#8854 fix acl error in anon mode (#8857)

* #8854 fix acl error in anon mode

* #8854 fix test failure

plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-acl.js

@@ -39,7 +39,10 @@ exports.handler = function (request, response, state) {
 	var permissions = state.server.sqlTiddlerDatabase.listPermissions();
 
 	// This ensures that the user attempting to view the ACL management page has permission to do so
-	if(!state.authenticatedUser?.isAdmin && (!state.authenticatedUser || (recipeAclRecords.length > 0 && !sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser.user_id, recipeName, 'WRITE')))){
+	if(!state.authenticatedUser?.isAdmin && 
+		!state.firstGuestUser &&
+		(!state.authenticatedUser || (recipeAclRecords.length > 0 && !sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser.user_id, recipeName, 'WRITE')))
+	){
 		response.writeHead(403, "Forbidden");
 		response.end();
 		return

plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-index.js

@@ -33,7 +33,12 @@ exports.handler = function(request,response,state) {
 		// filter bags and recipies by user's read access from ACL
 		var allowedRecipes = recipeList.filter(recipe => recipe.recipe_name.startsWith("$:/") || state.authenticatedUser?.isAdmin || sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ') || state.allowAnon && state.allowAnonReads);
 		var allowedBags = bagList.filter(bag => bag.bag_name.startsWith("$:/") || state.authenticatedUser?.isAdmin || sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ') || state.allowAnon && state.allowAnonReads);
-
+		allowedRecipes = allowedRecipes.map(recipe => {
+			return {
+				...recipe,
+				has_acl_access: state.authenticatedUser?.isAdmin || recipe.owner_id === state.authenticatedUser?.user_id || sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'WRITE')
+			}
+		});
 		// Render the html
 		var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{
 			variables: {

plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js

@@ -234,7 +234,7 @@ Returns array of {recipe_name:,recipe_id:,description:,bag_names: []}
 */
 SqlTiddlerDatabase.prototype.listRecipes = function() {
 	const rows = this.engine.runStatementGetAll(`
-		SELECT r.recipe_name, r.recipe_id, r.description, b.bag_name, rb.position
+		SELECT r.recipe_name, r.recipe_id, r.description, r.owner_id, b.bag_name, rb.position
 		FROM recipes AS r
 		JOIN recipe_bags AS rb ON rb.recipe_id = r.recipe_id
 		JOIN bags AS b ON rb.bag_id = b.bag_id
@@ -250,6 +250,7 @@ SqlTiddlerDatabase.prototype.listRecipes = function() {
 				recipe_name: row.recipe_name,
 				recipe_id: row.recipe_id,
 				description: row.description,
+				owner_id: row.owner_id,
 				bag_names: []
 			});
 		}

plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-database.js

@@ -49,10 +49,10 @@ function runSqlDatabaseTests(engine) {
 		expect(sqlTiddlerDatabase.createRecipe("recipe-tau",["bag-alpha"],"Recipe tau")).toEqual(3);
 		expect(sqlTiddlerDatabase.createRecipe("recipe-upsilon",["bag-alpha","bag-gamma","bag-beta"],"Recipe upsilon")).toEqual(4);
 		expect(sqlTiddlerDatabase.listRecipes()).toEqual([
-			{ recipe_name: 'recipe-rho', recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho" },
+			{ recipe_name: 'recipe-rho', recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho", owner_id: null },
-			{ recipe_name: 'recipe-sigma', recipe_id: 2, bag_names: ["bag-alpha","bag-gamma"], description: "Recipe sigma" },
+			{ recipe_name: 'recipe-sigma', recipe_id: 2, bag_names: ["bag-alpha","bag-gamma"], description: "Recipe sigma", owner_id: null },
-			{ recipe_name: 'recipe-tau', recipe_id: 3, bag_names: ["bag-alpha"], description: "Recipe tau" },
+			{ recipe_name: 'recipe-tau', recipe_id: 3, bag_names: ["bag-alpha"], description: "Recipe tau", owner_id: null },
-			{ recipe_name: 'recipe-upsilon', recipe_id: 4, bag_names: ["bag-alpha","bag-gamma","bag-beta"], description: "Recipe upsilon" }
+			{ recipe_name: 'recipe-upsilon', recipe_id: 4, bag_names: ["bag-alpha","bag-gamma","bag-beta"], description: "Recipe upsilon", owner_id: null }
 		]);
 		expect(sqlTiddlerDatabase.getRecipeBags("recipe-rho")).toEqual(["bag-alpha","bag-beta"]);
 		expect(sqlTiddlerDatabase.getRecipeBags("recipe-sigma")).toEqual(["bag-alpha","bag-gamma"]);

plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-store.js

@@ -96,7 +96,7 @@ function runSqlStoreTests(engine) {
 		expect(store.createRecipe("recipe-rho",["bag-alpha","bag-beta"],"Recipe rho")).toEqual(null);
 
 		expect(store.listRecipes()).toEqual([
-			{ recipe_name: "recipe-rho", recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho" }
+			{ recipe_name: "recipe-rho", recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho", owner_id: null }
 		]);
 	});
 

plugins/tiddlywiki/multiwikiserver/templates/get-index.tid

@@ -89,18 +89,20 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/get-index
 						</div>
 					</div>
 					<div class="mws-wiki-card-actions">
-						<$set name="last-bag" value={{{ [<recipe-info>jsonget[bag_names]last[]] }}}>
+					  <$list filter="[<recipe-info>jsonget[has_acl_access]match[true]]">
-							<a 
+							<$set name="last-bag" value={{{ [<recipe-info>jsonget[bag_names]last[]] }}}>
-								href={{{ [<recipe-name>addprefix[/admin/acl/]addsuffix[/]addsuffix<last-bag>] }}}
+								<a 
-								class="mws-wiki-card-action"
+									href={{{ [<recipe-name>addprefix[/admin/acl/]addsuffix[/]addsuffix<last-bag>] }}}
-								title="Manage ACL"
+									class="mws-wiki-card-action"
-							>
+									title="Manage ACL"
-								<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+								>
-									<rect x="3" y="11" width="18" height="11" rx="2" ry="2"></rect>
+									<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
-									<path d="M7 11V7a5 5 0 0 1 10 0v4"></path>
+										<rect x="3" y="11" width="18" height="11" rx="2" ry="2"></rect>
-								</svg>
+										<path d="M7 11V7a5 5 0 0 1 10 0v4"></path>
-							</a>
+									</svg>
-						</$set>
+								</a>
+							</$set>
+						</$list>
 					</div>
 				</div>
 			</$let>