diff --git a/internal/db/collection_retriever.go b/internal/db/collection_retriever.go index 7e228b3cf7..c59c3945cf 100644 --- a/internal/db/collection_retriever.go +++ b/internal/db/collection_retriever.go @@ -75,5 +75,5 @@ func (r *CollectionRetriever) RetrieveCollectionFromDocID( return nil, NewErrCollectionWithSchemaRootNotFound(schema.Root) } - return cols[0], nil + return cols[0], headIterator.Close() } diff --git a/internal/db/db.go b/internal/db/db.go index c285884a13..c853baa02f 100644 --- a/internal/db/db.go +++ b/internal/db/db.go @@ -228,6 +228,32 @@ func (db *db) AddPolicy( return client.AddPolicyResult{PolicyID: policyID}, nil } +func (db *db) publishDocUpdateEvent(ctx context.Context, docID string, collection client.Collection) error { + headsIterator, err := NewHeadBlocksIterator(ctx, db.multistore.Headstore(), db.Blockstore(), docID) + if err != nil { + return err + } + + for { + hasValue, err := headsIterator.Next() + if err != nil { + return errors.Join(err, headsIterator.Close()) + } + if !hasValue { + break + } + + updateEvent := event.Update{ + DocID: docID, + Cid: headsIterator.CurrentCid(), + SchemaRoot: collection.Schema().Root, + Block: headsIterator.CurrentRawBlock(), + } + db.events.Publish(event.NewMessage(event.UpdateName, updateEvent)) + } + return headsIterator.Close() +} + func (db *db) AddDocActorRelationship( ctx context.Context, collectionName string, @@ -263,38 +289,14 @@ func (db *db) AddDocActorRelationship( return client.AddDocActorRelationshipResult{}, err } - err = db.publishDocUpdateEvent(ctx, docID, collection) - if err != nil { - return client.AddDocActorRelationshipResult{}, err - } - - return client.AddDocActorRelationshipResult{ExistedAlready: exists}, nil -} - -func (db *db) publishDocUpdateEvent(ctx context.Context, docID string, collection client.Collection) error { - headsIterator, err := NewHeadBlocksIterator(ctx, db.multistore.Headstore(), db.Blockstore(), docID) - if err != nil { - return err - } - - for { - hasValue, err := headsIterator.Next() + if !exists { + err = db.publishDocUpdateEvent(ctx, docID, collection) if err != nil { - return errors.Join(err, headsIterator.Close()) + return client.AddDocActorRelationshipResult{}, err } - if !hasValue { - break - } - - updateEvent := event.Update{ - DocID: docID, - Cid: headsIterator.CurrentCid(), - SchemaRoot: collection.Schema().Root, - Block: headsIterator.CurrentRawBlock(), - } - db.events.Publish(event.NewMessage(event.UpdateName, updateEvent)) } - return headsIterator.Close() + + return client.AddDocActorRelationshipResult{ExistedAlready: exists}, nil } func (db *db) DeleteDocActorRelationship( diff --git a/internal/db/iterator.go b/internal/db/iterator.go index cfa79e71eb..38ead11dd3 100644 --- a/internal/db/iterator.go +++ b/internal/db/iterator.go @@ -37,6 +37,7 @@ type DocHeadBlocksIterator struct { var _ io.Closer = (*DocHeadBlocksIterator)(nil) func (h *DocHeadBlocksIterator) Close() error { + h.cids = nil return nil } diff --git a/internal/kms/pubsub.go b/internal/kms/pubsub.go index 7da101346f..13cef16269 100644 --- a/internal/kms/pubsub.go +++ b/internal/kms/pubsub.go @@ -24,12 +24,14 @@ import ( grpcpeer "google.golang.org/grpc/peer" "github.com/sourcenetwork/defradb/acp" + "github.com/sourcenetwork/defradb/acp/identity" "github.com/sourcenetwork/defradb/client" "github.com/sourcenetwork/defradb/crypto" "github.com/sourcenetwork/defradb/datastore" "github.com/sourcenetwork/defradb/errors" "github.com/sourcenetwork/defradb/event" coreblock "github.com/sourcenetwork/defradb/internal/core/block" + "github.com/sourcenetwork/defradb/internal/db/permission" "github.com/sourcenetwork/defradb/internal/encryption" ) @@ -372,26 +374,14 @@ func (s *pubSubService) doesIdentityHaveDocPermission( return false, err } - policy := collection.Definition().Description.Policy - if !policy.HasValue() || policy.Value().ID == "" || policy.Value().ResourceName == "" { - return true, nil - } - - policyID, resourceName := policy.Value().ID, policy.Value().ResourceName - - isRegistered, err := s.acp.Value().IsDocRegistered(ctx, policyID, resourceName, docID) - if err != nil { - return false, err - } - - if !isRegistered { - // Unrestricted access as it is a public document. - return true, nil - } - - hasPerm, err := s.acp.Value().CheckDocAccess(ctx, acp.ReadPermission, actorIdentity, policyID, resourceName, docID) - - return hasPerm, err + return permission.CheckAccessOfDocOnCollectionWithACP( + ctx, + immutable.Some(identity.Identity{DID: actorIdentity}), + s.acp.Value(), + collection, + acp.ReadPermission, + docID, + ) } func encodeToBase64(data []byte) []byte {