mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
4ab096d179
Summary: - Support schema changes in the presence of non-trivial ACL rules. - Fix update of `aclFormulaParsed` when updating formulas automatically after schema change. - Filter private metadata in broadcasts, not just fetches. Censorship method is unchanged, just refactored. - Allow only owners to change ACL rules. - Force reloads if rules are changed. - Track rule changes within bundle, for clarity during schema changes - tableId and colId changes create a muddle otherwise. - Show or forbid pages dynamically depending on user's access to its sections. Logic unchanged, just no longer requires reload. - Fix calculation of pre-existing rows touched by a bundle, in the presence of schema changes. - Gray out acl page for non-owners. Test Plan: added tests Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2734
67 lines
2.2 KiB
TypeScript
67 lines
2.2 KiB
TypeScript
import { PartialPermissionSet } from 'app/common/ACLPermissions';
|
|
import { CellValue, RowRecord } from 'app/common/DocActions';
|
|
|
|
export interface RuleSet {
|
|
tableId: '*' | string;
|
|
colIds: '*' | string[];
|
|
// The default permissions for this resource, if set, are represented by a RulePart with
|
|
// aclFormula of "", which must be the last element of body.
|
|
body: RulePart[];
|
|
}
|
|
|
|
export interface RulePart {
|
|
origRecord?: RowRecord; // Original record used to create this RulePart.
|
|
aclFormula: string;
|
|
permissions: PartialPermissionSet;
|
|
permissionsText: string; // The text version of PermissionSet, as stored.
|
|
|
|
// Compiled version of aclFormula.
|
|
matchFunc?: AclMatchFunc;
|
|
|
|
// Optional memo, currently extracted from comment in formula.
|
|
memo?: string;
|
|
}
|
|
|
|
// Light wrapper for reading records or user attributes.
|
|
export interface InfoView {
|
|
get(key: string): CellValue;
|
|
toJSON(): {[key: string]: any};
|
|
}
|
|
|
|
// As InfoView, but also supporting writing.
|
|
export interface InfoEditor {
|
|
get(key: string): CellValue;
|
|
set(key: string, val: CellValue): this;
|
|
toJSON(): {[key: string]: any};
|
|
}
|
|
|
|
// Represents user info, which may include properties which are themselves RowRecords.
|
|
export type UserInfo = Record<string, CellValue|InfoView|Record<string, string>>;
|
|
|
|
/**
|
|
* Input into the AclMatchFunc. Compiled formulas evaluate AclMatchInput to produce a boolean.
|
|
*/
|
|
export interface AclMatchInput {
|
|
user: UserInfo;
|
|
rec?: InfoView;
|
|
newRec?: InfoView;
|
|
}
|
|
|
|
/**
|
|
* The actual boolean function that can evaluate a request. The result of compiling ParsedAclFormula.
|
|
*/
|
|
export type AclMatchFunc = (input: AclMatchInput) => boolean;
|
|
|
|
/**
|
|
* Representation of a parsed ACL formula.
|
|
*/
|
|
export type ParsedAclFormula = [string, ...Array<ParsedAclFormula|CellValue>];
|
|
|
|
export interface UserAttributeRule {
|
|
origRecord?: RowRecord; // Original record used to create this UserAttributeRule.
|
|
name: string; // Should be unique among UserAttributeRules.
|
|
tableId: string; // Table in which to look up an existing attribute.
|
|
lookupColId: string; // Column in tableId in which to do the lookup.
|
|
charId: string; // Attribute to look up, possibly a path. E.g. 'Email' or 'office.city'.
|
|
}
|