mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-02 05:12:00 +00:00
d0d3d3d0c9
Summary: This diff discounts indirect changes for access control purposes. A UserAction that updates a cell A, which in turn causes changes in other dependent cells, will be considered a change to cell A for access control purposes. The `engine.apply_user_actions` method now returns a `direct` array, with a boolean for each `stored` action, set to `true` if the action is attributed to the user or `false` if it is attributed to the engine. `GranularAccess` ignores actions attributed to the engine when checking for edit rights. Subtleties: * Removal of references to a removed row are considered direct changes. * Doesn't play well with undos as yet. An action that indirectly modifies a cell the user doesn't have rights to may succeed, but it will not be reversible. Test Plan: added tests, updated tests Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2806 |
||
|---|---|---|
| .. | ||
| DocApiForwarder.ts | ||
| DocWorkerMap.ts | ||
| HomeDBManager.ts | ||
| Housekeeper.ts | ||
| Permissions.ts | ||
| scrubUserFromOrg.ts | ||
| TypeORMPatches.ts | ||
| Usage.ts | ||
| values.ts | ||