Commit Graph

19 Commits

Author SHA1 Message Date
Dan Brown
f6a6b11ec5
Added and addressed multi-role/own-role-perm/inheretance scenario
Found during manual testing.
Have checked against relation queries manually too.
2023-01-26 12:53:25 +00:00
Dan Brown
1660e72cc5
Migrated remaining relation permission usages
Now all tests are passing.
Some level of manual checks to do.
2023-01-24 19:04:32 +00:00
Dan Brown
2d1f1abce4
Implemented alternate approach to current joint_permissions
Is a tweak upon the existing approach, mainly to store and query role
permission access in a way that allows muli-level states that may
override eachother. These states are represented in the new PermissionStatus
class.

This also simplifies how own permissions are stored and queried, to be
part of a single column.
2023-01-24 14:55:34 +00:00
Dan Brown
7d74575eb8
Found a sql having-style approach to permissions
As a way to check aggregate queries for required changes to need to
analyse across combined permission values.
2023-01-24 13:44:38 +00:00
Dan Brown
91e613fe60
Shared entity permission logic across both query methods
The runtime userCan() and the JointPermissionBuilder now share much of
the same logic for handling entity permission resolution.
2023-01-23 15:09:03 +00:00
Dan Brown
f3f2a0c1d5
Updated userCan logic to meet expectations in tests
Updated with similar logic to that used in the user_permissions branch,
but all extracted to a seperate class for doing all fetch and collapse
work.
2023-01-23 12:40:11 +00:00
Dan Brown
bd412ddbf9
Updated test for perms. changes and fixed static issues 2022-10-12 12:12:36 +01:00
Dan Brown
0f68be608d
Removed most usages of restricted entitiy property 2022-10-10 16:58:26 +01:00
Dan Brown
aee0e16194
Started code update for new entity permission format 2022-10-08 13:52:59 +01:00
Dan Brown
837fd74bf6
Refactored search-based code to its own folder
Also applied StyleCI changes
2022-08-16 11:28:05 +01:00
Dan Brown
16eedc8264
Fixed failed permission checks due to non-loaded fields
Added additional exceptions to prevent such cases in the future, so
that they are caught in dev ideally.
Added test case specifically for reported favourite scenario.
2022-08-10 08:06:48 +01:00
Dan Brown
9cf05944f6
Applied StyleCI changes 2022-07-17 10:32:16 +01:00
Dan Brown
8f90996cef
Dropped use of non-view joint permissions 2022-07-16 21:50:42 +01:00
Dan Brown
2332401854
Fixed a couple of non-intended logical permission issues
Both caught in tests:
Fixed loss of permissions for admin users when entity restrictions were
active, since there are no entity-restrictions for the admin role but
we'd force generate them in joint permissions, which would be queried.
Fixed new role permission checks when permissions given with only the
action (eg. 'view'), since the type prefix would be required for role
permission checks. Was previously not needed as only the simpler form
was used in the jointpermissions after merge & calculation.
2022-07-16 20:55:32 +01:00
Dan Brown
afe1a04239
Aligned permission applicator method names
Also removed lesser used function, that was mostly a duplicate of an
existing function, and only used for search.
2022-07-16 19:54:25 +01:00
Dan Brown
f459a68535
Removed remaining dynamic action usages in joint permission queries 2022-07-16 19:28:04 +01:00
Dan Brown
1d875ccfb7
Continued removal of joint permission non-view queries
Cleaned up PermissionApplicator to remove old cache system which was
hardly ever actuall caching anything since it was reset after each
public method run.

Changed the scope of 'userCanOnAny' to just check entity permissions,
and added protections of action scope creep, in case a role permission
action was passed by mistake.
2022-07-16 13:17:08 +01:00
Dan Brown
4fb85a9a5c
Started removal of non-view permission queries
Updated ajax search and entity selector usage to display and handle
items that the user does not have permission to interact with.
Started logic changes to not allow permission type to be passed around,
with views instead being the fixed sole permission.
2022-07-13 15:23:03 +01:00
Dan Brown
b0a4d3d059
Renamed and cleaned up existing permission service classes use 2022-07-12 20:15:41 +01:00