) support granular read access for attachments 2022-07-07 07:22:02 -04:00
NTextBox.ts (core) Reference and ReferenceList formatters 2022-01-13 18:09:33 +02:00
NTextEditor.ts (core) Speed up and upgrade build. 2022-06-27 16:10:10 -04:00
NumericTextBox.ts (core) Raw renames 2022-04-27 22:21:55 +02:00
Reference.css (core) move client code to core 2020-10-02 13:24:21 -04:00
Reference.ts (core) Reference and ReferenceList formatters 2022-01-13 18:09:33 +02:00
ReferenceEditor.ts (core) Value parsing for refs, parsing data entry for numbers 2021-11-01 19:31:52 +02:00
ReferenceList.ts (core) Reference and ReferenceList formatters 2022-01-13 18:09:33 +02:00
ReferenceListEditor.ts (core) Redirect less often in welcomeNewUser 2022-06-06 11:26:49 -07:00
Spinner.css (core) move client code to core 2020-10-02 13:24:21 -04:00
Spinner.ts (core) Simple localization support and currency selector. 2021-08-26 13:36:49 -07:00
Switch.css (core) Making cells colors effective also in Card and Card List views 2021-02-09 15:08:44 +01:00
Switch.js (core) Add new color select to the app 2021-03-02 16:41:37 +01:00
TextBox.css (core) Readonly editors 2021-06-17 19:12:16 +02:00
TextEditor.css (core) Set min-height for cells, including in Card view, to make them look consistent. 2021-11-19 17:23:03 -05:00
TextEditor.js (core) Readonly editors 2021-06-17 19:12:16 +02:00
TZAutocomplete.ts (core) Improving experience when editing group-by column. 2022-01-18 14:31:31 +01:00
UserType.js (core) Polish and enable Reference List widget 2021-08-12 11:51:21 -07:00
UserTypeImpl.js (core) Barely working reference lists in frontend 2021-07-23 18:41:44 +02:00