From 30f06fa5a4826951e90e82d0dd8c88628b2f1d5a Mon Sep 17 00:00:00 2001
From: Erik Bruchez <ebruchez@orbeon.com>
Date: Tue, 22 Nov 2022 14:40:26 -0800
Subject: [PATCH] For #2753: new `ignore-admin-permissions` parameter

---
 .../jvm/src/main/resources/apps/fr/home/home.xhtml |  2 +-
 .../orbeon/oxf/fr/FormBuilderPermissionsOps.scala  | 14 +++++++++-----
 .../proxy/PersistenceProxyProcessor.scala          |  5 +++--
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/form-runner/jvm/src/main/resources/apps/fr/home/home.xhtml b/form-runner/jvm/src/main/resources/apps/fr/home/home.xhtml
index 15e491ecf3..a94d244b49 100644
--- a/form-runner/jvm/src/main/resources/apps/fr/home/home.xhtml
+++ b/form-runner/jvm/src/main/resources/apps/fr/home/home.xhtml
@@ -302,7 +302,7 @@
                 id="read-local-metadata"
                 method="get"
                 serialization="none"
-                resource="/fr/service/persistence/form?all-versions={$is-admin}"
+                resource="/fr/service/persistence/form?all-versions={$is-admin}&amp;ignore-admin-permissions={not($is-admin)}"
                 replace="instance"
                 targetref="instance('fr-metadata-local')">
 
diff --git a/form-runner/jvm/src/main/scala/org/orbeon/oxf/fr/FormBuilderPermissionsOps.scala b/form-runner/jvm/src/main/scala/org/orbeon/oxf/fr/FormBuilderPermissionsOps.scala
index 0d97a2f399..6c688da9b8 100644
--- a/form-runner/jvm/src/main/scala/org/orbeon/oxf/fr/FormBuilderPermissionsOps.scala
+++ b/form-runner/jvm/src/main/scala/org/orbeon/oxf/fr/FormBuilderPermissionsOps.scala
@@ -96,7 +96,11 @@ trait FormBuilderPermissionsOps {
    *  - annotates the `<form>` with an `operations="…"` attribute,
    *  - filters out forms the current user can perform no operation on.
    */
-  def filterFormsAndAnnotateWithOperations(formsEls: List[NodeInfo], allForms: Boolean): List[NodeInfo] = {
+  def filterFormsAndAnnotateWithOperations(
+    formsEls              : List[NodeInfo],
+    allForms              : Boolean,
+    ignoreAdminPermissions: Boolean
+  ): List[NodeInfo] = {
 
     // We only need one wrapper; create it when we encounter the first <form>
     var wrapperOpt: Option[DocumentWrapper] = None
@@ -118,7 +122,7 @@ trait FormBuilderPermissionsOps {
 
       val appName  = formEl.elemValue(Names.AppName)
       val formName = formEl.elemValue(Names.FormName)
-      val isAdmin  = {
+      val hasAdminPermissionForAppForm  = {
         def canAccessEverything = fbPermissions.contains("*")
         def canAccessAppForm = {
           val formsUserCanAccess = fbPermissions.getOrElse(appName, Set.empty)
@@ -129,7 +133,7 @@ trait FormBuilderPermissionsOps {
 
       // For each form, compute the operations the user can potentially perform
       val operations = {
-        val adminOperation = isAdmin.list("admin")
+        val adminOperation = hasAdminPermissionForAppForm.list("admin")
         val permissionsElement = formEl.child(Names.Permissions).headOption.orNull
         val otherOperations = FormRunner.allAuthorizedOperationsAssumingOwnerGroupMember(permissionsElement, appName, formName)
         adminOperation ++ otherOperations
@@ -137,8 +141,8 @@ trait FormBuilderPermissionsOps {
 
       // Is this form metadata returned by the API?
       val keepForm =
-        allForms ||                                // all forms are explicitly requested
-        isAdmin  ||                                // admins can see everything
+        allForms                                                   || // all forms are explicitly requested
+        (hasAdminPermissionForAppForm && ! ignoreAdminPermissions) || // admins can see everything
         ! (
           formName == Names.LibraryFormName ||     // filter libraries
           operations.isEmpty                ||     // filter forms on which user can't possibly do anything
diff --git a/form-runner/jvm/src/main/scala/org/orbeon/oxf/fr/persistence/proxy/PersistenceProxyProcessor.scala b/form-runner/jvm/src/main/scala/org/orbeon/oxf/fr/persistence/proxy/PersistenceProxyProcessor.scala
index a822c40818..d87b789a66 100644
--- a/form-runner/jvm/src/main/scala/org/orbeon/oxf/fr/persistence/proxy/PersistenceProxyProcessor.scala
+++ b/form-runner/jvm/src/main/scala/org/orbeon/oxf/fr/persistence/proxy/PersistenceProxyProcessor.scala
@@ -382,8 +382,9 @@ private object PersistenceProxyProcessor {
       root     = "forms",
       content  =
         FormRunner.filterFormsAndAnnotateWithOperations(
-          formsEls = allFormElements.flatten,
-          allForms = request.getFirstParamAsString("all-forms") contains "true"
+          formsEls               = allFormElements.flatten,
+          allForms               = request.getFirstParamAsString("all-forms")                contains "true",
+          ignoreAdminPermissions = request.getFirstParamAsString("ignore-admin-permissions") contains "true"
         ),
       response = response
     )