16007: Add REVOKE_PERM and CAN_MANAGE_PERM constants

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>

diff --git a/services/api/app/models/group.rb b/services/api/app/models/group.rb
index 485205f1eba9a7fe5886330d9cd60454b2afbde0..36814a3163e074433dfb3f5beeffb77510740475 100644 (file)
--- a/services/api/app/models/group.rb
+++ b/services/api/app/models/group.rb
@@ -80,13 +80,13 @@ on conflict (group_uuid) do update set trash_at=EXCLUDED.trash_at;
   def before_ownership_change
     if owner_uuid_changed? and !self.owner_uuid_was.nil?
       MaterializedPermission.where(user_uuid: owner_uuid_was, target_uuid: uuid).delete_all
-      update_permissions self.owner_uuid_was, self.uuid, 0
+      update_permissions self.owner_uuid_was, self.uuid, REVOKE_PERM
     end
   end
 
   def after_ownership_change
     if owner_uuid_changed?
-      update_permissions self.owner_uuid, self.uuid, 3
+      update_permissions self.owner_uuid, self.uuid, CAN_MANAGE_PERM
     end
   end
 

diff --git a/services/api/app/models/link.rb b/services/api/app/models/link.rb
index da4ca6c870cd17149e0b5a269fc716a7c2c00680..cd1ff40c229ee71fabec6315d3f4b2b449bf8e27 100644 (file)
--- a/services/api/app/models/link.rb
+++ b/services/api/app/models/link.rb
@@ -80,7 +80,7 @@ class Link < ArvadosModel
 
   def clear_permissions
     if self.link_class == 'permission'
-      update_permissions tail_uuid, head_uuid, 0
+      update_permissions tail_uuid, head_uuid, REVOKE_PERM
     end
   end
 

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index a2922cb7b35c3f3b540c776e63f391f0c08be005..d65cfb9c4ff5c4228c01ebfedfa4c1eaa2619f61 100644 (file)
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -146,18 +146,18 @@ SELECT 1 FROM #{PERMISSION_VIEW}
   def before_ownership_change
     if owner_uuid_changed? and !self.owner_uuid_was.nil?
       MaterializedPermission.where(user_uuid: owner_uuid_was, target_uuid: uuid).delete_all
-      update_permissions self.owner_uuid_was, self.uuid, 0
+      update_permissions self.owner_uuid_was, self.uuid, REVOKE_PERM
     end
   end
 
   def after_ownership_change
     if owner_uuid_changed?
-      update_permissions self.owner_uuid, self.uuid, 3
+      update_permissions self.owner_uuid, self.uuid, CAN_MANAGE_PERM
     end
   end
 
   def clear_permissions
-    update_permissions self.owner_uuid, self.uuid, 0
+    update_permissions self.owner_uuid, self.uuid, REVOKE_PERM
     MaterializedPermission.where("user_uuid = ? or target_uuid = ?", uuid, uuid).delete_all
   end
 
@@ -447,11 +447,11 @@ update #{PERMISSION_VIEW} set target_uuid=$1 where target_uuid = $2
         update_attributes!(redirect_to_user_uuid: new_user.uuid, username: nil)
       end
       skip_check_permissions_against_full_refresh do
-        update_permissions self.owner_uuid, self.uuid, 3
-        update_permissions self.uuid, self.uuid, 3
-        update_permissions new_user.owner_uuid, new_user.uuid, 3
+        update_permissions self.owner_uuid, self.uuid, CAN_MANAGE_PERM
+        update_permissions self.uuid, self.uuid, CAN_MANAGE_PERM
+        update_permissions new_user.owner_uuid, new_user.uuid, CAN_MANAGE_PERM
       end
-      update_permissions new_user.uuid, new_user.uuid, 3
+      update_permissions new_user.uuid, new_user.uuid, CAN_MANAGE_PERM
     end
   end
 

diff --git a/services/api/lib/update_permissions.rb b/services/api/lib/update_permissions.rb
index 4d3986a4b70b75a693204252cd2587ce3ec46965..1d9c1006b88860b691bfe30d6cc5106d9ec2ef1a 100644 (file)
--- a/services/api/lib/update_permissions.rb
+++ b/services/api/lib/update_permissions.rb
@@ -4,6 +4,9 @@
 
 require '20200501150153_permission_table_constants'
 
+REVOKE_PERM = 0
+CAN_MANAGE_PERM = 3
+
 def update_permissions perm_origin_uuid, starting_uuid, perm_level
   #
   # Update a subset of the permission table affected by adding or