From 8cca23ab28bb2b7ff885d78e984baa006bdd8f36 Mon Sep 17 00:00:00 2001
From: Arthur de Moulins <arthurdemoulins@gmail.com>
Date: Wed, 17 Jan 2024 11:23:50 +0100
Subject: [PATCH] fix permission propagation

---
 .../Listener/AssetPostTransformListener.php   |  8 ++++--
 .../CollectionPostTransformListener.php       | 25 +++++++++----------
 .../src/Entity/Core/RenditionDefinition.php   |  5 +++-
 databox/client/src/api/rendition.ts           |  3 +++
 .../Workspace/AttributeDefinitionManager.tsx  |  6 ++---
 .../Workspace/RenditionDefinitionManager.tsx  | 13 ++++++++--
 6 files changed, 39 insertions(+), 21 deletions(-)

diff --git a/databox/api/src/Elasticsearch/Listener/AssetPostTransformListener.php b/databox/api/src/Elasticsearch/Listener/AssetPostTransformListener.php
index bc1d16b95..64f11508d 100644
--- a/databox/api/src/Elasticsearch/Listener/AssetPostTransformListener.php
+++ b/databox/api/src/Elasticsearch/Listener/AssetPostTransformListener.php
@@ -79,8 +79,12 @@ public function hydrateDocument(PostTransformEvent $event): void
                         $cUsers[] = $collection->getOwnerId();
                     }
 
-                    $cUsers = array_merge($cUsers, $this->permissionManager->getAllowedUsers($collection, PermissionInterface::VIEW));
-                    $cGroups = array_merge($cGroups, $this->permissionManager->getAllowedGroups($collection, PermissionInterface::VIEW));
+                    $pColl = $collection;
+                    while ($pColl) {
+                        $cUsers = array_merge($cUsers, $this->permissionManager->getAllowedUsers($pColl, PermissionInterface::VIEW));
+                        $cGroups = array_merge($cGroups, $this->permissionManager->getAllowedGroups($pColl, PermissionInterface::VIEW));
+                        $pColl = $pColl->getParent();
+                    }
                 }
 
                 $absPath = $collection->getAbsolutePath();
diff --git a/databox/api/src/Elasticsearch/Listener/CollectionPostTransformListener.php b/databox/api/src/Elasticsearch/Listener/CollectionPostTransformListener.php
index b44e3914c..3475b487a 100644
--- a/databox/api/src/Elasticsearch/Listener/CollectionPostTransformListener.php
+++ b/databox/api/src/Elasticsearch/Listener/CollectionPostTransformListener.php
@@ -30,19 +30,18 @@ public function hydrateDocument(PostTransformEvent $event): void
 
         [$users, $groups] = $this->discoverChildren($collection);
 
-        // TODO check impact
-        //        if (!in_array(null, $users, true)) {
-        //            $parent = $collection->getParent();
-        //            while (null !== $parent) {
-        //                $users = array_merge($users, $this->permissionManager->getAllowedUsers($parent, PermissionInterface::VIEW));
-        //                if (in_array(null, $users, true)) {
-        //                    break;
-        //                }
-        //
-        //                $groups = array_merge($groups, $this->permissionManager->getAllowedGroups($parent, PermissionInterface::VIEW));
-        //                $parent = $parent->getParent();
-        //            }
-        //        }
+        if (!in_array(null, $users, true)) {
+            $parent = $collection->getParent();
+            while (null !== $parent) {
+                $users = array_merge($users, $this->permissionManager->getAllowedUsers($parent, PermissionInterface::VIEW));
+                if (in_array(null, $users, true)) {
+                    break;
+                }
+
+                $groups = array_merge($groups, $this->permissionManager->getAllowedGroups($parent, PermissionInterface::VIEW));
+                $parent = $parent->getParent();
+            }
+        }
 
         if (in_array(null, $users, true)) {
             $users = ['*'];
diff --git a/databox/api/src/Entity/Core/RenditionDefinition.php b/databox/api/src/Entity/Core/RenditionDefinition.php
index a115a1f15..01540d274 100644
--- a/databox/api/src/Entity/Core/RenditionDefinition.php
+++ b/databox/api/src/Entity/Core/RenditionDefinition.php
@@ -31,7 +31,10 @@
     operations: [
         new Get(security: 'is_granted("READ", object)'),
         new Delete(security: 'is_granted("DELETE", object)'),
-        new Put(security: 'is_granted("EDIT", object)'),
+        new Put(
+            security: 'is_granted("EDIT", object)',
+            input: RenditionDefinitionInput::class,
+        ),
         new Patch(security: 'is_granted("EDIT", object)'),
         new GetCollection(),
         new Post(securityPostDenormalize: 'is_granted("CREATE", object)'),
diff --git a/databox/client/src/api/rendition.ts b/databox/client/src/api/rendition.ts
index 77284abef..08336317a 100644
--- a/databox/client/src/api/rendition.ts
+++ b/databox/client/src/api/rendition.ts
@@ -62,6 +62,9 @@ export async function putRenditionDefinition(
     id: string | undefined,
     data: RenditionDefinition
 ): Promise<RenditionDefinition> {
+    // @ts-expect-error no workspace
+    delete data.workspace;
+
     return (await apiClient.put(`${renditionDefinitionNS}/${id}`, data)).data;
 }
 
diff --git a/databox/client/src/components/Dialog/Workspace/AttributeDefinitionManager.tsx b/databox/client/src/components/Dialog/Workspace/AttributeDefinitionManager.tsx
index a3d0be068..4fa99db08 100644
--- a/databox/client/src/components/Dialog/Workspace/AttributeDefinitionManager.tsx
+++ b/databox/client/src/components/Dialog/Workspace/AttributeDefinitionManager.tsx
@@ -44,7 +44,7 @@ function Item({
     } = usedFormSubmit;
 
     useEffect(() => {
-        reset(createData(data));
+        reset(normalizeData(data));
     }, [data]);
 
     return (
@@ -217,12 +217,12 @@ export default function AttributeDefinitionManager({
             handleSave={handleSave}
             handleDelete={deleteAttributeDefinition}
             onSort={onSort}
-            normalizeData={createData}
+            normalizeData={normalizeData}
         />
     );
 }
 
-function createData(data: AttributeDefinition) {
+function normalizeData(data: AttributeDefinition) {
     return {
         ...data,
         class: data?.class && (data?.class as AttributeClass)['@id'],
diff --git a/databox/client/src/components/Dialog/Workspace/RenditionDefinitionManager.tsx b/databox/client/src/components/Dialog/Workspace/RenditionDefinitionManager.tsx
index 9603482f2..b2abe1204 100644
--- a/databox/client/src/components/Dialog/Workspace/RenditionDefinitionManager.tsx
+++ b/databox/client/src/components/Dialog/Workspace/RenditionDefinitionManager.tsx
@@ -1,4 +1,4 @@
-import {RenditionDefinition, Workspace} from '../../../types';
+import {RenditionClass, RenditionDefinition, Workspace} from '../../../types';
 import {FormGroup, FormLabel, ListItemText, TextField} from '@mui/material';
 import FormRow from '../../Form/FormRow';
 import DefinitionManager, {
@@ -34,7 +34,7 @@ function Item({
     const {t} = useTranslation();
 
     React.useEffect(() => {
-        reset(data);
+        reset(normalizeData(data));
     }, [data]);
 
     return (
@@ -196,6 +196,15 @@ export default function RenditionDefinitionManager({
             handleSave={handleSave}
             handleDelete={deleteRenditionDefinition}
             onSort={onSort}
+            normalizeData={normalizeData}
         />
     );
 }
+
+
+function normalizeData(data: RenditionDefinition) {
+    return {
+        ...data,
+        class: data?.class && (data?.class as RenditionClass)['@id'],
+    };
+}