Skip to content

Commit

Permalink
fix fallback getRowPermission for not existing row
Browse files Browse the repository at this point in the history
  • Loading branch information
zingmane committed Oct 11, 2023
1 parent e46456b commit 7de11c4
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1063,7 +1063,9 @@ class RetrieveRowModel(val connection: DatabaseConnection)(

def retrieveRowPermissions(tableId: TableId, rowId: RowId): Future[RowPermissions] = {
for {
(_, rowPermissions, _) <- retrieveAnnotations(tableId, rowId, Seq())
(_, rowPermissions, _) <- retrieveAnnotations(tableId, rowId, Seq()).recover({
case _ => (RowLevelAnnotations(false), RowPermissions(Json.arr()), CellLevelAnnotations(Seq(), Json.arr()))
})
} yield {
rowPermissions
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ case class ConditionRow(jsonObject: JsonObject) extends ConditionOption(jsonObje
case (Some(row: Row), _) =>
Option(row.rowPermissions) match {
case Some(rp) if rp.value.size == 0 => true
case None => false
case None => false // TODO check if this is correct
case Some(rp) => checkCondition(Some(rp))
}
case (_, Some(rowPermissions: RowPermissions)) => checkCondition(Some(rowPermissions))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,12 @@ case object Enrich extends LoggingMethod
*/
class RoleModel(jsonObject: JsonObject) extends LazyLogging {

// The default behaviour is that a user can see all rows that are not restricted by specific row
// permissions. With this to work, we need to add a default permission without conditions to the
// role model.
val defaultViewRowRoleName = "view-all-non-restricted-rows"
val defaultViewRowPermission = new Permission(defaultViewRowRoleName, Grant, Seq(ViewRow), ConditionContainer(null))

/**
* Checks if a writing request is allowed to change a resource. If not a UnauthorizedException is thrown.
*/
Expand Down Expand Up @@ -274,7 +280,7 @@ class RoleModel(jsonObject: JsonObject) extends LazyLogging {
objects: ComparisonObjects = ComparisonObjects()
): Boolean = {

def grantPermissions: Seq[Permission] = filterPermissions(userRoles, Grant, action)
def grantPermissions: Seq[Permission] = filterPermissions(userRoles, Grant, action) :+ defaultViewRowPermission

def denyPermissions: Seq[Permission] = filterPermissions(userRoles, Deny, action)

Expand Down Expand Up @@ -320,12 +326,6 @@ class RoleModel(jsonObject: JsonObject) extends LazyLogging {
s"for role '${permission.roleName}'. Action: '$action'"
}

// The default behaviour is that a user can see all rows that are not restricted by specific row
// permissions. With this to work, we need to add a default permission without conditions to the
// role model.
val defaultViewRowRoleName = "view-all-non-restricted-rows"
val defaultViewRowPermission = new Permission(defaultViewRowRoleName, Grant, Seq(ViewRow), ConditionContainer(null))

val role2permissions: Map[String, Seq[Permission]] =
jsonObject
.fieldNames()
Expand All @@ -344,8 +344,7 @@ class RoleModel(jsonObject: JsonObject) extends LazyLogging {
.mkString("\n")

private def getPermissionsForRoles(roleNames: Seq[String]): Seq[Permission] =
(role2permissions.filter({ case (key, _) => roleNames.contains(key) }
).values.flatten.toSeq) :+ defaultViewRowPermission
role2permissions.filter({ case (key, _) => roleNames.contains(key) }).values.flatten.toSeq

def filterPermissions(roleNames: Seq[String], permissionType: PermissionType): Seq[Permission] =
filterPermissions(roleNames, Some(permissionType), None)
Expand Down

0 comments on commit 7de11c4

Please sign in to comment.