mirror of
https://github.com/paperless-ngx/paperless-ngx.git
synced 2025-04-19 10:19:27 -05:00
Merge pull request #2818 from paperless-ngx/fix-2809
Fix: permissions display should not show users with inherited permissions & unable to change owner
This commit is contained in:
shamoon
GitHub
commit
62e756a11e
@ -21,7 +21,16 @@
|
|||||||
"original_file_name": "2022-03-22 no latin title.pdf",
|
"original_file_name": "2022-03-22 no latin title.pdf",
|
||||||
"archived_file_name": "2022-03-22 no latin title.pdf",
|
"archived_file_name": "2022-03-22 no latin title.pdf",
|
||||||
"owner": null,
|
"owner": null,
|
||||||
"permissions": [],
|
"permissions": {
|
||||||
|
"view": {
|
||||||
|
"users": [],
|
||||||
|
"groups": []
|
||||||
|
},
|
||||||
|
"change": {
|
||||||
|
"users": [],
|
||||||
|
"groups": []
|
||||||
|
}
|
||||||
|
},
|
||||||
"notes": [
|
"notes": [
|
||||||
{
|
{
|
||||||
"id": 9,
|
"id": 9,
|
||||||
@ -59,7 +68,16 @@
|
|||||||
"original_file_name": "2022-03-23 lorem ipsum dolor sit amet.pdf",
|
"original_file_name": "2022-03-23 lorem ipsum dolor sit amet.pdf",
|
||||||
"archived_file_name": "2022-03-23 llorem ipsum dolor sit amet.pdf",
|
"archived_file_name": "2022-03-23 llorem ipsum dolor sit amet.pdf",
|
||||||
"owner": null,
|
"owner": null,
|
||||||
"permissions": [],
|
"permissions": {
|
||||||
|
"view": {
|
||||||
|
"users": [],
|
||||||
|
"groups": []
|
||||||
|
},
|
||||||
|
"change": {
|
||||||
|
"users": [],
|
||||||
|
"groups": []
|
||||||
|
}
|
||||||
|
},
|
||||||
"notes": []
|
"notes": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -80,7 +98,16 @@
|
|||||||
"original_file_name": "2022-03-24 dolor.pdf",
|
"original_file_name": "2022-03-24 dolor.pdf",
|
||||||
"archived_file_name": "2022-03-24 dolor.pdf",
|
"archived_file_name": "2022-03-24 dolor.pdf",
|
||||||
"owner": null,
|
"owner": null,
|
||||||
"permissions": [],
|
"permissions": {
|
||||||
|
"view": {
|
||||||
|
"users": [],
|
||||||
|
"groups": []
|
||||||
|
},
|
||||||
|
"change": {
|
||||||
|
"users": [],
|
||||||
|
"groups": []
|
||||||
|
}
|
||||||
|
},
|
||||||
"notes": []
|
"notes": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -101,7 +128,16 @@
|
|||||||
"original_file_name": "2022-06-01 sit amet.pdf",
|
"original_file_name": "2022-06-01 sit amet.pdf",
|
||||||
"archived_file_name": "2022-06-01 sit amet.pdf",
|
"archived_file_name": "2022-06-01 sit amet.pdf",
|
||||||
"owner": null,
|
"owner": null,
|
||||||
"permissions": [],
|
"permissions": {
|
||||||
|
"view": {
|
||||||
|
"users": [],
|
||||||
|
"groups": []
|
||||||
|
},
|
||||||
|
"change": {
|
||||||
|
"users": [],
|
||||||
|
"groups": []
|
||||||
|
}
|
||||||
|
},
|
||||||
"notes": []
|
"notes": []
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
@ -2,7 +2,8 @@
|
|||||||
"user": {
|
"user": {
|
||||||
"id": 1,
|
"id": 1,
|
||||||
"username": "admin",
|
"username": "admin",
|
||||||
"is_superuser": true
|
"is_superuser": true,
|
||||||
|
"groups": []
|
||||||
},
|
},
|
||||||
"settings": {
|
"settings": {
|
||||||
"language": "",
|
"language": "",
|
||||||
|
|||||||
@ -2,7 +2,8 @@
|
|||||||
"user": {
|
"user": {
|
||||||
"id": 1,
|
"id": 1,
|
||||||
"username": "admin",
|
"username": "admin",
|
||||||
"is_superuser": false
|
"is_superuser": false,
|
||||||
|
"groups": []
|
||||||
},
|
},
|
||||||
"settings": {
|
"settings": {
|
||||||
"language": "",
|
"language": "",
|
||||||
|
|||||||
@ -28,11 +28,6 @@ export class PermissionsUserComponent extends AbstractInputComponent<
|
|||||||
userService
|
userService
|
||||||
.listAll()
|
.listAll()
|
||||||
.pipe(first())
|
.pipe(first())
|
||||||
.subscribe(
|
.subscribe((result) => (this.users = result.results))
|
||||||
(result) =>
|
|
||||||
(this.users = result.results.filter(
|
|
||||||
(u) => u.id !== settings.currentUser.id
|
|
||||||
))
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -446,6 +446,10 @@ export class DocumentDetailComponent
|
|||||||
.subscribe({
|
.subscribe({
|
||||||
next: (doc) => {
|
next: (doc) => {
|
||||||
Object.assign(this.document, doc)
|
Object.assign(this.document, doc)
|
||||||
|
doc['permissions_form'] = {
|
||||||
|
owner: doc.owner,
|
||||||
|
set_permissions: doc.permissions,
|
||||||
|
}
|
||||||
this.title = doc.title
|
this.title = doc.title
|
||||||
this.documentForm.patchValue(doc)
|
this.documentForm.patchValue(doc)
|
||||||
this.openDocumentService.setDirty(doc, false)
|
this.openDocumentService.setDirty(doc, false)
|
||||||
@ -470,12 +474,17 @@ export class DocumentDetailComponent
|
|||||||
},
|
},
|
||||||
error: (error) => {
|
error: (error) => {
|
||||||
this.networkActive = false
|
this.networkActive = false
|
||||||
|
if (!this.userCanEdit) {
|
||||||
|
this.toastService.showInfo($localize`Document saved successfully.`)
|
||||||
|
this.close()
|
||||||
|
} else {
|
||||||
this.error = error.error
|
this.error = error.error
|
||||||
this.toastService.showError(
|
this.toastService.showError(
|
||||||
$localize`Error saving document` +
|
$localize`Error saving document` +
|
||||||
': ' +
|
': ' +
|
||||||
(error.message ?? error.toString())
|
(error.message ?? error.toString())
|
||||||
)
|
)
|
||||||
|
}
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
@ -676,8 +685,8 @@ export class DocumentDetailComponent
|
|||||||
get userIsOwner(): boolean {
|
get userIsOwner(): boolean {
|
||||||
let doc: PaperlessDocument = Object.assign({}, this.document)
|
let doc: PaperlessDocument = Object.assign({}, this.document)
|
||||||
// dont disable while editing
|
// dont disable while editing
|
||||||
if (this.document && this.store?.value.owner) {
|
if (this.document && this.store?.value.permissions_form?.owner) {
|
||||||
doc.owner = this.store?.value.owner
|
doc.owner = this.store?.value.permissions_form?.owner
|
||||||
}
|
}
|
||||||
return !this.document || this.permissionsService.currentUserOwnsObject(doc)
|
return !this.document || this.permissionsService.currentUserOwnsObject(doc)
|
||||||
}
|
}
|
||||||
@ -685,8 +694,8 @@ export class DocumentDetailComponent
|
|||||||
get userCanEdit(): boolean {
|
get userCanEdit(): boolean {
|
||||||
let doc: PaperlessDocument = Object.assign({}, this.document)
|
let doc: PaperlessDocument = Object.assign({}, this.document)
|
||||||
// dont disable while editing
|
// dont disable while editing
|
||||||
if (this.document && this.store?.value.owner) {
|
if (this.document && this.store?.value.permissions_form?.owner) {
|
||||||
doc.owner = this.store?.value.owner
|
doc.owner = this.store?.value.permissions_form?.owner
|
||||||
}
|
}
|
||||||
return (
|
return (
|
||||||
!this.document ||
|
!this.document ||
|
||||||
|
|||||||
@ -9,7 +9,7 @@ export interface PaperlessUser extends ObjectWithId {
|
|||||||
is_staff?: boolean
|
is_staff?: boolean
|
||||||
is_active?: boolean
|
is_active?: boolean
|
||||||
is_superuser?: boolean
|
is_superuser?: boolean
|
||||||
groups?: PaperlessGroup[]
|
groups?: number[] // PaperlessGroup[]
|
||||||
user_permissions?: string[]
|
user_permissions?: string[]
|
||||||
inherited_permissions?: string[]
|
inherited_permissions?: string[]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -58,11 +58,16 @@ export class PermissionsService {
|
|||||||
action: string,
|
action: string,
|
||||||
object: ObjectWithPermissions
|
object: ObjectWithPermissions
|
||||||
): boolean {
|
): boolean {
|
||||||
|
let actionObject = null
|
||||||
|
if (action === PermissionAction.View) actionObject = object.permissions.view
|
||||||
|
else if (action === PermissionAction.Change)
|
||||||
|
actionObject = object.permissions.change
|
||||||
|
if (!actionObject) return false
|
||||||
return (
|
return (
|
||||||
this.currentUserOwnsObject(object) ||
|
this.currentUserOwnsObject(object) ||
|
||||||
(object.permissions[action]['users'] as Array<number>)?.includes(
|
actionObject.users.includes(this.currentUser.id) ||
|
||||||
this.currentUser.id
|
actionObject.groups.filter((g) => this.currentUser.groups.includes(g))
|
||||||
)
|
.length > 0
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -63,6 +63,7 @@ def set_permissions_for_object(permissions, object):
|
|||||||
users_to_remove = get_users_with_perms(
|
users_to_remove = get_users_with_perms(
|
||||||
object,
|
object,
|
||||||
only_with_perms_in=[permission],
|
only_with_perms_in=[permission],
|
||||||
|
with_group_users=False,
|
||||||
)
|
)
|
||||||
if len(users_to_add) > 0 and len(users_to_remove) > 0:
|
if len(users_to_add) > 0 and len(users_to_remove) > 0:
|
||||||
users_to_remove = users_to_remove.difference(users_to_add)
|
users_to_remove = users_to_remove.difference(users_to_add)
|
||||||
|
|||||||
@ -162,6 +162,7 @@ class OwnedObjectSerializer(serializers.ModelSerializer, SetPermissionsMixin):
|
|||||||
"users": get_users_with_perms(
|
"users": get_users_with_perms(
|
||||||
obj,
|
obj,
|
||||||
only_with_perms_in=[view_codename],
|
only_with_perms_in=[view_codename],
|
||||||
|
with_group_users=False,
|
||||||
).values_list("id", flat=True),
|
).values_list("id", flat=True),
|
||||||
"groups": get_groups_with_only_permission(
|
"groups": get_groups_with_only_permission(
|
||||||
obj,
|
obj,
|
||||||
@ -172,6 +173,7 @@ class OwnedObjectSerializer(serializers.ModelSerializer, SetPermissionsMixin):
|
|||||||
"users": get_users_with_perms(
|
"users": get_users_with_perms(
|
||||||
obj,
|
obj,
|
||||||
only_with_perms_in=[change_codename],
|
only_with_perms_in=[change_codename],
|
||||||
|
with_group_users=False,
|
||||||
).values_list("id", flat=True),
|
).values_list("id", flat=True),
|
||||||
"groups": get_groups_with_only_permission(
|
"groups": get_groups_with_only_permission(
|
||||||
obj,
|
obj,
|
||||||
|
|||||||
@ -964,6 +964,7 @@ class UiSettingsView(GenericAPIView):
|
|||||||
"id": user.id,
|
"id": user.id,
|
||||||
"username": user.username,
|
"username": user.username,
|
||||||
"is_superuser": user.is_superuser,
|
"is_superuser": user.is_superuser,
|
||||||
|
"groups": user.groups.values_list("id", flat=True),
|
||||||
},
|
},
|
||||||
"settings": ui_settings,
|
"settings": ui_settings,
|
||||||
"permissions": roles,
|
"permissions": roles,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user