Skip to content

Commit 47daf7c

Browse files
skadefroskadefro
committed
Skip addin users to group _acl
1 parent 8e27165 commit 47daf7c

2 files changed

Lines changed: 31 additions & 10 deletions

File tree

OpenFlow/src/DatabaseConnection.ts

Lines changed: 30 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -106,10 +106,10 @@ export class DatabaseConnection {
106106
if (Config.update_acl_based_on_groups == true) {
107107
if (multi_tenant_skip.indexOf(item._id) > -1) {
108108
if (ace._id != WellknownIds.admins && ace._id != WellknownIds.root) {
109-
item.removeRight(ace._id, [Rights.read]);
109+
// item.removeRight(ace._id, [Rights.read]);
110110
}
111111
} else {
112-
item.addRight(ace._id, ace.name, [Rights.read]);
112+
// item.addRight(ace._id, ace.name, [Rights.read]);
113113
}
114114
}
115115
var exists = item.members.filter(x => x._id == ace._id);
@@ -161,7 +161,15 @@ export class DatabaseConnection {
161161
var ace = removed[i];
162162

163163
if (ace._id != WellknownIds.admins && ace._id != WellknownIds.root) {
164-
item.removeRight(ace._id, [Rights.read]);
164+
// if (item.hasRight(ace._id, Rights.read)) {
165+
// item.removeRight(ace._id, [Rights.read]);
166+
// var right = item.getRight(ace._id, false);
167+
// // read was not the only right ? then re add
168+
// if (right != null) {
169+
// item.addRight(ace._id, ace.name, [Rights.read]);
170+
// }
171+
// }
172+
165173
}
166174

167175
var arr = await this.db.collection("users").find({ _id: ace._id }).project({ name: 1, _acl: 1, _type: 1 }).limit(1).toArray();
@@ -172,20 +180,33 @@ export class DatabaseConnection {
172180
} else if (arr[0]._type == "user") {
173181
var u: User = User.assign(arr[0]);
174182
if (u.hasRight(item._id, Rights.read)) {
175-
console.log("Removing " + item.name + " read permissions from " + u.name);
176183
u.removeRight(item._id, [Rights.read]);
177-
// await this.db.collection("users").save(u);
178-
await this.db.collection("users").updateOne({ _id: u._id }, { $set: { _acl: u._acl } });
184+
185+
// was read the only right ? then remove it
186+
var right = u.getRight(item._id, false);
187+
if (right == null) {
188+
console.log("Removing " + item.name + " read permissions from " + u.name);
189+
// await this.db.collection("users").save(u);
190+
await this.db.collection("users").updateOne({ _id: u._id }, { $set: { _acl: u._acl } });
191+
192+
}
193+
179194
} else {
180195
console.log("No need to remove " + item.name + " read permissions from " + u.name);
181196
}
182197
} else if (arr[0]._type == "role") {
183198
var r: Role = Role.assign(arr[0]);
184199
if (r.hasRight(item._id, Rights.read)) {
185-
console.log("Removing " + item.name + " read permissions from " + r.name);
186200
r.removeRight(item._id, [Rights.read]);
187-
// await this.db.collection("users").save(r);
188-
await this.db.collection("users").updateOne({ _id: r._id }, { $set: { _acl: r._acl } });
201+
202+
// was read the only right ? then remove it
203+
var right = r.getRight(item._id, false);
204+
if (right == null) {
205+
console.log("Removing " + item.name + " read permissions from " + r.name);
206+
// await this.db.collection("users").save(r);
207+
await this.db.collection("users").updateOne({ _id: r._id }, { $set: { _acl: r._acl } });
208+
}
209+
189210
} else {
190211
console.log("No need to remove " + item.name + " read permissions from " + u.name);
191212
}

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
0.0.426
1+
0.0.427

0 commit comments

Comments
 (0)