✨(backend) add child_set_role_to field to document access abilities

The frontend needs to know what options to propose for an access that would be created on a child document. This depends on the access a user/team already has with ancestors...

Author: sampaccoud

src/backend/core/api/viewsets.py

@@ -1454,24 +1454,23 @@ def list(self, request, *args, **kwargs):
  accesses = list(queryset.order_by("document__path"))
 
  # Annotate more information on roles
- path_to_key_to_max_ancestors_role = defaultdict(
- lambda: defaultdict(lambda: None)
- )
+ # - accesses of the user (direct or via a team)
  path_to_ancestors_roles = defaultdict(list)
  path_to_role = defaultdict(lambda: None)
+ # - accesses of other users and teams
+ key_to_path_to_max_ancestors_role = defaultdict(
+ lambda: defaultdict(lambda: None)
+ )
  for access in accesses:
  key = access.target_key
  path = access.document.path
  parent_path = path[: -models.Document.steplen]
 
- path_to_key_to_max_ancestors_role[path][key] = choices.RoleChoices.max(
- path_to_key_to_max_ancestors_role[path][key], access.role
- )
-
  if parent_path:
- path_to_key_to_max_ancestors_role[path][key] = choices.RoleChoices.max(
- path_to_key_to_max_ancestors_role[parent_path][key],
- path_to_key_to_max_ancestors_role[path][key],
+ key_to_path_to_max_ancestors_role[key][parent_path] = (
+ choices.RoleChoices.max(
+ *key_to_path_to_max_ancestors_role[key].values()
+ )
  )
  path_to_ancestors_roles[path].extend(
  path_to_ancestors_roles[parent_path]
@@ -1480,6 +1479,10 @@ def list(self, request, *args, **kwargs):
  else:
  path_to_ancestors_roles[path] = []
 
+ key_to_path_to_max_ancestors_role[key][path] = choices.RoleChoices.max(
+ key_to_path_to_max_ancestors_role[key][parent_path], access.role
+ )
+
  if access.user_id == user.id or access.team in user.teams:
  path_to_role[path] = choices.RoleChoices.max(
  path_to_role[path], access.role
@@ -1493,7 +1496,7 @@ def list(self, request, *args, **kwargs):
  path = access.document.path
  parent_path = path[: -models.Document.steplen]
  access.max_ancestors_role = (
- path_to_key_to_max_ancestors_role[parent_path][access.target_key]
+ key_to_path_to_max_ancestors_role[access.target_key][parent_path]
  if parent_path
  else None
  )

src/backend/core/models.py

@@ -1150,13 +1150,20 @@ def get_abilities(self, user):
  for candidate_role in set_role_to
  if RoleChoices.get_priority(candidate_role) > ancestors_role_priority
  ]
+ child_set_role_to = [
+ candidate_role
+ for candidate_role in set_role_to
+ if RoleChoices.get_priority(candidate_role)
+ > RoleChoices.get_priority(self.role)
+ ]
 
  return {
  "destroy": can_delete,
  "update": bool(set_role_to) and is_owner_or_admin,
  "partial_update": bool(set_role_to) and is_owner_or_admin,
  "retrieve": (self.user and self.user.id == user.id) or is_owner_or_admin,
  "set_role_to": set_role_to,
+ "child_set_role_to": child_set_role_to,
  }