Open elisabettai opened 2 weeks ago
In the function get_all_user_groups
async def get_all_user_groups(
conn: SAConnection, user_id: UserID
) -> tuple[dict[str, Any], list[dict[str, Any]], dict[str, Any]]:
"""
Returns the user primary group, standard groups and the all group
"""
primary_group = {}
user_groups = []
all_group = {}
query = (
sa.select(groups, user_to_groups.c.access_rights)
.select_from(
user_to_groups.join(groups, user_to_groups.c.gid == groups.c.gid),
)
.where(user_to_groups.c.uid == user_id)
)
row: RowProxy
async for row in conn.execute(query):
if row.type == GroupType.EVERYONE:
assert row.access_rights["read"] # nosec
all_group = convert_groups_db_to_schema(row)
elif row.type == GroupType.PRIMARY:
assert row.access_rights["read"] # nosec
primary_group = convert_groups_db_to_schema(row)
else:
assert row.type == GroupType.STANDARD # nosec
# only add if user has read access
if row.access_rights["read"]: # MD: <-- Why this is here?
user_groups.append(convert_groups_db_to_schema(row))
return (primary_group, user_groups, all_group)
We are filtering out row.access_rights["read"]. The product group has it set to false, so the product group is excluded. This needs to be changed. However, I understand there is a reason it was added here: the frontend doesn't want to see the product groups. We need to start differentiating between organizations for the frontend and all other groups.
Didn't we fix this bug?
I am on sim4life.io and sim4life v3.2.27 is shared with Everybody as far as I can see
_Issue created from a Mattermost message by @elisabettai._