Fix inherited permissions should not display per user in permissions form

src-ui/cypress/fixtures/documents/documents.json

@@ -21,7 +21,16 @@
             "original_file_name": "2022-03-22 no latin title.pdf",
             "archived_file_name": "2022-03-22 no latin title.pdf",
             "owner": null,
-            "permissions": [],
+            "permissions": {
+                "view": {
+                    "users": [],
+                    "groups": []
+                },
+                "change": {
+                    "users": [],
+                    "groups": []
+                }
+            },
             "notes": [
                 {
                     "id": 9,
@@ -59,7 +68,16 @@
             "original_file_name": "2022-03-23 lorem ipsum dolor sit amet.pdf",
             "archived_file_name": "2022-03-23 llorem ipsum dolor sit amet.pdf",
             "owner": null,
-            "permissions": [],
+            "permissions": {
+                "view": {
+                    "users": [],
+                    "groups": []
+                },
+                "change": {
+                    "users": [],
+                    "groups": []
+                }
+            },
             "notes": []
         },
         {
@@ -80,7 +98,16 @@
             "original_file_name": "2022-03-24 dolor.pdf",
             "archived_file_name": "2022-03-24 dolor.pdf",
             "owner": null,
-            "permissions": [],
+            "permissions": {
+                "view": {
+                    "users": [],
+                    "groups": []
+                },
+                "change": {
+                    "users": [],
+                    "groups": []
+                }
+            },
             "notes": []
         },
         {
@@ -101,7 +128,16 @@
             "original_file_name": "2022-06-01 sit amet.pdf",
             "archived_file_name": "2022-06-01 sit amet.pdf",
             "owner": null,
-            "permissions": [],
+            "permissions": {
+                "view": {
+                    "users": [],
+                    "groups": []
+                },
+                "change": {
+                    "users": [],
+                    "groups": []
+                }
+            },
             "notes": []
         }
     ]

src-ui/cypress/fixtures/ui_settings/settings.json

@@ -2,7 +2,8 @@
     "user": {
         "id": 1,
         "username": "admin",
-        "is_superuser": true
+        "is_superuser": true,
+        "groups": []
     },
     "settings": {
         "language": "",

src-ui/cypress/fixtures/ui_settings/settings_restricted.json

@@ -2,7 +2,8 @@
     "user": {
         "id": 1,
         "username": "admin",
-        "is_superuser": false
+        "is_superuser": false,
+        "groups": []
     },
     "settings": {
         "language": "",

src-ui/src/app/components/common/input/select/select.component.ts

@@ -77,7 +77,7 @@ export class SelectComponent extends AbstractInputComponent<number> {
   }
 
   get isPrivate(): boolean {
-    return this.items.find((i) => i.id === this.value)?.private
+    return this.items?.find((i) => i.id === this.value)?.private
   }
 
   getSuggestions() {

src-ui/src/app/data/paperless-user.ts

@@ -9,7 +9,7 @@ export interface PaperlessUser extends ObjectWithId {
   is_staff?: boolean
   is_active?: boolean
   is_superuser?: boolean
-  groups?: PaperlessGroup[]
+  groups?: number[] // PaperlessGroup[]
   user_permissions?: string[]
   inherited_permissions?: string[]
 }

src-ui/src/app/services/permissions.service.ts

@@ -58,11 +58,16 @@ export class PermissionsService {
     action: string,
     object: ObjectWithPermissions
   ): boolean {
+    let actionObject = null
+    if (action === PermissionAction.View) actionObject = object.permissions.view
+    else if (action === PermissionAction.Change)
+      actionObject = object.permissions.change
+    if (!actionObject) return false
     return (
       this.currentUserOwnsObject(object) ||
-      (object.permissions[action]['users'] as Array<number>)?.includes(
-        this.currentUser.id
-      )
+      actionObject.users.includes(this.currentUser.id) ||
+      actionObject.groups.filter((g) => this.currentUser.groups.includes(g))
+        .length > 0
     )
   }
 

src/documents/permissions.py

@@ -63,6 +63,7 @@ def set_permissions_for_object(permissions, object):
         users_to_remove = get_users_with_perms(
             object,
             only_with_perms_in=[permission],
+            with_group_users=False,
         )
         if len(users_to_add) > 0 and len(users_to_remove) > 0:
             users_to_remove = users_to_remove.difference(users_to_add)

src/documents/serialisers.py

@@ -161,6 +161,7 @@ class OwnedObjectSerializer(serializers.ModelSerializer, SetPermissionsMixin):
                 "users": get_users_with_perms(
                     obj,
                     only_with_perms_in=[view_codename],
+                    with_group_users=False,
                 ).values_list("id", flat=True),
                 "groups": get_groups_with_only_permission(
                     obj,
@@ -171,6 +172,7 @@ class OwnedObjectSerializer(serializers.ModelSerializer, SetPermissionsMixin):
                 "users": get_users_with_perms(
                     obj,
                     only_with_perms_in=[change_codename],
+                    with_group_users=False,
                 ).values_list("id", flat=True),
                 "groups": get_groups_with_only_permission(
                     obj,

src/documents/views.py

@@ -964,6 +964,7 @@ class UiSettingsView(GenericAPIView):
                     "id": user.id,
                     "username": user.username,
                     "is_superuser": user.is_superuser,
+                    "groups": user.groups.values_list("id", flat=True),
                 },
                 "settings": ui_settings,
                 "permissions": roles,