From ae0c58591867bd5bd238123f120ee974e116a2dc Mon Sep 17 00:00:00 2001 From: shamoon <4887959+shamoon@users.noreply.github.com> Date: Fri, 17 Mar 2023 20:49:47 -0700 Subject: [PATCH] Fix inherited permissions should not display per user in permissions form --- .../cypress/fixtures/documents/documents.json | 44 +++++++++++++++++-- .../fixtures/ui_settings/settings.json | 3 +- .../ui_settings/settings_restricted.json | 3 +- .../common/input/select/select.component.ts | 2 +- src-ui/src/app/data/paperless-user.ts | 2 +- .../src/app/services/permissions.service.ts | 11 +++-- src/documents/permissions.py | 1 + src/documents/serialisers.py | 2 + src/documents/views.py | 1 + 9 files changed, 58 insertions(+), 11 deletions(-) diff --git a/src-ui/cypress/fixtures/documents/documents.json b/src-ui/cypress/fixtures/documents/documents.json index be7640c8f..e3938dba1 100644 --- a/src-ui/cypress/fixtures/documents/documents.json +++ b/src-ui/cypress/fixtures/documents/documents.json @@ -21,7 +21,16 @@ "original_file_name": "2022-03-22 no latin title.pdf", "archived_file_name": "2022-03-22 no latin title.pdf", "owner": null, - "permissions": [], + "permissions": { + "view": { + "users": [], + "groups": [] + }, + "change": { + "users": [], + "groups": [] + } + }, "notes": [ { "id": 9, @@ -59,7 +68,16 @@ "original_file_name": "2022-03-23 lorem ipsum dolor sit amet.pdf", "archived_file_name": "2022-03-23 llorem ipsum dolor sit amet.pdf", "owner": null, - "permissions": [], + "permissions": { + "view": { + "users": [], + "groups": [] + }, + "change": { + "users": [], + "groups": [] + } + }, "notes": [] }, { @@ -80,7 +98,16 @@ "original_file_name": "2022-03-24 dolor.pdf", "archived_file_name": "2022-03-24 dolor.pdf", "owner": null, - "permissions": [], + "permissions": { + "view": { + "users": [], + "groups": [] + }, + "change": { + "users": [], + "groups": [] + } + }, "notes": [] }, { @@ -101,7 +128,16 @@ "original_file_name": "2022-06-01 sit amet.pdf", "archived_file_name": "2022-06-01 sit amet.pdf", "owner": null, - "permissions": [], + "permissions": { + "view": { + "users": [], + "groups": [] + }, + "change": { + "users": [], + "groups": [] + } + }, "notes": [] } ] diff --git a/src-ui/cypress/fixtures/ui_settings/settings.json b/src-ui/cypress/fixtures/ui_settings/settings.json index 3183943fe..b885eeccb 100644 --- a/src-ui/cypress/fixtures/ui_settings/settings.json +++ b/src-ui/cypress/fixtures/ui_settings/settings.json @@ -2,7 +2,8 @@ "user": { "id": 1, "username": "admin", - "is_superuser": true + "is_superuser": true, + "groups": [] }, "settings": { "language": "", diff --git a/src-ui/cypress/fixtures/ui_settings/settings_restricted.json b/src-ui/cypress/fixtures/ui_settings/settings_restricted.json index 72ebe51b1..1f7f61fdc 100644 --- a/src-ui/cypress/fixtures/ui_settings/settings_restricted.json +++ b/src-ui/cypress/fixtures/ui_settings/settings_restricted.json @@ -2,7 +2,8 @@ "user": { "id": 1, "username": "admin", - "is_superuser": false + "is_superuser": false, + "groups": [] }, "settings": { "language": "", diff --git a/src-ui/src/app/components/common/input/select/select.component.ts b/src-ui/src/app/components/common/input/select/select.component.ts index 0f65d76b6..ddf900bf6 100644 --- a/src-ui/src/app/components/common/input/select/select.component.ts +++ b/src-ui/src/app/components/common/input/select/select.component.ts @@ -77,7 +77,7 @@ export class SelectComponent extends AbstractInputComponent { } get isPrivate(): boolean { - return this.items.find((i) => i.id === this.value)?.private + return this.items?.find((i) => i.id === this.value)?.private } getSuggestions() { diff --git a/src-ui/src/app/data/paperless-user.ts b/src-ui/src/app/data/paperless-user.ts index 125a2f509..1cd64ebf9 100644 --- a/src-ui/src/app/data/paperless-user.ts +++ b/src-ui/src/app/data/paperless-user.ts @@ -9,7 +9,7 @@ export interface PaperlessUser extends ObjectWithId { is_staff?: boolean is_active?: boolean is_superuser?: boolean - groups?: PaperlessGroup[] + groups?: number[] // PaperlessGroup[] user_permissions?: string[] inherited_permissions?: string[] } diff --git a/src-ui/src/app/services/permissions.service.ts b/src-ui/src/app/services/permissions.service.ts index e1ce94977..c19a4ee94 100644 --- a/src-ui/src/app/services/permissions.service.ts +++ b/src-ui/src/app/services/permissions.service.ts @@ -58,11 +58,16 @@ export class PermissionsService { action: string, object: ObjectWithPermissions ): boolean { + let actionObject = null + if (action === PermissionAction.View) actionObject = object.permissions.view + else if (action === PermissionAction.Change) + actionObject = object.permissions.change + if (!actionObject) return false return ( this.currentUserOwnsObject(object) || - (object.permissions[action]['users'] as Array)?.includes( - this.currentUser.id - ) + actionObject.users.includes(this.currentUser.id) || + actionObject.groups.filter((g) => this.currentUser.groups.includes(g)) + .length > 0 ) } diff --git a/src/documents/permissions.py b/src/documents/permissions.py index c0e7ac345..c50cdc5b9 100644 --- a/src/documents/permissions.py +++ b/src/documents/permissions.py @@ -63,6 +63,7 @@ def set_permissions_for_object(permissions, object): users_to_remove = get_users_with_perms( object, only_with_perms_in=[permission], + with_group_users=False, ) if len(users_to_add) > 0 and len(users_to_remove) > 0: users_to_remove = users_to_remove.difference(users_to_add) diff --git a/src/documents/serialisers.py b/src/documents/serialisers.py index 4e2fafe34..e1187b446 100644 --- a/src/documents/serialisers.py +++ b/src/documents/serialisers.py @@ -161,6 +161,7 @@ class OwnedObjectSerializer(serializers.ModelSerializer, SetPermissionsMixin): "users": get_users_with_perms( obj, only_with_perms_in=[view_codename], + with_group_users=False, ).values_list("id", flat=True), "groups": get_groups_with_only_permission( obj, @@ -171,6 +172,7 @@ class OwnedObjectSerializer(serializers.ModelSerializer, SetPermissionsMixin): "users": get_users_with_perms( obj, only_with_perms_in=[change_codename], + with_group_users=False, ).values_list("id", flat=True), "groups": get_groups_with_only_permission( obj, diff --git a/src/documents/views.py b/src/documents/views.py index 6a0eae051..1b30ec770 100644 --- a/src/documents/views.py +++ b/src/documents/views.py @@ -964,6 +964,7 @@ class UiSettingsView(GenericAPIView): "id": user.id, "username": user.username, "is_superuser": user.is_superuser, + "groups": user.groups.values_list("id", flat=True), }, "settings": ui_settings, "permissions": roles,