Dont perform permissions queries by default

2025-07-28 18:24:38 -05:00 · 2023-04-26 03:03:33 -07:00
parent 15fb3e5328
commit 88a5a2049b
10 changed files with 117 additions and 19 deletions
--- a/src-ui/cypress/e2e/documents/document-detail.cy.ts
+++ b/src-ui/cypress/e2e/documents/document-detail.cy.ts
@@ -5,11 +5,15 @@ describe('document-detail', () => {
    this.modifiedDocuments = []

    cy.fixture('documents/documents.json').then((documentsJson) => {
-      cy.intercept('GET', 'http://localhost:8000/api/documents/1/', (req) => {
-        let response = { ...documentsJson }
-        response = response.results.find((d) => d.id == 1)
-        req.reply(response)
-      })
+      cy.intercept(
+        'GET',
+        'http://localhost:8000/api/documents/1/?full_perms=true',
+        (req) => {
+          let response = { ...documentsJson }
+          response = response.results.find((d) => d.id == 1)
+          req.reply(response)
+        }
+      )
    })

    cy.intercept('PUT', 'http://localhost:8000/api/documents/1/', (req) => {
--- a/src-ui/cypress/fixtures/documents/documents.json
+++ b/src-ui/cypress/fixtures/documents/documents.json
@@ -21,6 +21,7 @@
            "original_file_name": "2022-03-22 no latin title.pdf",
            "archived_file_name": "2022-03-22 no latin title.pdf",
            "owner": null,
+            "user_can_change": true,
            "permissions": {
                "view": {
                    "users": [],
@@ -68,6 +69,7 @@
            "original_file_name": "2022-03-23 lorem ipsum dolor sit amet.pdf",
            "archived_file_name": "2022-03-23 llorem ipsum dolor sit amet.pdf",
            "owner": null,
+            "user_can_change": true,
            "permissions": {
                "view": {
                    "users": [],
@@ -98,6 +100,7 @@
            "original_file_name": "2022-03-24 dolor.pdf",
            "archived_file_name": "2022-03-24 dolor.pdf",
            "owner": null,
+            "user_can_change": true,
            "permissions": {
                "view": {
                    "users": [],
@@ -128,6 +131,7 @@
            "original_file_name": "2022-06-01 sit amet.pdf",
            "archived_file_name": "2022-06-01 sit amet.pdf",
            "owner": null,
+            "user_can_change": true,
            "permissions": {
                "view": {
                    "users": [],
--- a/src-ui/src/app/components/manage/management-list/management-list.component.ts
+++ b/src-ui/src/app/components/manage/management-list/management-list.component.ts
@@ -122,7 +122,8 @@ export abstract class ManagementListComponent<T extends ObjectWithId>
        null,
        this.sortField,
        this.sortReverse,
-        this._nameFilter
+        this._nameFilter,
+        true
      )
      .subscribe((c) => {
        this.data = c.results
--- a/src-ui/src/app/data/object-with-permissions.ts
+++ b/src-ui/src/app/data/object-with-permissions.ts
@@ -16,4 +16,6 @@ export interface ObjectWithPermissions extends ObjectWithId {
  owner?: number

  permissions?: PermissionsObject
+
+  user_can_change?: boolean
 }
--- a/src-ui/src/app/services/permissions.service.ts
+++ b/src-ui/src/app/services/permissions.service.ts
@@ -58,17 +58,24 @@ export class PermissionsService {
    action: string,
    object: ObjectWithPermissions
  ): boolean {
-    let actionObject = null
-    if (action === PermissionAction.View) actionObject = object.permissions.view
-    else if (action === PermissionAction.Change)
-      actionObject = object.permissions.change
-    if (!actionObject) return false
-    return (
-      this.currentUserOwnsObject(object) ||
-      actionObject.users.includes(this.currentUser.id) ||
-      actionObject.groups.filter((g) => this.currentUser.groups.includes(g))
-        .length > 0
-    )
+    if (action === PermissionAction.View) {
+      return (
+        this.currentUserOwnsObject(object) ||
+        object.permissions?.view.users.includes(this.currentUser.id) ||
+        object.permissions?.view.groups.filter((g) =>
+          this.currentUser.groups.includes(g)
+        ).length > 0
+      )
+    } else if (action === PermissionAction.Change) {
+      return (
+        this.currentUserOwnsObject(object) ||
+        object.user_can_change ||
+        object.permissions?.change.users.includes(this.currentUser.id) ||
+        object.permissions?.change.groups.filter((g) =>
+          this.currentUser.groups.includes(g)
+        ).length > 0
+      )
+    }
  }

  public getPermissionCode(
--- a/src-ui/src/app/services/rest/abstract-name-filter-service.ts
+++ b/src-ui/src/app/services/rest/abstract-name-filter-service.ts
@@ -9,11 +9,15 @@ export abstract class AbstractNameFilterService<
    pageSize?: number,
    sortField?: string,
    sortReverse?: boolean,
-    nameFilter?: string
+    nameFilter?: string,
+    fullPerms?: boolean
  ) {
    let params = {}
    if (nameFilter) {
-      params = { name__icontains: nameFilter }
+      params['name__icontains'] = nameFilter
+    }
+    if (fullPerms) {
+      params['full_perms'] = true
    }
    return this.list(page, pageSize, sortField, sortReverse, params)
  }
--- a/src-ui/src/app/services/rest/document.service.ts
+++ b/src-ui/src/app/services/rest/document.service.ts
@@ -113,6 +113,14 @@ export class DocumentService extends AbstractPaperlessService<PaperlessDocument>
    }).pipe(map((response) => response.results.map((doc) => doc.id)))
  }

+  get(id: number): Observable<PaperlessDocument> {
+    return this.http.get<PaperlessDocument>(this.getResourceUrl(id), {
+      params: {
+        full_perms: true,
+      },
+    })
+  }
+
  getPreviewUrl(id: number, original: boolean = false): string {
    let url = this.getResourceUrl(id, 'preview')
    if (this._searchQuery) url += `#search="${this._searchQuery}"`