managePublic is always optional for binding YQ-1168

ref:2b579c2a74d46b10c133dc0623f1b13f53607da4
author: Oleg Doronin <fortan57@gmail.com> 2022-06-17 01:39:17 +0300
committer: Oleg Doronin <fortan57@gmail.com> 2022-06-17 01:39:17 +0300
commit: f9e17d35f75ad45a460f8df61b18b502449991a5 (patch)
tree: af691594fb0882b1f92a5ca19646da4ba4776da5
parent: ecef3b974fb0731c0436f5247e6d8a51600aff82 (diff)
download: ydb-f9e17d35f75ad45a460f8df61b18b502449991a5.tar.gz
1 files changed, 12 insertions, 8 deletions
diff --git a/ydb/services/yq/grpc_service.cpp b/ydb/services/yq/grpc_service.cpp
index 69a20ecccd3..188e39d13bb 100644
--- a/ydb/services/yq/grpc_service.cpp
+++ b/ydb/services/yq/grpc_service.cpp
@@ -184,13 +184,15 @@ void TGRpcYandexQueryService::SetupIncomingRequests(NGrpc::TLoggerPtr logger) {
         };
     }};
 
-    static const std::function CreateBindingPermissions{[](const YandexQuery::CreateBindingRequest& request) {
+    static const std::function CreateBindingPermissions{[](const YandexQuery::CreateBindingRequest&) {
         TVector<NPerms::TPermission> permissions{
             NPerms::Required("yq.bindings.create"),
         };
-        if (request.content().acl().visibility() == YandexQuery::Acl::SCOPE) {
-            permissions.push_back(NPerms::Required("yq.resources.managePublic"));
-        }
+        // For use in binding links on connection with visibility SCOPE,
+        // the yq.resources.managePublic permission is required. But there
+        // is no information about connection visibility in this place,
+        // so yq.resources.managePublic is always requested as optional
+        permissions.push_back(NPerms::Optional("yq.resources.managePublic"));
         return permissions;
     }};
 
@@ -210,14 +212,16 @@ void TGRpcYandexQueryService::SetupIncomingRequests(NGrpc::TLoggerPtr logger) {
         };
     }};
 
-    static const std::function ModifyBindingPermissions{[](const YandexQuery::ModifyBindingRequest& request) {
+    static const std::function ModifyBindingPermissions{[](const YandexQuery::ModifyBindingRequest&) {
         TVector<NPerms::TPermission> permissions{
             NPerms::Required("yq.bindings.update"),
             NPerms::Optional("yq.resources.managePrivate")
         };
-        if (request.content().acl().visibility() == YandexQuery::Acl::SCOPE) {
-            permissions.push_back(NPerms::Required("yq.resources.managePublic"));
-        }
+        // For use in binding links on connection with visibility SCOPE,
+        // the yq.resources.managePublic permission is required. But there
+        // is no information about connection visibility in this place,
+        // so yq.resources.managePublic is always requested as optional
+        permissions.push_back(NPerms::Optional("yq.resources.managePublic"));
         return permissions;
     }};
author	Oleg Doronin <fortan57@gmail.com>	2022-06-17 01:39:17 +0300
committer	Oleg Doronin <fortan57@gmail.com>	2022-06-17 01:39:17 +0300
commit	f9e17d35f75ad45a460f8df61b18b502449991a5 (patch)
tree	af691594fb0882b1f92a5ca19646da4ba4776da5
parent	ecef3b974fb0731c0436f5247e6d8a51600aff82 (diff)
download	ydb-f9e17d35f75ad45a460f8df61b18b502449991a5.tar.gz