gristlabs_grist-core/app/client
Paul Fitzpatrick f91f45b26d (core) support granular read access for attachments
Summary:
When a user requests to read the contents of an attachment, only allow the request if there exists a cell in an attachment column that contains the attachment and which they have read access to.

This does not cover:
 * Granular write access for attachments. In particular, a user who can write to any attachment column should be considered to have full read access to all attachment columns, currently.
 * Access control of attachment metadata such as name and format.

The implementation uses a sql query that requires a scan, and some notes on how this could be optimized in future. The web client was updated to specify the cell to check for access, and performance seemed fine in casual testing on a doc with 1000s of attachments. I'm not sure how performance would hold up as the set of access rules grows as well.

Test Plan: added tests

Reviewers: alexmojaki

Reviewed By: alexmojaki

Differential Revision: https://phab.getgrist.com/D3490
2022-07-07 07:22:02 -04:00
..
aclui (core) Move Notifier to /ext 2022-05-18 08:02:32 -07:00
components (core) Show summary tables on Raw Data page 2022-07-06 09:41:48 -07:00
lib (core) Faster builds all around. 2022-07-04 10:42:40 -04:00
models (core) Show summary tables on Raw Data page 2022-07-06 09:41:48 -07:00
ui (core) Show summary tables on Raw Data page 2022-07-06 09:41:48 -07:00
ui2018 (core) Show summary tables on Raw Data page 2022-07-06 09:41:48 -07:00
widgets (core) support granular read access for attachments 2022-07-07 07:22:02 -04:00
accountMain.ts (core) Enable MFA configuration (and add SMS) 2022-01-19 13:55:54 -08:00
app.css (core) Make mobile the default mode. 2021-02-25 11:31:43 -05:00
app.js (core) Disable bfcache for all browsers 2021-11-24 09:47:00 -08:00
browserCheck.ts (core) fix browser check and favicon in grist-core 2022-01-05 18:15:05 -05:00
declarations.d.ts (core) Faster builds all around. 2022-07-04 10:42:40 -04:00
errorMain.ts (core) Enable MFA configuration (and add SMS) 2022-01-19 13:55:54 -08:00
exposeModulesForTests.js (core) Some cleanup: remove old unused modules. 2020-11-20 11:23:20 -05:00
logo.css (core) Cleanup removing some old unused files, fixing logo.css, and removing #grist-app. 2020-10-09 17:04:09 -04:00
tsconfig.json (core) Migrate to SRP and add change password dialog 2022-03-16 21:35:06 -07:00