Merge pull request #2818 from paperless-ngx/fix-2809

Fix: permissions display should not show users with inherited permissions & unable to change owner

src-ui/src/app/components/common/input/permissions/permissions-user/permissions-user.component.ts

@@ -28,11 +28,6 @@ export class PermissionsUserComponent extends AbstractInputComponent<
     userService
       .listAll()
       .pipe(first())
-      .subscribe(
-        (result) =>
-          (this.users = result.results.filter(
-            (u) => u.id !== settings.currentUser.id
-          ))
-      )
+      .subscribe((result) => (this.users = result.results))
   }
 }

src-ui/src/app/components/document-detail/document-detail.component.ts

@@ -446,6 +446,10 @@ export class DocumentDetailComponent
       .subscribe({
         next: (doc) => {
           Object.assign(this.document, doc)
+          doc['permissions_form'] = {
+            owner: doc.owner,
+            set_permissions: doc.permissions,
+          }
           this.title = doc.title
           this.documentForm.patchValue(doc)
           this.openDocumentService.setDirty(doc, false)
@@ -470,12 +474,17 @@ export class DocumentDetailComponent
         },
         error: (error) => {
           this.networkActive = false
-          this.error = error.error
-          this.toastService.showError(
-            $localize`Error saving document` +
-              ': ' +
-              (error.message ?? error.toString())
-          )
+          if (!this.userCanEdit) {
+            this.toastService.showInfo($localize`Document saved successfully.`)
+            this.close()
+          } else {
+            this.error = error.error
+            this.toastService.showError(
+              $localize`Error saving document` +
+                ': ' +
+                (error.message ?? error.toString())
+            )
+          }
         },
       })
   }
@@ -676,8 +685,8 @@ export class DocumentDetailComponent
   get userIsOwner(): boolean {
     let doc: PaperlessDocument = Object.assign({}, this.document)
     // dont disable while editing
-    if (this.document && this.store?.value.owner) {
-      doc.owner = this.store?.value.owner
+    if (this.document && this.store?.value.permissions_form?.owner) {
+      doc.owner = this.store?.value.permissions_form?.owner
     }
     return !this.document || this.permissionsService.currentUserOwnsObject(doc)
   }
@@ -685,8 +694,8 @@ export class DocumentDetailComponent
   get userCanEdit(): boolean {
     let doc: PaperlessDocument = Object.assign({}, this.document)
     // dont disable while editing
-    if (this.document && this.store?.value.owner) {
-      doc.owner = this.store?.value.owner
+    if (this.document && this.store?.value.permissions_form?.owner) {
+      doc.owner = this.store?.value.permissions_form?.owner
     }
     return (
       !this.document ||

src-ui/src/app/data/paperless-user.ts

@@ -9,7 +9,7 @@ export interface PaperlessUser extends ObjectWithId {
   is_staff?: boolean
   is_active?: boolean
   is_superuser?: boolean
-  groups?: PaperlessGroup[]
+  groups?: number[] // PaperlessGroup[]
   user_permissions?: string[]
   inherited_permissions?: string[]
 }

src-ui/src/app/services/permissions.service.ts

@@ -58,11 +58,16 @@ export class PermissionsService {
     action: string,
     object: ObjectWithPermissions
   ): boolean {
+    let actionObject = null
+    if (action === PermissionAction.View) actionObject = object.permissions.view
+    else if (action === PermissionAction.Change)
+      actionObject = object.permissions.change
+    if (!actionObject) return false
     return (
       this.currentUserOwnsObject(object) ||
-      (object.permissions[action]['users'] as Array<number>)?.includes(
-        this.currentUser.id
-      )
+      actionObject.users.includes(this.currentUser.id) ||
+      actionObject.groups.filter((g) => this.currentUser.groups.includes(g))
+        .length > 0
     )
   }