Expand motion restriction for forwarded motions

[bastianjoel]

As described in https://github.com/OpenSlides/openslides-client/issues/3529#issuecomment-2276088909

If a user has motion.can_see_origin they should be able to see origin motions and related metadata of a forwarded motion.

Additionally the meeting field motions_line_length needs to be available which we could maybe just change the restriction mode for.

Needed for https://github.com/OpenSlides/openslides-client/issues/3529

The following collections/restriction modes need to be changed:

Request for origin motion

```json [ { "collection": "motion", "ids": [ 8 ], "fields": { "workflow_timestamp": null, "reason": null, "number": null, "title": null, "text": null, "modified_final_version": null, "all_origin_ids": null, "origin_meeting_id": null, "derived_motion_ids": null, "identical_motion_ids": null, "amendment_paragraphs": null, "id": null, "submitter_ids": { "type": "relation-list", "collection": "motion_submitter", "fields": { "id": null, "weight": null, "meeting_user_id": { "type": "relation", "collection": "meeting_user", "fields": { "group_ids": null, "meeting_id": null, "user_id": { "type": "relation", "collection": "user", "fields": { "title": null, "first_name": null, "last_name": null, "pronoun": null, "username": null, "gender": null, "default_vote_weight": null, "is_physical_person": null, "is_active": null, "meeting_ids": null, "saml_id": null, "member_number": null, "meeting_user_ids": null, "email": null, "last_email_sent": null, "last_login": null, "organization_management_level": null, "is_present_in_meeting_ids": null, "default_password": null, "id": null } }, "vote_delegated_to_id": null, "vote_delegations_from_ids": null, "structure_level_ids": null, "vote_weight": null, "comment": null, "number": null, "id": null } }, "motion_id": null, "meeting_id": null } }, "state_id": { "type": "relation", "collection": "motion_state", "fields": { "name": null, "css_class": null, "id": null } }, "poll_ids": { "type": "relation-list", "collection": "poll", "fields": { "id": null, "description": null, "title": null, "type": null, "backend": null, "pollmethod": null, "state": null, "min_votes_amount": null, "max_votes_amount": null, "max_votes_per_option": null, "global_yes": null, "global_no": null, "global_abstain": null, "onehundred_percent_base": null, "votesvalid": null, "votesinvalid": null, "votescast": null, "entitled_users_at_stop": null, "vote_count": null, "sequential_number": null, "content_object_id": { "type": "generic-relation", "fields": { "title": null, "sequential_number": null, "meeting_id": null, "id": null, "candidate_ids": { "type": "relation-list", "collection": "assignment_candidate", "fields": { "id": null, "weight": null, "assignment_id": null, "meeting_user_id": { "type": "relation", "collection": "meeting_user", "fields": { "group_ids": null, "meeting_id": null, "user_id": { "type": "relation", "collection": "user", "fields": { "title": null, "first_name": null, "last_name": null, "pronoun": null, "username": null, "gender": null, "default_vote_weight": null, "id": null } }, "number": null, "id": null, "structure_level_ids": { "type": "relation-list", "collection": "structure_level", "fields": { "name": null, "id": null } } } }, "meeting_id": null } } } }, "option_ids": { "type": "relation-list", "collection": "option", "fields": { "id": null, "weight": null, "text": null, "yes": null, "no": null, "abstain": null, "poll_id": null, "used_as_global_option_in_poll_id": null, "vote_ids": { "type": "relation-list", "collection": "vote", "fields": { "id": null, "weight": null, "value": null, "user_token": null, "option_id": null, "user_id": null, "delegated_user_id": null, "meeting_id": null } }, "content_object_id": { "type": "generic-relation", "fields": { "title": null, "first_name": null, "last_name": null, "pronoun": null, "username": null, "gender": null, "default_vote_weight": null, "option_ids": null, "id": null, "poll_candidate_ids": { "type": "relation-list", "collection": "poll_candidate", "fields": { "poll_candidate_list_id": null, "user_id": { "type": "relation", "collection": "user", "fields": { "title": null, "first_name": null, "last_name": null, "pronoun": null, "username": null, "gender": null, "default_vote_weight": null, "id": null } }, "weight": null, "meeting_id": null, "id": null } } } }, "meeting_id": null } }, "global_option_id": { "type": "relation", "collection": "option", "fields": { "id": null, "weight": null, "text": null, "yes": null, "no": null, "abstain": null, "poll_id": null, "used_as_global_option_in_poll_id": null, "vote_ids": null, "content_object_id": null, "meeting_id": null } }, "voted_ids": null, "entitled_group_ids": null, "projection_ids": null, "meeting_id": null } }, "amendment_ids": { "type": "relation-list", "collection": "motion", "fields": { "id": null, "number": null, "sequential_number": null, "title": null, "text": null, "amendment_paragraphs": null, "modified_final_version": null, "reason": null, "category_weight": null, "state_extension": null, "recommendation_extension": null, "sort_weight": null, "created": null, "last_modified": null, "workflow_timestamp": null, "start_line_number": null, "forwarded": null, "additional_submitter": null, "lead_motion_id": null, "amendment_ids": null, "sort_parent_id": null, "sort_child_ids": null, "origin_id": null, "origin_meeting_id": null, "derived_motion_ids": null, "all_origin_ids": null, "all_derived_motion_ids": null, "identical_motion_ids": null, "state_id": null, "recommendation_id": null, "state_extension_reference_ids": null, "referenced_in_motion_state_extension_ids": null, "recommendation_extension_reference_ids": null, "referenced_in_motion_recommendation_extension_ids": null, "category_id": null, "block_id": null, "submitter_ids": null, "supporter_meeting_user_ids": null, "editor_ids": null, "working_group_speaker_ids": null, "poll_ids": null, "change_recommendation_ids": { "type": "relation-list", "collection": "motion_change_recommendation", "fields": { "id": null, "rejected": null, "internal": null, "type": null, "other_description": null, "line_from": null, "line_to": null, "text": null, "creation_time": null, "motion_id": null, "meeting_id": null } }, "comment_ids": null, "agenda_item_id": null, "list_of_speakers_id": null, "tag_ids": null, "attachment_meeting_mediafile_ids": null, "projection_ids": null, "personal_note_ids": null, "meeting_id": null } }, "change_recommendation_ids": { "type": "relation-list", "collection": "motion_change_recommendation", "fields": { "id": null, "rejected": null, "internal": null, "type": null, "other_description": null, "line_from": null, "line_to": null, "text": null, "creation_time": null, "motion_id": null, "meeting_id": null } }, "category_id": { "type": "relation", "collection": "motion_category", "fields": { "name": null, "id": null } }, "block_id": { "type": "relation", "collection": "motion_block", "fields": { "title": null, "id": null } }, "meeting_id": { "type": "relation", "collection": "meeting", "fields": { "name": null, "motions_line_length": null, "id": null, "projector_countdown_default_time": null } } } } ] ```

[ostcar]

I don't understand. Which restriction mode should be changed in which case?

[ostcar]

I guess, the new rule is:

// The user can see a motion if:
//
//      The user has motion.can_see in the meeting or
//              the user has motion.can_see_origin and can see a motion in `motion/all_derived_motion_ids`
//
//      and for one `restriction` in the motion's state `state/restriction` field:
//          If: `restriction` is `is_submitter`: The user needs to be a submitter of the motion
//          Else: (a permission string): The user needs the permission
//
//             and - for amendments (lead_motion_id != null) - the user can also see the lead motion.

[bastianjoel]

Correct

[ostcar]

@bastianjoel I need another explanation. With the following example:

There is meetingA and meetingB, in meetingA is a motionA and it is derived to meetingB as motionB

Can you give me an example which user with which permissions in which meetings can see which motion?

[ostcar]

After thinking more about this, I think the rule is:

The user has motion.can_see in the meeting or
for one of the motions in `motion/all_derived_motion_ids` the user has motion.can_see_origin in the corresponding meeting

For my example. A user is in meetingB and has motion.can_see_origin in meetingB and no permissions in meetingA. Now, asks the autoupdate-service for motionA. In this case, the autoupdate-service has to look throw all motions from motionA/all_derived_motion_ids, then look at the meetingID from this motions (it will find the ID from motionB) and then look if the user has motion.can_see_origin in this meeting.

If this is correct, then you can review my PR

[ostcar]

@luisa-beerboom You wrote this comment, so I want to include you to this discussion.

What about the following collections:

• motion_block
• motion_category
• motion_change_recommendation
• motion_comment_section
• motion_statute_paragraph
• motion_workflow They all depend on motion.can_see and not, if the user can see the linked motion. Does the client need fields from one of this collection when showing a forwarded motion?

motion_comment is a bit special. Currently, it can be seen, if you can see the linked motion AND is in a special group inside the original meeting.

[bastianjoel]

motion_comment_section, motion_statute_paragraph, motion_workflow and motion_comment are not needed.

But motion_submitter + (user, meeting_user) and poll + (option, vote) are also needed.

[luisa-beerboom]

I'll follow what @bastianjoel says on this one, as he is the one who is working on the client. I only partook in the initial conceptualization when it came to this issue.