studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

♻️(backend) remove different reach for authenticated and anonymous

Browse Source 
If anonymous users have reader access on a parent, we were considering
that an edge use case was interesting: allowing an authenticated user
to still be editor on the child.

Although this use case could be interesting, we consider, as a first
approach, that the value it carries is not big enough to justify the
complexity for the user to understand this complex access right heritage.
This commit is contained in:
Samuel Paccoud - DINUM
2025-04-11 19:09:48 +02:00
committed by Anthony LC
parent 26c7af0dbf
commit 0a5887c162
2 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/backend/core/models.py
View File

@@ -115,16 +115,16 @@ class LinkReachChoices(models.TextChoices):
if LinkRoleChoices.EDITOR in reach_roles.get(cls.PUBLIC, set()):
return {cls.PUBLIC: [LinkRoleChoices.EDITOR]}
# Rule 2: public/reader
if LinkRoleChoices.READER in reach_roles.get(cls.PUBLIC, set()):
result.get(cls.AUTHENTICATED, set()).discard(LinkRoleChoices.READER)
result.pop(cls.RESTRICTED, None)
# Rule 3: authenticated/editor
# Rule 2: authenticated/editor
if LinkRoleChoices.EDITOR in reach_roles.get(cls.AUTHENTICATED, set()):
result[cls.AUTHENTICATED].discard(LinkRoleChoices.READER)
result.pop(cls.RESTRICTED, None)
# Rule 3: public/reader
if LinkRoleChoices.READER in reach_roles.get(cls.PUBLIC, set()):
result.pop(cls.AUTHENTICATED, None)
result.pop(cls.RESTRICTED, None)
# Rule 4: authenticated/reader
if LinkRoleChoices.READER in reach_roles.get(cls.AUTHENTICATED, set()):
result.pop(cls.RESTRICTED, None)