TBR: Swift: Restrict delta to permissions relevant to syncgroups & collections
Syncgroups and collections can only use certain ACLs, e.g. read/admin
or read/write/admin. Filter deltas to ACLs based on type. Matches
Java implementation.
Change-Id: I6f1dfebc1b71e7ff07fd6510af2a70eaf1fe0fa5
diff --git a/Syncbase/Source/AccessList.swift b/Syncbase/Source/AccessList.swift
index 5cb2032..5710c0c 100644
--- a/Syncbase/Source/AccessList.swift
+++ b/Syncbase/Source/AccessList.swift
@@ -73,8 +73,25 @@
}
}
+ static func applyDeltaForCollection(permissions: Permissions, delta: AccessList) throws -> Permissions {
+ let parsed = try applyDeltaParsed(permissions, delta: delta)
+ var filtered: Permissions = [:]
+ filtered[Tags.Read.rawValue] = parsed[Tags.Read.rawValue]
+ filtered[Tags.Write.rawValue] = parsed[Tags.Write.rawValue]
+ filtered[Tags.Admin.rawValue] = parsed[Tags.Admin.rawValue]
+ return filtered
+ }
+
+ static func applyDeltaForSyncgroup(permissions: Permissions, delta: AccessList) throws -> Permissions {
+ let parsed = try applyDeltaParsed(permissions, delta: delta)
+ var filtered: Permissions = [:]
+ filtered[Tags.Read.rawValue] = parsed[Tags.Read.rawValue]
+ filtered[Tags.Admin.rawValue] = parsed[Tags.Admin.rawValue]
+ return filtered
+ }
+
/// Applies delta to perms, returning the updates permissions.
- static func applyDelta(permissions: Permissions, delta: AccessList) throws -> Permissions {
+ static func applyDeltaParsed(permissions: Permissions, delta: AccessList) throws -> Permissions {
var perms = permissions
for (userId, level) in delta.users {
let bp = try blessingPatternFromAlias(userId)
diff --git a/Syncbase/Source/Collection.swift b/Syncbase/Source/Collection.swift
index ece4d19..43fb4a5 100644
--- a/Syncbase/Source/Collection.swift
+++ b/Syncbase/Source/Collection.swift
@@ -113,7 +113,7 @@
try SyncbaseError.wrap {
let vCx = try db.collection(self.collectionId).coreCollection
let perms = try vCx.getPermissions()
- try AccessList.applyDelta(perms, delta: delta)
+ try AccessList.applyDeltaForCollection(perms, delta: delta)
try vCx.setPermissions(perms)
}
}
diff --git a/Syncbase/Source/Syncgroup.swift b/Syncbase/Source/Syncgroup.swift
index 615de16..cbb8803 100644
--- a/Syncbase/Source/Syncgroup.swift
+++ b/Syncbase/Source/Syncgroup.swift
@@ -114,7 +114,7 @@
try SyncbaseError.wrap {
// TODO(sadovsky): Make it so SyncgroupSpec can be updated as part of a batch?
let versionedSpec = try self.coreSyncgroup.getSpec()
- let permissions = try AccessList.applyDelta(versionedSpec.spec.permissions, delta: delta)
+ let permissions = try AccessList.applyDeltaForSyncgroup(versionedSpec.spec.permissions, delta: delta)
let oldSpec = versionedSpec.spec
try self.coreSyncgroup.setSpec(VersionedSpec(
spec: SyncgroupSpec(description: oldSpec.description,
