studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

♻️(backend) remove different reach for authenticated and anonymous

Browse Source 
If anonymous users have reader access on a parent, we were considering
that an edge use case was interesting: allowing an authenticated user
to still be editor on the child.

Although this use case could be interesting, we consider, as a first
approach, that the value it carries is not big enough to justify the
complexity for the user to understand this complex access right heritage.
This commit is contained in:
Samuel Paccoud - DINUM
2025-04-11 19:09:48 +02:00
committed by Anthony LC
parent 26c7af0dbf
commit 0a5887c162
2 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/backend/core/models.py
View File

@@ -115,16 +115,16 @@ class LinkReachChoices(models.TextChoices):
if LinkRoleChoices.EDITOR in reach_roles.get(cls.PUBLIC, set()): if LinkRoleChoices.EDITOR in reach_roles.get(cls.PUBLIC, set()):
return {cls.PUBLIC: [LinkRoleChoices.EDITOR]} return {cls.PUBLIC: [LinkRoleChoices.EDITOR]}
# Rule 2: public/reader # Rule 2: authenticated/editor
if LinkRoleChoices.READER in reach_roles.get(cls.PUBLIC, set()):
result.get(cls.AUTHENTICATED, set()).discard(LinkRoleChoices.READER)
result.pop(cls.RESTRICTED, None)
# Rule 3: authenticated/editor
if LinkRoleChoices.EDITOR in reach_roles.get(cls.AUTHENTICATED, set()): if LinkRoleChoices.EDITOR in reach_roles.get(cls.AUTHENTICATED, set()):
result[cls.AUTHENTICATED].discard(LinkRoleChoices.READER) result[cls.AUTHENTICATED].discard(LinkRoleChoices.READER)
result.pop(cls.RESTRICTED, None) result.pop(cls.RESTRICTED, None)
# Rule 3: public/reader
if LinkRoleChoices.READER in reach_roles.get(cls.PUBLIC, set()):
result.pop(cls.AUTHENTICATED, None)
result.pop(cls.RESTRICTED, None)
# Rule 4: authenticated/reader # Rule 4: authenticated/reader
if LinkRoleChoices.READER in reach_roles.get(cls.AUTHENTICATED, set()): if LinkRoleChoices.READER in reach_roles.get(cls.AUTHENTICATED, set()):
result.pop(cls.RESTRICTED, None) result.pop(cls.RESTRICTED, None)

5
src/backend/core/tests/test_models_documents.py
View File

@@ -1198,7 +1198,6 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
( (
[{"link_reach": "public", "link_role": "reader"}], [{"link_reach": "public", "link_role": "reader"}],
{ {
"authenticated": ["editor"],
"public": ["reader", "editor"], "public": ["reader", "editor"],
}, },
), ),
@@ -1263,7 +1262,6 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
{"link_reach": "public", "link_role": "reader"}, {"link_reach": "public", "link_role": "reader"},
], ],
{ {
"authenticated": ["editor"],
"public": ["reader", "editor"], "public": ["reader", "editor"],
}, },
), ),
@@ -1274,7 +1272,6 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
{"link_reach": "public", "link_role": "reader"}, {"link_reach": "public", "link_role": "reader"},
], ],
{ {
"authenticated": ["editor"],
"public": ["reader", "editor"], "public": ["reader", "editor"],
}, },
), ),
@@ -1284,7 +1281,7 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
{"link_reach": "authenticated", "link_role": "editor"}, {"link_reach": "authenticated", "link_role": "editor"},
{"link_reach": "public", "link_role": "reader"}, {"link_reach": "public", "link_role": "reader"},
], ],
{"authenticated": ["editor"], "public": ["reader", "editor"]}, {"public": ["reader", "editor"]},
), ),
( (
[ [