Policies authorization: legacy code or undefined rules
Summary
Policies controller file includes authorization check based on these rules:
https://github.com/SciCatProject/scicat-backend-next/blob/3e4dc8b3f68b65ff940d2c3dd68e026aedfe4cf2/src/policies/policies.controller.ts#L89-L90
These rules, however, don't exist in the casl-ability.factory.ts. Since they don't exist, the ability would be evaluated to false. Then the whole function updateMergedFiltersForList in policies.controller.ts is redundant as it's main purpose is to modify the filters, which would only happen based on if condition that is never met.
This function is probably left there unchanged after some changes were made.
I don't know exactly what policies are supposed to do. So I don't quite understand if it's legacy code or something that was not restructured during changes.
Policies authorization: legacy code or undefined rules
Summary
Policies controller file includes authorization check based on these rules: https://github.com/SciCatProject/scicat-backend-next/blob/3e4dc8b3f68b65ff940d2c3dd68e026aedfe4cf2/src/policies/policies.controller.ts#L89-L90 These rules, however, don't exist in the casl-ability.factory.ts. Since they don't exist, the ability would be evaluated to false. Then the whole function
updateMergedFiltersForList
in policies.controller.ts is redundant as it's main purpose is to modify the filters, which would only happen based on if condition that is never met. This function is probably left there unchanged after some changes were made. I don't know exactly what policies are supposed to do. So I don't quite understand if it's legacy code or something that was not restructured during changes.