[server][core] remove user permission entry if set to 0

server/internal/core/app.go

@@ -96,7 +96,7 @@ func (a *App) populateData(ctx context.Context) (user User, e error) {
 			Home:        u.Home,
 		}
 
-		return dbh.UpdatePermissionsForResource(ctx, db.UpdatePermissionsForResourceParams{
+		return dbh.UpdateUserPermissionsForResource(ctx, db.UpdateUserPermissionsForResourceParams{
 			ResourceID: root.ID,
 			Username:   user.Username,
 			Permission: PermissionReadWriteShare,

server/internal/core/filesystem.go

@@ -500,7 +500,13 @@ func (f filesystem) UpdatePermissions(r Resource, username string, permission Pe
 		permission = PermissionReadWriteShare
 	}
 
-	return f.db.UpdatePermissionsForResource(f.ctx, db.UpdatePermissionsForResourceParams{
+	if permission == 0 {
+		return f.db.RemoveUserPermissionForResource(f.ctx, db.RemoveUserPermissionForResourceParams{
+			ResourceID: r.ID,
+			Username:   username,
+		})
+	}
+	return f.db.UpdateUserPermissionsForResource(f.ctx, db.UpdateUserPermissionsForResourceParams{
 		ResourceID: r.ID,
 		Username:   username,
 		Permission: permission,

server/internal/db/permissions.sql.go

@@ -14,7 +14,7 @@ import (
 
 const readDir = `-- name: ReadDir :many
 WITH RECURSIVE nodes(id, parent, name, dir, created, modified, content_size, content_type, content_sha256, depth, path, permissions) AS (
-  SELECT r.id, r.parent, r.name, r.dir, r.created, r.modified, r.content_size, r.content_type, r.content_sha256, 0, ''::text, r.permissions
+  SELECT r.id, r.parent, r.name, r.dir, r.created, r.modified, r.content_size, r.content_type, r.content_sha256, 0, '/'::text, r.permissions
     FROM resources r
     WHERE r.id = $2::uuid
   UNION ALL
@@ -82,6 +82,20 @@ func (q *Queries) ReadDir(ctx context.Context, arg ReadDirParams) ([]ReadDirRow,
 	return items, nil
 }
 
+const removeUserPermissionForResource = `-- name: RemoveUserPermissionForResource :exec
+UPDATE resources SET permissions = permissions - $1::text WHERE id = $2::uuid
+`
+
+type RemoveUserPermissionForResourceParams struct {
+	Username   string
+	ResourceID uuid.UUID
+}
+
+func (q *Queries) RemoveUserPermissionForResource(ctx context.Context, arg RemoveUserPermissionForResourceParams) error {
+	_, err := q.db.Exec(ctx, removeUserPermissionForResource, arg.Username, arg.ResourceID)
+	return err
+}
+
 const resourceByID = `-- name: ResourceByID :one
 WITH RECURSIVE nodes(resid, id, parent, inherited_permissions, found) AS (
   SELECT $2::uuid, r.id, r.parent, '{}'::jsonb,
@@ -191,17 +205,17 @@ func (q *Queries) ResourceByPath(ctx context.Context, arg ResourceByPathParams)
 	return i, err
 }
 
-const updatePermissionsForResource = `-- name: UpdatePermissionsForResource :exec
+const updateUserPermissionsForResource = `-- name: UpdateUserPermissionsForResource :exec
 UPDATE resources SET permissions[$1::text] = to_json($2::int) WHERE id = $3::uuid
 `
 
-type UpdatePermissionsForResourceParams struct {
+type UpdateUserPermissionsForResourceParams struct {
 	Username   string
 	Permission int32
 	ResourceID uuid.UUID
 }
 
-func (q *Queries) UpdatePermissionsForResource(ctx context.Context, arg UpdatePermissionsForResourceParams) error {
-	_, err := q.db.Exec(ctx, updatePermissionsForResource, arg.Username, arg.Permission, arg.ResourceID)
+func (q *Queries) UpdateUserPermissionsForResource(ctx context.Context, arg UpdateUserPermissionsForResourceParams) error {
+	_, err := q.db.Exec(ctx, updateUserPermissionsForResource, arg.Username, arg.Permission, arg.ResourceID)
 	return err
 }

server/sql/queries/permissions.sql

@@ -52,5 +52,8 @@ JOIN resources r
 ON r.id = n.resid
 WHERE n.parent IS NULL;
 
--- name: UpdatePermissionsForResource :exec
-UPDATE resources SET permissions[@username::text] = to_json(@permission::int) WHERE id = @resource_id::uuid;
+-- name: UpdateUserPermissionsForResource :exec
+UPDATE resources SET permissions[@username::text] = to_json(@permission::int) WHERE id = @resource_id::uuid;
+
+-- name: RemoveUserPermissionForResource :exec
+UPDATE resources SET permissions = permissions - @username::text WHERE id = @resource_id::uuid;