From 4864767b96d6eefc2aea8377fcb69b2e21654845 Mon Sep 17 00:00:00 2001
From: Arthur de Moulins <arthurdemoulins@gmail.com>
Date: Fri, 29 Sep 2023 13:53:58 +0200
Subject: [PATCH] WIP

---
 .../Controller/Core/MoveCollectionAction.php  |  1 -
 .../CollectionPostTransformListener.php       | 31 +++++++++----------
 uploader/client/src/uploadBatch.js            |  1 -
 3 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/databox/api/src/Controller/Core/MoveCollectionAction.php b/databox/api/src/Controller/Core/MoveCollectionAction.php
index 9757db28a..d11236c52 100644
--- a/databox/api/src/Controller/Core/MoveCollectionAction.php
+++ b/databox/api/src/Controller/Core/MoveCollectionAction.php
@@ -22,7 +22,6 @@ public function __invoke(Collection $data, string $dest, Request $request): Coll
         $this->denyAccessUnlessGranted(AbstractVoter::EDIT, $data);
 
         $isRoot = 'root' === $dest;
-        $this->denyAccessUnlessGranted(AbstractVoter::EDIT, $data);
 
         if ($isRoot) {
             $destination = null;
diff --git a/databox/api/src/Elasticsearch/Listener/CollectionPostTransformListener.php b/databox/api/src/Elasticsearch/Listener/CollectionPostTransformListener.php
index c1c627551..ef31abf3d 100644
--- a/databox/api/src/Elasticsearch/Listener/CollectionPostTransformListener.php
+++ b/databox/api/src/Elasticsearch/Listener/CollectionPostTransformListener.php
@@ -26,26 +26,23 @@ public function hydrateDocument(PostTransformEvent $event): void
 
         $document = $event->getDocument();
 
-        $bestPrivacy = $collection->getBestPrivacyInParentHierarchy();
-
-        if ($bestPrivacy < WorkspaceItemPrivacyInterface::PUBLIC) {
-            $bestPrivacy = max($bestPrivacy, $collection->getBestPrivacyInDescendantHierarchy());
-        }
+        $bestPrivacy = $collection->getBestPrivacyInDescendantHierarchy();
 
         [$users, $groups] = $this->discoverChildren($collection);
 
-        if (!in_array(null, $users, true)) {
-            $parent = $collection->getParent();
-            while (null !== $parent) {
-                $users = array_merge($users, $this->permissionManager->getAllowedUsers($parent, PermissionInterface::VIEW));
-                if (in_array(null, $users, true)) {
-                    break;
-                }
-
-                $groups = array_merge($groups, $this->permissionManager->getAllowedGroups($parent, PermissionInterface::VIEW));
-                $parent = $parent->getParent();
-            }
-        }
+        // TODO check impact
+//        if (!in_array(null, $users, true)) {
+//            $parent = $collection->getParent();
+//            while (null !== $parent) {
+//                $users = array_merge($users, $this->permissionManager->getAllowedUsers($parent, PermissionInterface::VIEW));
+//                if (in_array(null, $users, true)) {
+//                    break;
+//                }
+//
+//                $groups = array_merge($groups, $this->permissionManager->getAllowedGroups($parent, PermissionInterface::VIEW));
+//                $parent = $parent->getParent();
+//            }
+//        }
 
         if (in_array(null, $users, true)) {
             $users = ['*'];
diff --git a/uploader/client/src/uploadBatch.js b/uploader/client/src/uploadBatch.js
index af1e471c5..d9bac6887 100644
--- a/uploader/client/src/uploadBatch.js
+++ b/uploader/client/src/uploadBatch.js
@@ -126,7 +126,6 @@ export default class UploadBatch {
             formData: this.formData,
             target: `/targets/${this.targetId}`,
         };
-        const accessToken = oauthClient.getAccessToken();
 
         authenticatedRequest({
             url: '/commit',