diff --git a/src/main/scala/com/campudus/tableaux/database/model/tableaux/RowModel.scala b/src/main/scala/com/campudus/tableaux/database/model/tableaux/RowModel.scala index 178c4cd5..7ed03466 100644 --- a/src/main/scala/com/campudus/tableaux/database/model/tableaux/RowModel.scala +++ b/src/main/scala/com/campudus/tableaux/database/model/tableaux/RowModel.scala @@ -1063,7 +1063,9 @@ class RetrieveRowModel(val connection: DatabaseConnection)( def retrieveRowPermissions(tableId: TableId, rowId: RowId): Future[RowPermissions] = { for { - (_, rowPermissions, _) <- retrieveAnnotations(tableId, rowId, Seq()) + (_, rowPermissions, _) <- retrieveAnnotations(tableId, rowId, Seq()).recover({ + case _ => (RowLevelAnnotations(false), RowPermissions(Json.arr()), CellLevelAnnotations(Seq(), Json.arr())) + }) } yield { rowPermissions } diff --git a/src/main/scala/com/campudus/tableaux/router/auth/permission/Condition.scala b/src/main/scala/com/campudus/tableaux/router/auth/permission/Condition.scala index 7ddba759..0c9e3909 100644 --- a/src/main/scala/com/campudus/tableaux/router/auth/permission/Condition.scala +++ b/src/main/scala/com/campudus/tableaux/router/auth/permission/Condition.scala @@ -163,7 +163,7 @@ case class ConditionRow(jsonObject: JsonObject) extends ConditionOption(jsonObje case (Some(row: Row), _) => Option(row.rowPermissions) match { case Some(rp) if rp.value.size == 0 => true - case None => false + case None => false // TODO check if this is correct case Some(rp) => checkCondition(Some(rp)) } case (_, Some(rowPermissions: RowPermissions)) => checkCondition(Some(rowPermissions)) diff --git a/src/main/scala/com/campudus/tableaux/router/auth/permission/RoleModel.scala b/src/main/scala/com/campudus/tableaux/router/auth/permission/RoleModel.scala index 1d636434..23696cf3 100644 --- a/src/main/scala/com/campudus/tableaux/router/auth/permission/RoleModel.scala +++ b/src/main/scala/com/campudus/tableaux/router/auth/permission/RoleModel.scala @@ -51,6 +51,12 @@ case object Enrich extends LoggingMethod */ class RoleModel(jsonObject: JsonObject) extends LazyLogging { + // The default behaviour is that a user can see all rows that are not restricted by specific row + // permissions. With this to work, we need to add a default permission without conditions to the + // role model. + val defaultViewRowRoleName = "view-all-non-restricted-rows" + val defaultViewRowPermission = new Permission(defaultViewRowRoleName, Grant, Seq(ViewRow), ConditionContainer(null)) + /** * Checks if a writing request is allowed to change a resource. If not a UnauthorizedException is thrown. */ @@ -274,7 +280,7 @@ class RoleModel(jsonObject: JsonObject) extends LazyLogging { objects: ComparisonObjects = ComparisonObjects() ): Boolean = { - def grantPermissions: Seq[Permission] = filterPermissions(userRoles, Grant, action) + def grantPermissions: Seq[Permission] = filterPermissions(userRoles, Grant, action) :+ defaultViewRowPermission def denyPermissions: Seq[Permission] = filterPermissions(userRoles, Deny, action) @@ -320,12 +326,6 @@ class RoleModel(jsonObject: JsonObject) extends LazyLogging { s"for role '${permission.roleName}'. Action: '$action'" } - // The default behaviour is that a user can see all rows that are not restricted by specific row - // permissions. With this to work, we need to add a default permission without conditions to the - // role model. - val defaultViewRowRoleName = "view-all-non-restricted-rows" - val defaultViewRowPermission = new Permission(defaultViewRowRoleName, Grant, Seq(ViewRow), ConditionContainer(null)) - val role2permissions: Map[String, Seq[Permission]] = jsonObject .fieldNames() @@ -344,8 +344,7 @@ class RoleModel(jsonObject: JsonObject) extends LazyLogging { .mkString("\n") private def getPermissionsForRoles(roleNames: Seq[String]): Seq[Permission] = - (role2permissions.filter({ case (key, _) => roleNames.contains(key) } - ).values.flatten.toSeq) :+ defaultViewRowPermission + role2permissions.filter({ case (key, _) => roleNames.contains(key) }).values.flatten.toSeq def filterPermissions(roleNames: Seq[String], permissionType: PermissionType): Seq[Permission] = filterPermissions(roleNames, Some(permissionType), None)