Paul Fitzpatrick 7907467dbc (core) treat summary tables like formulas for access control purposes ... Summary: This unsets the `direct` flag for actions emitted when summary tables are updated. That means those actions will be ignored for access control purposes. So if a user has the right to change a source table, the resulting changes to the summary won't result in the overall action bundle being forbidden. I don't think I've actually seen the use case that inspired this issue being filed. I could imagine perhaps a user forbidden from creating rows globally making permitted updates that could add rows in a summary (and it being desirable to allow that). Test Plan: added tests Reviewers: jarek Reviewed By: jarek Subscribers: dsagal, alexmojaki, jarek Differential Revision: https://phab.getgrist.com/D3022		2021-09-16 18:44:50 -04:00
..
client	(core) Disable mousedown on token delete button	2021-09-16 10:45:06 -07:00
common	(core) treat summary tables like formulas for access control purposes	2021-09-16 18:44:50 -04:00
gen-server	(core) add tests for site deletion	2021-09-14 10:03:18 -04:00
plugin	(core) Suggest correct table when converting to RefList	2021-08-20 23:04:48 +02:00
server	(core) apply SchemaEdit flag to metadata changes in general	2021-09-16 13:36:20 -04:00
tsconfig.json	(core) move home server into core	2020-07-21 20:39:10 -04:00