Fixes bug where ownership summary showed owner as canEdit even if the…

…y werent an editor, updates editors and viewers on bulk ROI write
pixlise · Apr 17, 2024 · 4205813 · 4205813
1 parent 47edb74
commit 4205813
Show file tree

Hide file tree

Showing 4 changed files with 265 additions and 139 deletions.
diff --git a/api/ws/handlers/roi.go b/api/ws/handlers/roi.go
@@ -166,7 +166,7 @@ func validateROI(roi *protos.ROIItem) error {
 	return nil
 }
 
-func createROI(roi *protos.ROIItem, hctx wsHelpers.HandlerContext, needMistEntry bool) (*protos.ROIItem, error) {
+func createROI(roi *protos.ROIItem, hctx wsHelpers.HandlerContext, needMistEntry bool, editors *protos.UserGroupList, viewers *protos.UserGroupList) (*protos.ROIItem, error) {
 	ctx := context.TODO()
 
 	// It's a new item, check these fields...
@@ -181,6 +181,15 @@ func createROI(roi *protos.ROIItem, hctx wsHelpers.HandlerContext, needMistEntry
 
 	// We need to create an ownership item along with it
 	ownerItem := wsHelpers.MakeOwnerForWrite(id, protos.ObjectType_OT_ROI, hctx.SessUser.User.Id, hctx.Svcs.TimeStamper.GetTimeNowSec())
+	if editors != nil {
+		ownerItem.Editors.UserIds = editors.UserIds
+		ownerItem.Editors.GroupIds = editors.GroupIds
+	}
+
+	if viewers != nil {
+		ownerItem.Viewers.UserIds = viewers.UserIds
+		ownerItem.Viewers.GroupIds = viewers.GroupIds
+	}
 
 	roi.ModifiedUnixSec = ownerItem.CreatedUnixSec
 
@@ -242,14 +251,33 @@ func createROI(roi *protos.ROIItem, hctx wsHelpers.HandlerContext, needMistEntry
 	return roi, nil
 }
 
-func updateROI(roi *protos.ROIItem, hctx wsHelpers.HandlerContext) (*protos.ROIItem, error) {
+func updateROI(roi *protos.ROIItem, hctx wsHelpers.HandlerContext, editors *protos.UserGroupList, viewers *protos.UserGroupList) (*protos.ROIItem, error) {
 	ctx := context.TODO()
 
 	dbItem, owner, err := wsHelpers.GetUserObjectById[protos.ROIItem](true, roi.Id, protos.ObjectType_OT_ROI, dbCollections.RegionsOfInterestName, hctx)
 	if err != nil {
 		return nil, err
 	}
 
+	// Check if we need to update the ownership
+	if editors != nil || viewers != nil {
+		if editors != nil {
+			owner.Editors.UserIds = editors.UserIds
+			owner.Editors.GroupIds = editors.GroupIds
+		}
+
+		if viewers != nil {
+			owner.Viewers.UserIds = viewers.UserIds
+			owner.Viewers.GroupIds = viewers.GroupIds
+		}
+
+		_, err = hctx.Svcs.MongoDB.Collection(dbCollections.OwnershipName).UpdateByID(ctx, roi.Id, bson.D{{Key: "$set", Value: owner}})
+		if err != nil {
+			return nil, err
+		}
+
+	}
+
 	// Some fields can't change
 	if len(roi.ScanId) > 0 && dbItem.ScanId != roi.ScanId {
 		return nil, errors.New("ScanId cannot be changed")
@@ -329,12 +357,12 @@ func HandleRegionOfInterestWriteReq(req *protos.RegionOfInterestWriteReq, hctx w
 
 	var err error
 	if len(req.RegionOfInterest.Id) <= 0 {
-		item, err = createROI(req.RegionOfInterest, hctx, req.IsMIST)
+		item, err = createROI(req.RegionOfInterest, hctx, req.IsMIST, nil, nil)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		item, err = updateROI(req.RegionOfInterest, hctx)
+		item, err = updateROI(req.RegionOfInterest, hctx, nil, nil)
 	}
 	if err != nil {
 		return nil, err
@@ -379,6 +407,37 @@ func HandleRegionOfInterestBulkWriteReq(req *protos.RegionOfInterestBulkWriteReq
 		if err != nil {
 			return nil, err
 		}
+
+		// Delete the ownership items for the MIST ROIs
+		_, err = hctx.Svcs.MongoDB.Collection(dbCollections.OwnershipName).DeleteMany(context.TODO(), bson.M{"_id": bson.M{"$in": mistIdList}})
+		if err != nil {
+			return nil, err
+		}
+
+		// Delete the ROI display settings for the MIST ROIs
+		_, err = hctx.Svcs.MongoDB.Collection(dbCollections.UserROIDisplaySettings).DeleteMany(context.TODO(), bson.M{"_id": bson.M{"$in": mistIdList}})
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	editors := &protos.UserGroupList{
+		UserIds:  []string{},
+		GroupIds: []string{},
+	}
+	viewers := &protos.UserGroupList{
+		UserIds:  []string{},
+		GroupIds: []string{},
+	}
+
+	if req.Editors != nil {
+		editors.UserIds = req.Editors.UserIds
+		editors.GroupIds = req.Editors.GroupIds
+	}
+
+	if req.Viewers != nil {
+		viewers.UserIds = req.Viewers.UserIds
+		viewers.GroupIds = req.Viewers.GroupIds
 	}
 
 	writtenROIs := []*protos.ROIItem{}
@@ -387,12 +446,42 @@ func HandleRegionOfInterestBulkWriteReq(req *protos.RegionOfInterestBulkWriteReq
 		item.IsMIST = req.IsMIST
 
 		var err error
-		if len(item.Id) > 0 && req.Overwrite {
+		if len(item.Id) > 0 && req.Overwrite && (req.MistROIScanIdsToDelete == nil || len(req.MistROIScanIdsToDelete) == 0) {
 			// Overwrite existing ROI
-			item, err = updateROI(item, hctx)
+			item, err = updateROI(item, hctx, editors, viewers)
+			if err != nil {
+				return nil, err
+			}
+		} else if req.Overwrite && len(item.Id) <= 0 && req.IsMIST && item.MistROIItem != nil {
+			// We're overwriting by name, so we need to find the existing ROI
+			filter := bson.M{"scanid": item.ScanId, "classificationtrail": item.MistROIItem.ClassificationTrail}
+			opts := options.Find().SetProjection(bson.M{"_id": true})
+			cursor, err := hctx.Svcs.MongoDB.Collection(dbCollections.MistROIsName).Find(context.TODO(), filter, opts)
+			if err != nil {
+				return nil, err
+			}
+
+			ids := []*IdOnly{}
+			err = cursor.All(context.TODO(), &ids)
 			if err != nil {
 				return nil, err
 			}
+
+			if len(ids) > 0 {
+				// Overwrite existing ROI
+				item.Id = ids[0].Id
+				item, err = updateROI(item, hctx, editors, viewers)
+				if err != nil {
+					return nil, err
+				}
+			} else {
+				// Create new ROI
+				item, err = createROI(item, hctx, req.IsMIST, editors, viewers)
+				if err != nil {
+					return nil, err
+				}
+			}
+
 		} else if req.SkipDuplicates {
 			// If id is not empty, but we're not overwriting, so skip this ROI
 			// If id is empty and this is a MIST ROI, we need to check if this ROI already exists
@@ -416,7 +505,7 @@ func HandleRegionOfInterestBulkWriteReq(req *protos.RegionOfInterestBulkWriteReq
 					continue
 				} else {
 					// Create new ROI
-					item, err = createROI(item, hctx, req.IsMIST)
+					item, err = createROI(item, hctx, req.IsMIST, editors, viewers)
 					if err != nil {
 						return nil, err
 					}
@@ -425,7 +514,7 @@ func HandleRegionOfInterestBulkWriteReq(req *protos.RegionOfInterestBulkWriteReq
 
 		} else {
 			// Create new ROI
-			item, err = createROI(item, hctx, req.IsMIST)
+			item, err = createROI(item, hctx, req.IsMIST, editors, viewers)
 			if err != nil {
 				return nil, err
 			}
@@ -462,7 +551,7 @@ func HandleRegionOfInterestBulkDuplicateReq(req *protos.RegionOfInterestBulkDupl
 		item.IsMIST = req.IsMIST
 
 		// Create new ROI
-		newROI, err := createROI(item, hctx, req.IsMIST)
+		newROI, err := createROI(item, hctx, req.IsMIST, nil, nil)
 		if err != nil {
 			return nil, err
 		}

diff --git a/api/ws/wsHelpers/ownership.go b/api/ws/wsHelpers/ownership.go
@@ -20,6 +20,15 @@ func MakeOwnerForWrite(objectId string, objectType protos.ObjectType, creatorUse
 		Id:             objectId,
 		ObjectType:     objectType,
 		CreatedUnixSec: uint32(createTimeUnixSec),
+		CreatorUserId:  "",
+		Editors: &protos.UserGroupList{
+			UserIds:  []string{},
+			GroupIds: []string{},
+		},
+		Viewers: &protos.UserGroupList{
+			UserIds:  []string{},
+			GroupIds: []string{},
+		},
 	}
 
 	if len(creatorUserId) > 0 {
@@ -199,7 +208,8 @@ func FetchOwnershipSummary(ownership *protos.OwnershipItem, sessionUser SessionU
 		}
 	}
 
-	result.CanEdit = string(result.CreatorUser.Id) == string(sessionUser.User.Id)
+	// Still have to be an editor even if you're the creator
+	result.CanEdit = false
 
 	if ownership.Viewers != nil {
 		result.ViewerUserCount = uint32(len(ownership.Viewers.UserIds))

diff --git a/data-formats b/data-formats