From 0a5887c1624c5eb03a454dddda685e77846aff3c Mon Sep 17 00:00:00 2001 From: Samuel Paccoud - DINUM Date: Fri, 11 Apr 2025 19:09:48 +0200 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F(backend)=20remove=20differen?= =?UTF-8?q?t=20reach=20for=20authenticated=20and=20anonymous?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If anonymous users have reader access on a parent, we were considering that an edge use case was interesting: allowing an authenticated user to still be editor on the child. Although this use case could be interesting, we consider, as a first approach, that the value it carries is not big enough to justify the complexity for the user to understand this complex access right heritage. --- src/backend/core/models.py | 12 ++++++------ src/backend/core/tests/test_models_documents.py | 5 +---- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/src/backend/core/models.py b/src/backend/core/models.py index 6cdcea96..1ff89bee 100644 --- a/src/backend/core/models.py +++ b/src/backend/core/models.py @@ -115,16 +115,16 @@ class LinkReachChoices(models.TextChoices): if LinkRoleChoices.EDITOR in reach_roles.get(cls.PUBLIC, set()): return {cls.PUBLIC: [LinkRoleChoices.EDITOR]} - # Rule 2: public/reader - if LinkRoleChoices.READER in reach_roles.get(cls.PUBLIC, set()): - result.get(cls.AUTHENTICATED, set()).discard(LinkRoleChoices.READER) - result.pop(cls.RESTRICTED, None) - - # Rule 3: authenticated/editor + # Rule 2: authenticated/editor if LinkRoleChoices.EDITOR in reach_roles.get(cls.AUTHENTICATED, set()): result[cls.AUTHENTICATED].discard(LinkRoleChoices.READER) result.pop(cls.RESTRICTED, None) + # Rule 3: public/reader + if LinkRoleChoices.READER in reach_roles.get(cls.PUBLIC, set()): + result.pop(cls.AUTHENTICATED, None) + result.pop(cls.RESTRICTED, None) + # Rule 4: authenticated/reader if LinkRoleChoices.READER in reach_roles.get(cls.AUTHENTICATED, set()): result.pop(cls.RESTRICTED, None) diff --git a/src/backend/core/tests/test_models_documents.py b/src/backend/core/tests/test_models_documents.py index 3e73cb16..6aaad63e 100644 --- a/src/backend/core/tests/test_models_documents.py +++ b/src/backend/core/tests/test_models_documents.py @@ -1198,7 +1198,6 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries): ( [{"link_reach": "public", "link_role": "reader"}], { - "authenticated": ["editor"], "public": ["reader", "editor"], }, ), @@ -1263,7 +1262,6 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries): {"link_reach": "public", "link_role": "reader"}, ], { - "authenticated": ["editor"], "public": ["reader", "editor"], }, ), @@ -1274,7 +1272,6 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries): {"link_reach": "public", "link_role": "reader"}, ], { - "authenticated": ["editor"], "public": ["reader", "editor"], }, ), @@ -1284,7 +1281,7 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries): {"link_reach": "authenticated", "link_role": "editor"}, {"link_reach": "public", "link_role": "reader"}, ], - {"authenticated": ["editor"], "public": ["reader", "editor"]}, + {"public": ["reader", "editor"]}, ), ( [