-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AC-2086] Update CanDelete to handle V1 flag logic #3979
Changes from 8 commits
5cef1b2
9ab6b91
2d5f085
ff379e2
c6d1eb9
2167175
24dcae3
6af746c
f66881a
2f27fb3
64990a3
c7867d3
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -225,25 +225,41 @@ private async Task<bool> CanUpdateGroupAccessAsync(ICollection<Collection> resou | |
|
||
private async Task<bool> CanDeleteAsync(ICollection<Collection> resources, CurrentContextOrganization? org) | ||
{ | ||
// Owners, Admins, and users with DeleteAnyCollection permission can always delete collections | ||
if (org is | ||
{ Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or | ||
{ Permissions.DeleteAnyCollection: true }) | ||
// Users with DeleteAnyCollection permission can always delete collections | ||
if (org is { Permissions.DeleteAnyCollection: true }) | ||
{ | ||
return true; | ||
} | ||
|
||
// Check for non-null org here: the user must be apart of the organization for this setting to take affect | ||
// The limit collection management setting is disabled, | ||
// ensure acting user has manage permissions for all collections being deleted | ||
if (await GetOrganizationAbilityAsync(org) is { LimitCollectionCreationDeletion: false }) | ||
var organizationAbility = await GetOrganizationAbilityAsync(org); | ||
|
||
// If AllowAdminAccessToAllCollectionItems is true, Owners and Admins can delete any collection, regardless of LimitCollectionCreationDeletion setting | ||
if ((organizationAbility is { AllowAdminAccessToAllCollectionItems: true } || | ||
!_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1)) && | ||
org is { Type: OrganizationUserType.Owner or OrganizationUserType.Admin }) | ||
{ | ||
return true; | ||
} | ||
|
||
var canManageCollections = await CanManageCollectionsAsync(resources); | ||
|
||
// LimitCollectionCreationDeletion is false, AllowAdminAccessToAllCollectionItems setting is irrelevant. | ||
// Ensure acting user has manage permissions for all collections being deleted | ||
if (organizationAbility is { LimitCollectionCreationDeletion: false }) | ||
{ | ||
var canManageCollections = await CanManageCollectionsAsync(resources); | ||
if (canManageCollections) | ||
{ | ||
return true; | ||
} | ||
} | ||
else | ||
// LimitCollectionCreationDeletion is true, only Owners and Admins can delete collections they manage | ||
{ | ||
if (org is { Type: OrganizationUserType.Owner or OrganizationUserType.Admin } && canManageCollections) | ||
{ | ||
return true; | ||
} | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. How you've written this works and I think this has turned out pretty well after much discussion about the business logic side of things. One suggestion, I think this could be expressed more succinctly: var canDeleteManagedCollections = organizationAbility is { LimitCollectionCreationDeletion: false } ||
org is { Type: OrganizationUserType.Owner or OrganizationUserType.Admin };
if (canDeleteManagedCollections && await canManageCollections(resources))
{
return true;
} There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thank you! |
||
|
||
// Allow providers to delete collections if they are a provider for the target organization | ||
return await _currentContext.ProviderUserForOrgAsync(_targetOrganizationId); | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please add a test case for:
or if it's here and I'm missing it, just point me to it 😁 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I believe I've added the test you're looking for! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ended up separating these lines to make the logic a little clearer - see CanUpdateCollectionAsync.