✨(backend) add child_set_role_to field to document access abilities

The frontend needs to know what options to propose for an access that
would be created on a child document. This depends on the access
a user/team already has with ancestors...

Author: sampaccoud

src/backend/core/api/viewsets.py

@@ -1451,24 +1451,23 @@ def list(self, request, *args, **kwargs):
         accesses = list(queryset.order_by("document__path"))
 
         # Annotate more information on roles
-        path_to_key_to_max_ancestors_role = defaultdict(
-            lambda: defaultdict(lambda: None)
-        )
+        # - accesses of the user (direct or via a team)
         path_to_ancestors_roles = defaultdict(list)
         path_to_role = defaultdict(lambda: None)
+        # - accesses of other users and teams
+        key_to_path_to_max_ancestors_role = defaultdict(
+            lambda: defaultdict(lambda: None)
+        )
         for access in accesses:
             key = access.target_key
             path = access.document.path
             parent_path = path[: -models.Document.steplen]
 
-            path_to_key_to_max_ancestors_role[path][key] = choices.RoleChoices.max(
-                path_to_key_to_max_ancestors_role[path][key], access.role
-            )
-
             if parent_path:
-                path_to_key_to_max_ancestors_role[path][key] = choices.RoleChoices.max(
-                    path_to_key_to_max_ancestors_role[parent_path][key],
-                    path_to_key_to_max_ancestors_role[path][key],
+                key_to_path_to_max_ancestors_role[key][parent_path] = (
+                    choices.RoleChoices.max(
+                        *key_to_path_to_max_ancestors_role[key].values()
+                    )
                 )
                 path_to_ancestors_roles[path].extend(
                     path_to_ancestors_roles[parent_path]
@@ -1477,6 +1476,10 @@ def list(self, request, *args, **kwargs):
             else:
                 path_to_ancestors_roles[path] = []
 
+            key_to_path_to_max_ancestors_role[key][path] = choices.RoleChoices.max(
+                key_to_path_to_max_ancestors_role[key][parent_path], access.role
+            )
+
             if access.user_id == user.id or access.team in user.teams:
                 path_to_role[path] = choices.RoleChoices.max(
                     path_to_role[path], access.role
@@ -1490,7 +1493,7 @@ def list(self, request, *args, **kwargs):
             path = access.document.path
             parent_path = path[: -models.Document.steplen]
             access.max_ancestors_role = (
-                path_to_key_to_max_ancestors_role[parent_path][access.target_key]
+                key_to_path_to_max_ancestors_role[access.target_key][parent_path]
                 if parent_path
                 else None
             )

src/backend/core/models.py

@@ -1150,13 +1150,20 @@ def get_abilities(self, user):
             for candidate_role in set_role_to
             if RoleChoices.get_priority(candidate_role) > ancestors_role_priority
         ]
+        child_set_role_to = [
+            candidate_role
+            for candidate_role in set_role_to
+            if RoleChoices.get_priority(candidate_role)
+            > RoleChoices.get_priority(self.role)
+        ]
 
         return {
             "destroy": can_delete,
             "update": bool(set_role_to) and is_owner_or_admin,
             "partial_update": bool(set_role_to) and is_owner_or_admin,
             "retrieve": (self.user and self.user.id == user.id) or is_owner_or_admin,
             "set_role_to": set_role_to,
+            "child_set_role_to": child_set_role_to,
         }