Fall back on general user permissions on global model tables

If the authenticated user has the permission in at lease a single folder, they will be able to create an object from its global model table, the domain choices in the create form will already be filtered only top include those they have access to.
intuitem · Mar 5, 2025 · afcd641 · afcd641
1 parent 7828db1
commit afcd641
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 29 deletions.
diff --git a/frontend/src/lib/components/ModelTable/ModelTable.svelte b/frontend/src/lib/components/ModelTable/ModelTable.svelte
@@ -201,16 +201,18 @@
 	$: field_component_map = FIELD_COMPONENT_MAP[URLModel] ?? {};
 	$: model = URL_MODEL_MAP[URLModel];
 	$: canCreateObject = model
-		? canPerformAction({
-				user,
-				action: 'add',
-				model: model.name,
-				domain:
-					$page.data?.data?.folder?.id ||
-					$page.data?.data?.folder ||
-					$page.params.id ||
-					user.root_folder_id
-			})
+		? $page.params.id
+			? canPerformAction({
+					user,
+					action: 'add',
+					model: model.name,
+					domain:
+						$page.data?.data?.folder?.id ||
+						$page.data?.data?.folder ||
+						$page.params.id ||
+						user.root_folder_id
+				})
+			: Object.hasOwn(user.permissions, `add_${model.name}`)
 		: false;
 	$: filterCount = filteredFields.reduce((acc, field) => acc + filterValues[field].length, 0);
 

diff --git a/frontend/src/lib/components/TableRowActions/TableRowActions.svelte b/frontend/src/lib/components/TableRowActions/TableRowActions.svelte
@@ -97,26 +97,30 @@
 	const user = $page.data.user;
 
 	$: canDeleteObject = model
-		? canPerformAction({
-				user,
-				action: 'delete',
-				model: model.name,
-				domain:
-					model.name === 'folder'
-						? row.meta.id
-						: (row.meta.folder?.id ?? row.meta.folder ?? user.root_folder_id)
-			}) && !preventDelete
+		? $page.params.id
+			? canPerformAction({
+					user,
+					action: 'delete',
+					model: model.name,
+					domain:
+						model.name === 'folder'
+							? row.meta.id
+							: (row.meta.folder?.id ?? row.meta.folder ?? user.root_folder_id)
+				}) && !preventDelete
+			: Object.hasOwn(user.permissions, `delete_${model.name}`)
 		: false;
 	$: canEditObject = model
-		? canPerformAction({
-				user,
-				action: 'change',
-				model: model.name,
-				domain:
-					model.name === 'folder'
-						? row.meta.id
-						: (row.meta.folder?.id ?? row.meta.folder ?? user.root_folder_id)
-			})
+		? $page.params.id
+			? canPerformAction({
+					user,
+					action: 'change',
+					model: model.name,
+					domain:
+						model.name === 'folder'
+							? row.meta.id
+							: (row.meta.folder?.id ?? row.meta.folder ?? user.root_folder_id)
+				})
+			: Object.hasOwn(user.permissions, `change_${model.name}`)
 		: false;
 
 	$: displayDetail = detailURL;

diff --git a/frontend/src/routes/(app)/(internal)/my-profile/+page.svelte b/frontend/src/routes/(app)/(internal)/my-profile/+page.svelte
@@ -27,7 +27,7 @@
 	const user = $page.data.user;
 	const canEditObject: boolean = canPerformAction({
 		user,
-		action: 'delete',
+		action: 'change',
 		model: 'user',
 		domain: user.root_folder_id
 	});