gristlabs_grist-core/app/server
Paul Fitzpatrick d0d3d3d0c9 (core) discount indirect changes for access control purposes
Summary:
This diff discounts indirect changes for access control purposes.  A UserAction that updates a cell A, which in turn causes changes in other dependent cells, will be considered a change to cell A for access control purposes.

The `engine.apply_user_actions` method now returns a `direct` array, with a boolean for each `stored` action, set to `true` if the action is attributed to the user or `false` if it is attributed to the engine.  `GranularAccess` ignores actions attributed to the engine when checking for edit rights.

Subtleties:
 * Removal of references to a removed row are considered direct changes.
 * Doesn't play well with undos as yet.  An action that indirectly modifies a cell the user doesn't have rights to may succeed, but it will not be reversible.

Test Plan: added tests, updated tests

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2806
2021-05-12 11:26:21 -04:00
..
lib (core) discount indirect changes for access control purposes 2021-05-12 11:26:21 -04:00
declarations.d.ts (core) remove metrics 2020-09-29 18:57:56 -04:00
devServerMain.ts (core) remove metrics 2020-09-29 18:57:56 -04:00
mergedServerMain.ts (core) add housekeeping endpoints for cleaning doc snapshots+state 2021-01-05 10:31:14 -05:00
serverMethods.js (core) make ValueFormatter.format honor its return type 2020-11-12 15:19:38 -05:00
tsconfig.json (core) move home server into core 2020-07-21 20:39:10 -04:00