diff --git a/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/FormRunnerPermissionsOps.scala b/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/FormRunnerPermissionsOps.scala index b25ea743a7..da996dc2b8 100644 --- a/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/FormRunnerPermissionsOps.scala +++ b/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/FormRunnerPermissionsOps.scala @@ -31,9 +31,24 @@ trait FormRunnerPermissionsOps { /** * Given a permission element, e.g. , returns the tokenized value of * the operations attribute. + * + * See backward compatibility handling: https://github.com/orbeon/orbeon-forms/issues/5397 */ - def permissionOperations(permissionElement: NodeInfo): List[String] = - permissionElement attTokens "operations" toList + def permissionOperationsHandleList(permissionElement: NodeInfo): List[String] = { + + val tokens = permissionElement.attTokens("operations") + val hasMinusListToken = tokens(Operation.MinusListToken) // https://github.com/orbeon/orbeon-forms/issues/5397 + + val updatedTokens = + if (! hasMinusListToken && tokens(Operation.Read.entryName)) + tokens + Operation.List.entryName + else if (hasMinusListToken) + tokens.filter(_ != Operation.MinusListToken) + else + tokens + + updatedTokens.to + } //@XPathFunction def authorizedOperationsBasedOnRolesXPath(permissionsElOrNull: NodeInfo): List[String] = @@ -131,7 +146,7 @@ trait FormRunnerPermissionsOps { if currentUsernameOrGroupname == dataUsernameOrGroupname => val allPermissions = permissionsElOrNull.child("permission").toList val permissionsForOwnerOrGroupMember = allPermissions.filter(p => p / * forall (_.localname == condition)) - permissionsForOwnerOrGroupMember.flatMap(permissionOperations) + permissionsForOwnerOrGroupMember.flatMap(permissionOperationsHandleList) case _ => Nil } } diff --git a/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/permission/PermissionsXML.scala b/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/permission/PermissionsXML.scala index 01d0ec1910..f6a14854d8 100644 --- a/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/permission/PermissionsXML.scala +++ b/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/permission/PermissionsXML.scala @@ -13,7 +13,7 @@ */ package org.orbeon.oxf.fr.permission -import org.orbeon.oxf.fr.FormRunner +import org.orbeon.oxf.fr.FormRunnerCommon.frc import org.orbeon.saxon.om.NodeInfo import org.orbeon.scaxon.SimplePath._ import org.orbeon.oxf.util.StringUtils._ @@ -54,7 +54,7 @@ object PermissionsXML { } private def parsePermission(permissionEl: NodeInfo): Permission = { - val operations = Operations.parse(FormRunner.permissionOperations(permissionEl)) + val operations = Operations.parse(frc.permissionOperationsHandleList(permissionEl)) val conditions = permissionEl.child(*).toList.map( conditionEl => diff --git a/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/permission/operations.scala b/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/permission/operations.scala index dd69b0f2bf..d0dd2ac9b6 100644 --- a/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/permission/operations.scala +++ b/form-runner/shared/src/main/scala/org/orbeon/oxf/fr/permission/operations.scala @@ -45,6 +45,8 @@ object Operation extends Enum[Operation] { case object Update extends Operation case object Delete extends Operation case object List extends Operation + + val MinusListToken: String = s"-${List.entryName}" } object Operations {