zhongjin
/
cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '009c576819'
${ noResults }
cartodb/app/models/permission/presenter.rb

55 lines
1.5 KiB
Raw Normal View History Unescape

CDB-3103 Removed some stored ACL fields, added presenter to decorate instead upon returning ACLs
10 years ago
require_relative 'permission_user_presenter'
CDB-2891 fix require in permissions presenter
10 years ago
require_relative 'permission_organization_presenter'
Missing requirement
9 years ago
require_relative 'permission_group_presenter'
CDB-3103 Removed some stored ACL fields, added presenter to decorate instead upon returning ACLs
10 years ago
CDB-3103 Added Permissions Presenter and first API GET endpoint spec
10 years ago
module CartoDB
class PermissionPresenter
def initialize(permission)
@permission = permission
CDB-3103 Removed some stored ACL fields, added presenter to decorate instead upon returning ACLs
10 years ago
@user_presenter = CartoDB::PermissionUserPresenter.new
CDB-2891 Added PermissionOrganizationPresenter
10 years ago
@org_presenter = CartoDB::PermissionOrganizationPresenter.new
CDB-3103 Added Permissions Presenter and first API GET endpoint spec
10 years ago
end
#1693 Removal of request propagation to some Presenters (no longer needed)
10 years ago
def to_poro
CDB-3103 Removed some stored ACL fields, added presenter to decorate instead upon returning ACLs
10 years ago
{
CDB-3242 finished stabilizing specs
10 years ago
id: @permission.id,
#1693 removed no longer needed request passing
10 years ago
owner: @user_presenter.decorate_user(@permission.owner),
CDB-3242 finished stabilizing specs
10 years ago
entity: {
id: @permission.entity_id,
type: @permission.entity_type
},
Please rubocop
7 years ago
acl: @permission.acl.map { |entry|
Solution to wrong ACL (deleted user) Here is the scenario we're trying to fix: - some user A creates a table - that user A grants permission to some other user B to that table - the user B is deleted Usually this is dealt with as part of the user deletion, but we found a situation in which ACL (permissions table) is wrong because they reference a deleted user. We don't know exactly how we arrived to that situation. It is most likely a race condition deleting a user or migrating a DB, but we don't have enough information to reconstruct the whole story. The trouble with that is that the web client is generating requests to change permissions based on the wrong (referencing the deleted user) ACL. Once you have the data inconsistent in the DB you have 3 possible approaches to get it fixed: - fix it directly in the database - filter the input of PUT /api/v1/perm, ignoring deleted entities - filter the output (viz endopoint, permissions presenter) Fixing directly in the database is OK as a one-time thing, but that may cause some maintenance burden. Returning an error if the input is wrong is OK. Filtering for wrong inputs could fix it but I don't think it's the right approach, as some other errors could be masked otherwise. I think filtering the output from DB is the rigth approach. This way the permissions can be set correctly by the user. They will get "automatically fixed" the next time the user tries to modify the permissions. And this is why the fix for it is in the presenter.
7 years ago
entity = entity_decoration(entry)
if entity.blank?
nil
else
{
type: entry[:type],
entity: entity,
access: entry[:access]
}
end
Please rubocop
7 years ago
}.reject(&:nil?),
CDB-3242 finished stabilizing specs
10 years ago
created_at: @permission.created_at,
updated_at: @permission.updated_at
CDB-3103 Added Permissions Presenter and first API GET endpoint spec
10 years ago
}
end
#1693 Removal of request propagation to some Presenters (no longer needed)
10 years ago
private
def entity_decoration(entry)
Group support at permission schema
9 years ago
case entry[:type]
Remove references to Sequel constants
4 years ago
when Carto::Permission::TYPE_USER
#1693 removed no longer needed request passing
10 years ago
@user_presenter.decorate(entry[:id])
Remove references to Sequel constants
4 years ago
when Carto::Permission::TYPE_ORGANIZATION
CDB-2891 Added PermissionOrganizationPresenter
10 years ago
@org_presenter.decorate(entry[:id])
Remove references to Sequel constants
4 years ago
when Carto::Permission::TYPE_GROUP
Group support at permission schema
9 years ago
CartoDB::PermissionGroupPresenter.new.decorate(entry[:id])
else
raise "Unknown entity type for entry #{entry}"
CDB-2891 Added PermissionOrganizationPresenter
10 years ago
end
end
CDB-3103 Added Permissions Presenter and first API GET endpoint spec
10 years ago
end
end