#4582 Fix deep permission inheritance

gchq · Nov 1, 2024 · cd829ee · cd829ee
1 parent a2fadcd
commit cd829ee
Showing 1 changed file with 11 additions and 12 deletions.
diff --git a/...troom-security-impl/src/main/java/stroom/security/impl/DocumentPermissionServiceImpl.java b/...troom-security-impl/src/main/java/stroom/security/impl/DocumentPermissionServiceImpl.java
@@ -227,19 +227,19 @@ public void addDocumentPermissions(final DocRef sourceDocRef, final DocRef destD
 
     private void checkGetPermission(final DocRef docRef) {
         if (!securityContext.hasAppPermission(AppPermission.MANAGE_USERS_PERMISSION) &&
-                !securityContext.hasDocumentPermission(docRef, DocumentPermission.OWNER)) {
+            !securityContext.hasDocumentPermission(docRef, DocumentPermission.OWNER)) {
             throw new PermissionException(securityContext.getUserRef(), "You do not have permission to get " +
-                    "permissions of " +
-                    docRef.getDisplayValue());
+                                                                        "permissions of " +
+                                                                        docRef.getDisplayValue());
         }
     }
 
     private void checkSetPermission(final DocRef docRef) {
         if (!securityContext.hasAppPermission(AppPermission.MANAGE_USERS_PERMISSION) &&
-                !securityContext.hasDocumentPermission(docRef, DocumentPermission.OWNER)) {
+            !securityContext.hasDocumentPermission(docRef, DocumentPermission.OWNER)) {
             throw new PermissionException(securityContext.getUserRef(), "You do not have permission to change " +
-                    "permissions of " +
-                    docRef.getDisplayValue());
+                                                                        "permissions of " +
+                                                                        docRef.getDisplayValue());
         }
     }
 
@@ -303,9 +303,9 @@ private void checkSetPermission(final DocRef docRef) {
     @Override
     public DocumentUserPermissions getPermissions(final DocRef docRef, final UserRef userRef) {
         if (!securityContext.hasAppPermission(AppPermission.MANAGE_USERS_PERMISSION) &&
-                !userRef.equals(securityContext.getUserRef())) {
+            !userRef.equals(securityContext.getUserRef())) {
             throw new PermissionException(securityContext.getUserRef(), "You do not have permission to view user " +
-                    "permissions");
+                                                                        "permissions");
         }
 
         final DocumentPermission permission = documentPermissionDao
@@ -470,10 +470,9 @@ private void addDeepPermissions(final DocRef docRef,
                     final DocumentPermission documentPermission = documentPermissionDao
                             .getDocumentUserPermission(docRef.getUuid(), group.getUuid());
                     if (documentPermission != null) {
-                        if (inheritedPermission.get() != null) {
-                            if (!inheritedPermission.get().isEqualOrHigher(documentPermission)) {
-                                inheritedPermission.set(documentPermission);
-                            }
+                        if (inheritedPermission.get() == null ||
+                            !inheritedPermission.get().isEqualOrHigher(documentPermission)) {
+                            inheritedPermission.set(documentPermission);
                         }
                     }
                     final Set<String> documentUserCreatePermissions = documentPermissionDao