refactor: remove share role checks #11364
Conversation
|
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
JammingBen
force-pushed
the
refactor/remove-share-role-checks
branch
3 times, most recently
from
463fa2e to
aa657fc
Compare
JammingBen
force-pushed
the
refactor/remove-share-role-checks
branch
5 times, most recently
from
ed9d7ae to
1401f72
Compare
JammingBen
force-pushed
the
refactor/remove-share-role-checks
branch
3 times, most recently
from
21cb63f to
0c76d43
Compare
| if (resources[0].disabled) { | ||
| return false | ||
| } | ||
|
|
There was a problem hiding this comment.
This is already being checked in canEditReadme.
JammingBen
force-pushed
the
refactor/remove-share-role-checks
branch
2 times, most recently
from
7b965f0 to
ad41acc
Compare
JammingBen
force-pushed
the
refactor/remove-share-role-checks
branch
5 times, most recently
from
0bc1c92 to
136c7e7
Compare
JammingBen
force-pushed
the
refactor/remove-share-role-checks
branch
from
136c7e7 to
58f0563
Compare
| canDownload: () => | ||
| sharePermissions.includes(GraphSharePermission.readBasic) && | ||
| !shareRoles.some((shareRole) => shareRole.id === GraphShareRoleIdMap.SecureViewer), | ||
| canDownload: () => sharePermissions.includes(GraphSharePermission.readContent), |
There was a problem hiding this comment.
So do I get it right that readContent permission action is not given with a secure view share? Which permission action does the secure view share have for secure-viewing content?
There was a problem hiding this comment.
I need to check, not sure if there are any permissions 😅
There was a problem hiding this comment.
Okay so the permissions of a secure view share are these:
* libre.graph/driveItem/path/read
* libre.graph/driveItem/children/read
* libre.graph/driveItem/basic/read
packages/web-app-admin-settings/src/components/Spaces/SideBar/MembersPanel.vue
Show resolved
Hide resolved
|
Description
Use share permissions instead of roles since roles are a very loose concept and just act as a container for a specific set of share permissions.
This affects 2 main scenarios:
SpaceResourcedoesn't have properties likemanager,editoranymore. The same goes for methods likeisManager. Instead, there is themembersproperty that holds information about all members. When checking if the current user is allowed to do certain actions, we need check for specific permissions now. E.g. when sharing, don't check forisManagerbut forcanShare.GraphShareRoleIdMapis being removed.You may notice a discrepancy in our naming and the Graph naming. IMO we should align... but that's a another story, I guess. Because ideally, I would also rename
SpacetoDrive. It's just so confusing all the time.There is one exception where Web still needs to assume and work with roles. That is when listing the managers of a space. Here we imply that if the user can remove space members, they are a space manager.
Related Issue
Types of changes