diff --git a/arches/app/permissions/arches_default_allow.py b/arches/app/permissions/arches_default_allow.py index b6840f084e..a6d7ad16d5 100644 --- a/arches/app/permissions/arches_default_allow.py +++ b/arches/app/permissions/arches_default_allow.py @@ -2,6 +2,7 @@ import logging import uuid +from typing import Union from django.contrib.auth.models import User from django.contrib.contenttypes.models import ContentType from django.core.exceptions import ObjectDoesNotExist @@ -42,9 +43,9 @@ def process_new_user(self, instance: User, created: bool) -> None: resource.createdtime = resource_instance.createdtime resource.index() # type: ignore - def get_search_ui_permissions_bulk( - self, user: User, search_results: list, groups - ) -> list: + def get_search_ui_permissions( + self, user: User, search_results: Union[dict, list], groups + ) -> Union[dict, list]: """ Determintes whether or not read/edit buttons show up in search results. """ @@ -59,6 +60,9 @@ def get_search_ui_permissions_bulk( user_can_read = len(user_read_permissions) > 0 user_can_edit = len(self.get_editable_resource_types(user)) > 0 + search_results_is_list = isinstance(search_results, list) + if search_results_is_list is False: + search_results = [search_results] for result in search_results: # validate permissions structure for search result @@ -102,73 +106,9 @@ def get_search_ui_permissions_bulk( and user.id in result["_source"]["permissions"]["principal_user"] ) - return search_results - - def get_search_ui_permissions( - self, user: User, search_result: dict, groups - ) -> dict: - """ - Determintes whether or not read/edit buttons show up in search results. - """ - result = {} - user_read_permissions = self.get_resource_types_by_perm( - user, - [ - "models.write_nodegroup", - "models.delete_nodegroup", - "models.read_nodegroup", - ], - ) - - user_can_read = len(user_read_permissions) > 0 - - # validate permissions structure for search result - deny_read_exists = ( - "permissions" in search_result["_source"] - and "users_without_read_perm" in search_result["_source"]["permissions"] - ) - deny_edit_exists = ( - "permissions" in search_result["_source"] - and "users_without_edit_perm" in search_result["_source"]["permissions"] - ) - - if not deny_read_exists or not deny_edit_exists: - logger.warning( - """ - PROBLEM WITH INDEX - it appears that your index permissions are malformed. - This can happen when switching permission frameworks and may cause search - results to appear incorrectly or with invalid permissions. You can correct it by reindexing arches. - """ - ) - - result["can_read"] = ( - deny_read_exists - and ( - user.id - not in search_result["_source"]["permissions"][ - "users_without_read_perm" - ] - ) - ) and user_can_read - - user_can_edit = len(self.get_editable_resource_types(user)) > 0 - - result["can_edit"] = ( - deny_edit_exists - and ( - user.id - not in search_result["_source"]["permissions"][ - "users_without_edit_perm" - ] - ) - ) and user_can_edit - - result["is_principal"] = ( - "permissions" in search_result["_source"] - and "principal_user" in search_result["_source"]["permissions"] - and user.id in search_result["_source"]["permissions"]["principal_user"] - ) - return result + if search_results_is_list: + return search_results + return search_results[0] def get_sets_for_user(self, user: User, perm: str) -> set[str] | None: # We do not do set filtering - None is allow-all for sets.