make access control for ConvertFromColumn action less brutal #1111
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
paulfitz
force-pushed
the
paulfitz/convert-column-acl
branch
from
d65275f to
2c7af80
Compare
Access control for ConvertFromColumn in the presence of access rules had been left as a TODO. This change allows the action when the user has broad rights to the table it applies to.
paulfitz
force-pushed
the
paulfitz/convert-column-acl
branch
from
8c1acac to
6e00834
Compare
georgegevoian
approved these changes
Jul 22, 2024
berhalak
reviewed
Jul 24, 2024
| // If changes could include Python formulas, then user must have | ||
| // +S before we even consider passing these to the data engine. | ||
| // Since we don't track rule or schema changes at this stage, we | ||
| // approximate with the user's access rights at beginning of | ||
| // bundle. | ||
| // We also check for +S in scenarios that are hard to break down |
There was a problem hiding this comment.
Can you point out what scenarios you have in mind here? I think mentioning the Copy/Transform action would be enough.
| {id: 'C', type: 'Int'}]], | ||
| ['AddRecord', '_grist_ACLResources', -1, {tableId: 'Table1', colIds: 'C'}], | ||
| ['AddRecord', '_grist_ACLRules', null, { | ||
| resource: -1, aclFormula: 'user.Access == OWNER', permissionsText: '-R', |
There was a problem hiding this comment.
Why do you add this rule, I don't think it is exersiced anywhere below?
There was a problem hiding this comment.
We need at least one rule. In the absence of any rules, SPECIAL_ACTIONS are already allowed for editors, so the test would succeed trivially.
Added a comment.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Access control for ConvertFromColumn in the presence of access rules had previously been left as a TODO. This change allows the action when the user has schema rights. Because schema rights let you create formulas, they let you read anything, so there is currently no value in nuance here.