SF-3637 Backend changes

pmachapman · pmachapman · commit 7efc7149b35f · 2025-11-11T13:56:42.000+13:00
diff --git a/src/SIL.XForge.Scripture/Services/MachineApiService.cs b/src/SIL.XForge.Scripture/Services/MachineApiService.cs
@@ -488,12 +488,13 @@ await hubContext.NotifyDraftApplyProgress(
                     continue;
                 }
 
-                bool canWriteChapter =
-                    targetProjectDoc
-                        .Data.Texts[textIndex]
-                        .Chapters[chapterIndex]
-                        .Permissions.TryGetValue(curUserId, out string chapterPermission)
-                    && chapterPermission == TextInfoPermission.Write;
+                // If a user does not have permission set at chapter level, use the book level permission
+                bool canWriteChapter = targetProjectDoc
+                    .Data.Texts[textIndex]
+                    .Chapters[chapterIndex]
+                    .Permissions.TryGetValue(curUserId, out string chapterPermission)
+                    ? chapterPermission == TextInfoPermission.Write
+                    : canWriteBook;
                 if (!canWriteChapter)
                 {
                     // Remove the chapter from the project if we created it, and proceed to add the next chapter
diff --git a/src/SIL.XForge.Scripture/Services/ParatextService.cs b/src/SIL.XForge.Scripture/Services/ParatextService.cs
@@ -876,7 +876,8 @@ public async Task<Dictionary<string, string>> GetPermissionsAsync(
                     || scrText!.Permissions.GetRole(userName) == UserRoles.None
                 )
                 {
-                    permissions.Add(uid, TextInfoPermission.None);
+                    // The user will either have read only access or no access
+                    // This will be handled by their role on the project (or lack of role) on the project
                 }
                 else
                 {
@@ -1775,11 +1776,13 @@ await projectDoc.SubmitJson0OpAsync(op =>
                             {
                                 int chapterIndex = j;
                                 int chapterNumber = text.Chapters[chapterIndex].Number;
-                                if (editableChapters.Contains(chapterNumber) || currentUserIsAdministrator)
+
+                                // Only record chapter level permissions that contradict the book level permissions
+                                if (!(editableChapters.Contains(chapterNumber) || currentUserIsAdministrator))
                                 {
                                     op.Set(
                                         p => p.Texts[textIndex].Chapters[chapterIndex].Permissions[user.SFUserId],
-                                        TextInfoPermission.Write
+                                        TextInfoPermission.Read
                                     );
                                 }
                             }
diff --git a/src/SIL.XForge.Scripture/Services/ParatextSyncRunner.cs b/src/SIL.XForge.Scripture/Services/ParatextSyncRunner.cs
@@ -1150,6 +1150,22 @@ internal async Task<Dictionary<int, string>> GetChapterAuthorsAsync(
         SortedList<int, IDocument<TextData>> textDocs
     )
     {
+        bool hasWritePermission(string userId, Chapter chapter)
+        {
+            // If the user has a chapter permission, use that, otherwise fall back to the book permission
+            if (!text.Permissions.TryGetValue(userId, out string bookPermission))
+            {
+                bookPermission = TextInfoPermission.None;
+            }
+
+            if (!chapter.Permissions.TryGetValue(userId, out string chapterPermission))
+            {
+                chapterPermission = bookPermission;
+            }
+
+            return chapterPermission == TextInfoPermission.Write;
+        }
+
         // Get all of the last editors for the chapters.
         var chapterAuthors = new Dictionary<int, string>();
         foreach (Chapter chapter in text.Chapters)
@@ -1167,11 +1183,7 @@ SortedList<int, IDocument<TextData>> textDocs
                 userSFId = await _realtimeService.GetLastModifiedUserIdAsync<TextData>(textId, version);
 
                 // Check that this user still has write permissions
-                if (
-                    string.IsNullOrEmpty(userSFId)
-                    || !chapter.Permissions.TryGetValue(userSFId, out string permission)
-                    || permission != TextInfoPermission.Write
-                )
+                if (string.IsNullOrEmpty(userSFId) || !hasWritePermission(userSFId, chapter))
                 {
                     // They no longer have write access, so reset the user id, and find it below
                     userSFId = null;
@@ -1182,18 +1194,17 @@ SortedList<int, IDocument<TextData>> textDocs
             if (string.IsNullOrEmpty(userSFId))
             {
                 // See if the current user has permissions
-                if (
-                    chapter.Permissions.TryGetValue(_userSecret.Id, out string permission)
-                    && permission == TextInfoPermission.Write
-                )
+                if (hasWritePermission(_userSecret.Id, chapter))
                 {
                     userSFId = _userSecret.Id;
                 }
                 else
                 {
                     // Get the first user with write permission
                     // NOTE: As a KeyValuePair is a struct, we do not need a null-conditional (key will be null)
-                    userSFId = chapter.Permissions.FirstOrDefault(p => p.Value == TextInfoPermission.Write).Key;
+                    userSFId =
+                        chapter.Permissions.FirstOrDefault(p => p.Value == TextInfoPermission.Write).Key
+                        ?? text.Permissions.FirstOrDefault(p => p.Value == TextInfoPermission.Write).Key;
 
                     // If the userId is still null, find a project administrator, as they can escalate privilege
                     if (string.IsNullOrEmpty(userSFId))
diff --git a/src/SIL.XForge.Scripture/Services/SFProjectService.cs b/src/SIL.XForge.Scripture/Services/SFProjectService.cs
@@ -1405,19 +1405,23 @@ public async Task UpdatePermissionsAsync(
             }
             Models.TextInfo text = projectDoc.Data.Texts[textIndex];
             List<Chapter> chapters = text.Chapters;
-            Dictionary<string, string> bookPermissions = null;
+            Dictionary<string, string> bookPermissions;
             IEnumerable<(
                 int bookIndex,
                 int chapterIndex,
                 Dictionary<string, string> chapterPermissions
-            )> chapterPermissionsInBook = null;
+            )> chapterPermissionsInBook;
 
             if (isResource)
             {
-                bookPermissions = resourcePermissions;
-                // Prepare to write the same resource permission for each chapter in the book/text.
+                // Do not write any read permissions for resources
+                bookPermissions = resourcePermissions
+                    .Where(kvp => kvp.Value != TextInfoPermission.Read)
+                    .ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
+
+                // Chapter permissions will not vary from book permissions for resources
                 chapterPermissionsInBook = chapters.Select(
-                    (Chapter chapter, int chapterIndex) => (textIndex, chapterIndex, bookPermissions)
+                    (_, chapterIndex) => (textIndex, chapterIndex, new Dictionary<string, string>())
                 );
             }
             else
@@ -1444,11 +1448,25 @@ Dictionary<string, string> chapterPermissions
                                 chapter.Number,
                                 token
                             );
+
+                            // Only save chapter permissions where they differ from the book permissions
+                            chapterPermissions = chapterPermissions
+                                .Where(kvp =>
+                                    !bookPermissions.TryGetValue(kvp.Key, out string bookPermission)
+                                    || bookPermission != kvp.Value
+                                )
+                                .ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
                             return (textIndex, chapterIndex, chapterPermissions);
                         }
                     )
                 );
+
+                // Only save write permissions - all other users will have read if they are on the project
+                bookPermissions = bookPermissions
+                    .Where(kvp => kvp.Value != TextInfoPermission.Read)
+                    .ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
             }
+
             projectChapterPermissions.AddRange(chapterPermissionsInBook);
             projectBookPermissions.Add((textIndex, bookPermissions));
         }
@@ -1575,19 +1593,24 @@ int lastVerse
             throw new DataNotFoundException("The chapter does not exist.");
         }
 
-        // Ensure the user has permission for this chapter
+        // Ensure the user can write to this chapter
+        if (!projectDoc.Data.Texts[textIndex].Permissions.TryGetValue(userId, out string bookPermission))
+        {
+            bookPermission = TextInfoPermission.None;
+        }
+
         if (
             !projectDoc
                 .Data.Texts[textIndex]
                 .Chapters[chapterIndex]
-                .Permissions.TryGetValue(userId, out string permission)
+                .Permissions.TryGetValue(userId, out string chapterPermission)
         )
         {
-            throw new ForbiddenException();
+            chapterPermission = bookPermission;
         }
 
         // Ensure the user can write to this chapter
-        if (permission != TextInfoPermission.Write)
+        if (chapterPermission != TextInfoPermission.Write)
         {
             throw new ForbiddenException();
         }
@@ -1644,19 +1667,24 @@ public async Task SetIsValidAsync(string userId, string projectId, int book, int
             throw new DataNotFoundException("The chapter does not exist.");
         }
 
-        // Ensure the user has permission for this chapter
+        // Ensure the user can write to this chapter
+        if (!projectDoc.Data.Texts[textIndex].Permissions.TryGetValue(userId, out string bookPermission))
+        {
+            bookPermission = TextInfoPermission.None;
+        }
+
         if (
             !projectDoc
                 .Data.Texts[textIndex]
                 .Chapters[chapterIndex]
-                .Permissions.TryGetValue(userId, out string permission)
+                .Permissions.TryGetValue(userId, out string chapterPermission)
         )
         {
-            throw new ForbiddenException();
+            chapterPermission = bookPermission;
         }
 
         // Ensure the user can write to this chapter
-        if (permission != TextInfoPermission.Write)
+        if (chapterPermission != TextInfoPermission.Write)
         {
             throw new ForbiddenException();
         }
diff --git a/test/SIL.XForge.Scripture.Tests/Services/ParatextServiceTests.cs b/test/SIL.XForge.Scripture.Tests/Services/ParatextServiceTests.cs
@@ -469,7 +469,7 @@ public async Task GetPermissionsAsync_AllBooksAndAutomaticBooks_HasBookLevelPerm
             ptUsernameMapping,
             40
         );
-        string[] expected = [TextInfoPermission.Write, TextInfoPermission.None, TextInfoPermission.None];
+        string[] expected = [TextInfoPermission.Write];
         Assert.That(permissions.Values, Is.EquivalentTo(expected));
         // User01 permission to Mark explicitly and automatically
         permissions = await env.Service.GetPermissionsAsync(user01Secret, project, ptUsernameMapping, 41);
@@ -503,8 +503,8 @@ public async Task GetPermissionsAsync_AllBooksAndAutomaticBooks_IsConsultant()
             40
         );
 
-        // Ensure the user has read only access to Matthew and Mark
-        string[] expected = [TextInfoPermission.Read, TextInfoPermission.None, TextInfoPermission.None];
+        // Ensure the user has read only access to Matthew
+        string[] expected = [TextInfoPermission.Read];
         Assert.That(permissions.Values, Is.EquivalentTo(expected));
     }
 
@@ -533,11 +533,11 @@ public async Task GetPermissionsAsync_AutomaticBooks_HasBookLevelPermission()
             ptUsernameMapping,
             40
         );
-        string[] expected = [TextInfoPermission.Read, TextInfoPermission.None, TextInfoPermission.None];
+        string[] expected = [TextInfoPermission.Read];
         Assert.That(permissions.Values, Is.EquivalentTo(expected));
         // User01 has permission to Mark automatically
         permissions = await env.Service.GetPermissionsAsync(user01Secret, project, ptUsernameMapping, 41);
-        expected = [TextInfoPermission.Write, TextInfoPermission.None, TextInfoPermission.None];
+        expected = [TextInfoPermission.Write];
         Assert.That(permissions.Values, Is.EquivalentTo(expected));
     }
 
@@ -6689,7 +6689,7 @@ public async Task UpdateParatextPermissionsForNewBooksAsync_UpdatesMongo()
         SyncMetricInfo expected = new SyncMetricInfo { Updated = 1 };
         Assert.AreEqual(expected, actual);
         Assert.AreEqual(TextInfoPermission.Write, projectDoc.Data.Texts[0].Permissions[env.User01]);
-        Assert.AreEqual(TextInfoPermission.Write, projectDoc.Data.Texts[0].Chapters[0].Permissions[env.User01]);
+        Assert.IsFalse(projectDoc.Data.Texts[0].Chapters[0].Permissions.ContainsKey(env.User01));
     }
 
     [Test]
diff --git a/test/SIL.XForge.Scripture.Tests/Services/SFProjectServiceTests.cs b/test/SIL.XForge.Scripture.Tests/Services/SFProjectServiceTests.cs

Original file line number	Diff line number	Diff line change
`@@ -876,7 +876,8 @@ public async Task<Dictionary<string, string>> GetPermissionsAsync(`
`876`	`876`	`\|\| scrText!.Permissions.GetRole(userName) == UserRoles.None`
`877`	`877`	`)`
`878`	`878`	`{`
`879`		`- permissions.Add(uid, TextInfoPermission.None);`
	`879`	`+ // The user will either have read only access or no access`
	`880`	`+ // This will be handled by their role on the project (or lack of role) on the project`
`880`	`881`	`}`
`881`	`882`	`else`
`882`	`883`	`{`
`@@ -1775,11 +1776,13 @@ await projectDoc.SubmitJson0OpAsync(op =>`
`1775`	`1776`	`{`
`1776`	`1777`	`int chapterIndex = j;`
`1777`	`1778`	`int chapterNumber = text.Chapters[chapterIndex].Number;`
`1778`		`- if (editableChapters.Contains(chapterNumber) \|\| currentUserIsAdministrator)`
	`1779`	`+`
	`1780`	`+ // Only record chapter level permissions that contradict the book level permissions`
	`1781`	`+ if (!(editableChapters.Contains(chapterNumber) \|\| currentUserIsAdministrator))`
`1779`	`1782`	`{`
`1780`	`1783`	`op.Set(`
`1781`	`1784`	`p => p.Texts[textIndex].Chapters[chapterIndex].Permissions[user.SFUserId],`
`1782`		`- TextInfoPermission.Write`
	`1785`	`+ TextInfoPermission.Read`
`1783`	`1786`	`);`
`1784`	`1787`	`}`
`1785`	`1788`	`}`
Original file line number	Diff line number	Diff line change
`@@ -469,7 +469,7 @@ public async Task GetPermissionsAsync_AllBooksAndAutomaticBooks_HasBookLevelPerm`
`469`	`469`	`ptUsernameMapping,`
`470`	`470`	`40`
`471`	`471`	`);`
`472`		`- string[] expected = [TextInfoPermission.Write, TextInfoPermission.None, TextInfoPermission.None];`
	`472`	`+ string[] expected = [TextInfoPermission.Write];`
`473`	`473`	`Assert.That(permissions.Values, Is.EquivalentTo(expected));`
`474`	`474`	`// User01 permission to Mark explicitly and automatically`
`475`	`475`	`permissions = await env.Service.GetPermissionsAsync(user01Secret, project, ptUsernameMapping, 41);`
`@@ -503,8 +503,8 @@ public async Task GetPermissionsAsync_AllBooksAndAutomaticBooks_IsConsultant()`
`503`	`503`	`40`
`504`	`504`	`);`
`505`	`505`
`506`		`- // Ensure the user has read only access to Matthew and Mark`
`507`		`- string[] expected = [TextInfoPermission.Read, TextInfoPermission.None, TextInfoPermission.None];`
	`506`	`+ // Ensure the user has read only access to Matthew`
	`507`	`+ string[] expected = [TextInfoPermission.Read];`
`508`	`508`	`Assert.That(permissions.Values, Is.EquivalentTo(expected));`
`509`	`509`	`}`
`510`	`510`
`@@ -533,11 +533,11 @@ public async Task GetPermissionsAsync_AutomaticBooks_HasBookLevelPermission()`
`533`	`533`	`ptUsernameMapping,`
`534`	`534`	`40`
`535`	`535`	`);`
`536`		`- string[] expected = [TextInfoPermission.Read, TextInfoPermission.None, TextInfoPermission.None];`
	`536`	`+ string[] expected = [TextInfoPermission.Read];`
`537`	`537`	`Assert.That(permissions.Values, Is.EquivalentTo(expected));`
`538`	`538`	`// User01 has permission to Mark automatically`
`539`	`539`	`permissions = await env.Service.GetPermissionsAsync(user01Secret, project, ptUsernameMapping, 41);`
`540`		`- expected = [TextInfoPermission.Write, TextInfoPermission.None, TextInfoPermission.None];`
	`540`	`+ expected = [TextInfoPermission.Write];`
`541`	`541`	`Assert.That(permissions.Values, Is.EquivalentTo(expected));`
`542`	`542`	`}`
`543`	`543`
`@@ -6689,7 +6689,7 @@ public async Task UpdateParatextPermissionsForNewBooksAsync_UpdatesMongo()`
`6689`	`6689`	`SyncMetricInfo expected = new SyncMetricInfo { Updated = 1 };`
`6690`	`6690`	`Assert.AreEqual(expected, actual);`
`6691`	`6691`	`Assert.AreEqual(TextInfoPermission.Write, projectDoc.Data.Texts[0].Permissions[env.User01]);`
`6692`		`- Assert.AreEqual(TextInfoPermission.Write, projectDoc.Data.Texts[0].Chapters[0].Permissions[env.User01]);`
	`6692`	`+ Assert.IsFalse(projectDoc.Data.Texts[0].Chapters[0].Permissions.ContainsKey(env.User01));`
`6693`	`6693`	`}`
`6694`	`6694`
`6695`	`6695`	`[Test]`