forest_admin_agent 1.0.0.pre.beta.21 → 1.0.0.pre.beta.23

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a86f151f54daa3a9a8f46251c380448eed7c0fdf90ff82818a37fa213a868557
-  data.tar.gz: 2af48bff7f6a6691f2fe495509dba2669ec64d9197886167a1de316c24846263
+  metadata.gz: c342682e272a5886928f4c48de0e35dbd6bcf013c4f888aa56bac238cca695da
+  data.tar.gz: 300d73bdac310e91c2aa4a044d095b782bd362a0fb3c6309871fad0b1fff2930
 SHA512:
-  metadata.gz: 006cdc9ffa0c0afcb5ae7efb9a401b5964d379834bbf416d9f5cd7400de8425c83867ae2e0a83cd5a6f7d9de4043c018c3f2a650cab00383a576baf364ebaf22
-  data.tar.gz: 3d04663fff62e53935d54c3a9312d5c575ff5b78ce7bd5fc2be1e73021f7dbda7ac43fe5f30dc141f07f6d9fb98cb23f54c093be65b2c8cb866daabfd8f97fcf
+  metadata.gz: 50d05943fa75c8559e127bd181f91bb36dc64352237126381d4bd1fd769fa0e51389b74051e1f7cdc55f7c6747fbdb2c91259cf135c6e2e7e7665c5cef8cefcd
+  data.tar.gz: be53569ca0ad92511dc33b118693445e5a2a522faa98fd24e4d3662bf70eaa3ac7f9614cc1dccc6db444f8fe204d39db43eca1709f8efe4e528f7fef2b200ebf

data/forest_admin_agent.gemspec

@@ -34,12 +34,14 @@ admin work on any Ruby application."
   spec.require_paths = ["lib"]
 
   spec.add_dependency "activesupport", ">= 6.1"
+  spec.add_dependency "deepsort", "~> 0.4.5"
   spec.add_dependency "dry-container", "~> 0.11"
   spec.add_dependency "faraday", "~> 2.7"
+  spec.add_dependency "filecache", "~> 1.0"
   spec.add_dependency "ipaddress", "~> 0.8.3"
   spec.add_dependency "jsonapi-serializers", "~> 1.0"
   spec.add_dependency "jwt", "~> 2.7"
-  spec.add_dependency "lightly", "~> 0.4.0"
+  spec.add_dependency "ld-eventsource", "~> 2.2"
   spec.add_dependency "mono_logger", "~> 1.1"
   spec.add_dependency "openid_connect", "~> 2.2"
   spec.add_dependency "rake", "~> 13.0"

data/lib/forest_admin_agent/auth/oauth2/forest_provider.rb

@@ -8,7 +8,7 @@ module ForestAdminAgent
         attr_reader :rendering_id
 
         def initialize(rendering_id, attributes = {})
-          super attributes
+          super(attributes)
           @rendering_id = rendering_id
           @authorization_endpoint = '/oidc/auth'
           @token_endpoint = '/oidc/token'

data/lib/forest_admin_agent/auth/oidc_client_manager.rb

@@ -1,3 +1,4 @@
+require 'filecache'
 require 'openid_connect'
 require_relative 'oauth2/oidc_config'
 require_relative 'oauth2/forest_provider'
@@ -18,8 +19,8 @@ module ForestAdminAgent
       private
 
       def setup_cache(env_secret, config_agent)
-        lightly = Lightly.new(life: TTL, dir: "#{config_agent[:cache_dir]}/issuer")
-        lightly.get env_secret do
+        cache = FileCache.new('auth_issuer', (config_agent[:cache_dir]).to_s, TTL)
+        cache.get_or_set env_secret do
           oidc_config = retrieve_config(config_agent[:forest_server_url])
           credentials = register(
             config_agent[:env_secret],

data/lib/forest_admin_agent/builder/agent_factory.rb

@@ -1,5 +1,5 @@
 require 'dry-container'
-require 'lightly'
+require 'filecache'
 
 module ForestAdminAgent
   module Builder
@@ -21,7 +21,7 @@ module ForestAdminAgent
       end
 
       def add_datasource(datasource)
-        datasource.collections.each { |_name, collection| @customizer.add_collection(collection) }
+        datasource.collections.each_value { |collection| @customizer.add_collection(collection) }
         self
       end
 
@@ -40,9 +40,9 @@ module ForestAdminAgent
         if !schema_is_know || force
           #   Logger::log('Info', 'schema was updated, sending new version');
           client = ForestAdminAgent::Http::ForestAdminApiRequester.new
-          client.post('/forest/apimaps', schema)
-          schema_file_hash_cache = Lightly.new(life: TTL_SCHEMA, dir: @options[:cache_dir].to_s)
-          schema_file_hash_cache.get 'value' do
+          client.post('/forest/apimaps', schema.to_json)
+          schema_file_hash_cache = FileCache.new('app', @options[:cache_dir].to_s, TTL_SCHEMA)
+          schema_file_hash_cache.get_or_set 'value' do
             schema[:meta][:schemaFileHash]
           end
           @container.register(:schema_file_hash, schema_file_hash_cache)
@@ -59,13 +59,11 @@ module ForestAdminAgent
       end
 
       def build_cache
-        @container.register(:cache, Lightly.new(life: TTL_CONFIG, dir: @options[:cache_dir].to_s))
+        @container.register(:cache, FileCache.new('app', @options[:cache_dir].to_s, TTL_SCHEMA))
         return unless @has_env_secret
 
         cache = @container.resolve(:cache)
-        cache.get 'config' do
-          @options.to_h
-        end
+        cache.set('config', @options.to_h)
       end
 
       def build_logger

data/lib/forest_admin_agent/http/Exceptions/authentication_open_id_client.rb

@@ -5,7 +5,7 @@ module ForestAdminAgent
         attr_reader :error, :error_description, :state
 
         def initialize(error, error_description, state)
-          super error, 401, error_description
+          super(error, 401, error_description)
           @error = error
           @error_description = error_description
           @state = state

data/lib/forest_admin_agent/http/Exceptions/conflict_error.rb

@@ -0,0 +1,14 @@
+module ForestAdminAgent
+  module Http
+    module Exceptions
+      class ConflictError < HttpException
+        attr_reader :name
+
+        def initialize(message, name = 'ConflictError')
+          @name = name
+          super(429, 'Conflict', message)
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/http/Exceptions/forbidden_error.rb

@@ -0,0 +1,14 @@
+module ForestAdminAgent
+  module Http
+    module Exceptions
+      class ForbiddenError < HttpException
+        attr_reader :name
+
+        def initialize(message, name = 'ForbiddenError')
+          @name = name
+          super(403, 'Forbidden', message)
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/http/Exceptions/not_found_error.rb

@@ -5,7 +5,7 @@ module ForestAdminAgent
         attr_reader :name, :status
 
         def initialize(msg, name = 'NotFoundError')
-          super msg
+          super(msg)
           @name = name
           @status = 404
         end

data/lib/forest_admin_agent/http/Exceptions/require_approval.rb

@@ -0,0 +1,15 @@
+module ForestAdminAgent
+  module Http
+    module Exceptions
+      class RequireApproval < HttpException
+        attr_reader :name, :data
+
+        def initialize(message, name = 'RequireApproval', data = [])
+          @name = name
+          @data = data
+          super(403, 'Forbidden', message)
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/http/forest_admin_api_requester.rb

@@ -3,6 +3,8 @@ require 'faraday'
 module ForestAdminAgent
   module Http
     class ForestAdminApiRequester
+      include ForestAdminDatasourceToolkit::Exceptions
+
       def initialize
         @headers = {
           'Content-Type' => 'application/json',
@@ -16,12 +18,38 @@ module ForestAdminAgent
         )
       end
 
-      def get(url, params)
-        @client.get(url, params.to_json)
+      def get(url, params = nil)
+        @client.get(url, params)
+      end
+
+      def post(url, params = nil)
+        @client.post(url, params)
       end
 
-      def post(url, params)
-        @client.post(url, params.to_json)
+      def handle_response_error(error)
+        raise error if error.is_a?(ForestException)
+
+        if error.response[:message]&.include?('certificate')
+          raise ForestException,
+                'ForestAdmin server TLS certificate cannot be verified. Please check that your system time is set properly.'
+        end
+
+        if error.response[:status].zero? || error.response[:status] == 502
+          raise ForestException, 'Failed to reach ForestAdmin server. Are you online?'
+        end
+
+        if error.response[:status] == 404
+          raise ForestException,
+                'ForestAdmin server failed to find the project related to the envSecret you configured. Can you check that you copied it properly in the Forest initialization?'
+        end
+
+        if error.response[:status] == 503
+          raise ForestException,
+                'Forest is in maintenance for a few minutes. We are upgrading your experience in the forest. We just need a few more minutes to get it right.'
+        end
+
+        raise ForestException,
+              'An unexpected error occurred while contacting the ForestAdmin server. Please contact support@forestadmin.com for further investigations.'
       end
     end
   end

data/lib/forest_admin_agent/http/router.rb

@@ -9,6 +9,7 @@ module ForestAdminAgent
           # api_charts_routes,
           System::HealthCheck.new.routes,
           Security::Authentication.new.routes,
+          Charts::Charts.new.routes,
           Resources::Count.new.routes,
           Resources::Delete.new.routes,
           Resources::List.new.routes,

data/lib/forest_admin_agent/routes/abstract_authenticated_route.rb

@@ -6,6 +6,7 @@ module ForestAdminAgent
           Facades::Whitelist.check_ip(args[:headers]['action_dispatch.remote_ip'].to_s)
         end
         @caller = Utils::QueryStringParser.parse_caller(args)
+        @permissions = ForestAdminAgent::Services::Permissions.new(@caller)
         super
       end
 

data/lib/forest_admin_agent/routes/charts/charts.rb

@@ -0,0 +1,214 @@
+require 'jsonapi-serializers'
+require 'active_support/inflector'
+
+module ForestAdminAgent
+  module Routes
+    module Charts
+      class Charts < AbstractAuthenticatedRoute
+        include ForestAdminAgent::Builder
+        include ForestAdminAgent::Utils
+        include ForestAdminDatasourceToolkit::Components::Query
+        include ForestAdminDatasourceToolkit::Components::Query::ConditionTree
+        include ForestAdminDatasourceToolkit::Components::Charts
+
+        attr_reader :filter
+
+        FORMAT = {
+          Day: '%d/%m/%Y',
+          Week: 'W%W-%Y',
+          Month: '%b %y',
+          Year: '%Y'
+        }.freeze
+
+        def setup_routes
+          add_route('forest_chart', 'post', '/stats/:collection_name', lambda { |args|
+                                                                         handle_request(args)
+                                                                       })
+          self
+        end
+
+        def handle_request(args = {})
+          build(args)
+          @permissions.can_chart?(args[:params])
+          @args = args
+          self.type = args[:params][:type]
+          @filter = Filter.new(
+            condition_tree: ConditionTreeFactory.intersect(
+              [
+                @permissions.get_scope(@collection),
+                ForestAdminAgent::Utils::QueryStringParser.parse_condition_tree(
+                  @collection, args
+                )
+              ]
+            )
+          )
+
+          inject_context_variables
+
+          { content: Serializer::ForestChartSerializer.serialize(send(:"make_#{@type}")) }
+        end
+
+        private
+
+        def type=(type)
+          chart_types = %w[Value Objective Pie Line Leaderboard]
+          unless chart_types.include?(type)
+            raise ForestAdminDatasourceToolkit::Exceptions::ForestException, "Invalid Chart type #{type}"
+          end
+
+          @type = type.downcase
+        end
+
+        def inject_context_variables
+          user = @permissions.get_user_data(@caller.id)
+          team = @permissions.get_team(@caller.rendering_id)
+
+          context_variables = ForestAdminAgent::Utils::ContextVariables.new(team, user,
+                                                                            @args[:params][:contextVariables])
+          return unless @args[:params][:filter]
+
+          @filter = @filter.override(condition_tree: ContextVariablesInjector.inject_context_in_filter(
+            @filter.condition_tree, context_variables
+          ))
+        end
+
+        def make_value
+          value = compute_value(@filter)
+          previous_value = nil
+          is_and_aggregator = @filter.condition_tree&.try(:aggregator) == 'And'
+          with_count_previous = @filter.condition_tree&.some_leaf(&:use_interval_operator)
+
+          if with_count_previous && !is_and_aggregator
+            previous_value = compute_value(FilterFactory.get_previous_period_filter(@filter, @caller.timezone))
+          end
+
+          ValueChart.new(value, previous_value)
+        end
+
+        def make_objective
+          ObjectiveChart.new(compute_value(@filter))
+        end
+
+        def make_pie
+          group_field = @args[:params][:groupByFieldName]
+          aggregation = Aggregation.new(
+            operation: @args[:params][:aggregator],
+            field: @args[:params][:aggregateFieldName],
+            groups: group_field ? [{ field: group_field }] : []
+          )
+
+          result = @collection.aggregate(@caller, @filter, aggregation)
+
+          PieChart.new(result.map { |row| { key: row[:group][group_field], value: row[:value] } })
+        end
+
+        def make_line
+          group_by_field_name = @args[:params][:groupByFieldName]
+          time_range = @args[:params][:timeRange]
+          filter_only_with_values = @filter.override(
+            condition_tree: ConditionTree::ConditionTreeFactory.intersect(
+              [
+                @filter.condition_tree,
+                ConditionTree::Nodes::ConditionTreeLeaf.new(group_by_field_name, ConditionTree::Operators::PRESENT)
+              ]
+            )
+          )
+          rows = @collection.aggregate(
+            @caller,
+            filter_only_with_values,
+            Aggregation.new(
+              operation: @args[:params][:aggregator],
+              field: @args[:params][:aggregateField],
+              groups: [{ field: group_by_field_name, operation: time_range }]
+            )
+          )
+
+          values = {}
+          rows.each { |row| values[row[:group][group_by_field_name]] = row[:value] }
+          dates = values.keys.sort
+          current = dates[0]
+          last = dates.last
+          result = []
+          while current <= last
+            result << {
+              label: current.strftime(FORMAT[time_range.to_sym]),
+              values: { value: values[current] || 0 }
+            }
+            current += 1.send(time_range.downcase.pluralize.to_sym)
+          end
+
+          LineChart.new(result)
+        end
+
+        def make_leaderboard
+          field = @collection.fields[@args[:params][:relationshipFieldName]]
+
+          if field && field.type == 'OneToMany'
+            inverse = ForestAdminDatasourceToolkit::Utils::Collection.get_inverse_relation(
+              @collection,
+              @args[:params][:relationshipFieldName]
+            )
+            if inverse
+              collection = field.foreign_collection
+              filter = @filter.nest(inverse)
+              aggregation = Aggregation.new(
+                operation: @args[:params][:aggregator],
+                field: @args[:params][:aggregateFieldName],
+                groups: [{ field: "#{inverse}:#{@args[:params][:labelFieldName]}" }]
+              )
+            end
+          end
+
+          if field && field.type == 'ManyToMany'
+            origin = ForestAdminDatasourceToolkit::Utils::Collection.get_through_origin(
+              @collection,
+              @args[:params][:relationshipFieldName]
+            )
+            target = ForestAdminDatasourceToolkit::Utils::Collection.get_through_target(
+              @collection,
+              @args[:params][:relationshipFieldName]
+            )
+            if origin && target
+              collection = field.through_collection
+              filter = @filter.nest(origin)
+              aggregation = Aggregation.new(
+                operation: @args[:params][:aggregator],
+                field: @args[:params][:aggregateFieldName] ? "#{target}:#{@args[:params][:aggregateFieldName]}" : nil,
+                groups: [{ field: "#{origin}:#{@args[:params][:labelFieldName]}" }]
+              )
+            end
+          end
+
+          if collection && filter && aggregation
+            rows = @datasource.collection(collection).aggregate(
+              @caller,
+              filter,
+              aggregation,
+              @args[:params][:limit]
+            )
+
+            result = rows.map do |row|
+              {
+                key: row[:group][aggregation.groups[0][:field]],
+                value: row[:value]
+              }
+            end
+
+            return LeaderboardChart.new(result)
+          end
+
+          raise ForestAdminDatasourceToolkit::Exceptions::ForestException,
+                'Failed to generate leaderboard chart: parameters do not match pre-requisites'
+        end
+
+        def compute_value(filter)
+          aggregation = Aggregation.new(operation: @args[:params][:aggregator],
+                                        field: @args[:params][:aggregateFieldName])
+          result = @collection.aggregate(@caller, filter, aggregation)
+
+          result[0][:value] || 0
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/routes/resources/count.rb

@@ -3,8 +3,9 @@ require 'jsonapi-serializers'
 module ForestAdminAgent
   module Routes
     module Resources
-      class Count < AbstractRoute
+      class Count < AbstractAuthenticatedRoute
         include ForestAdminAgent::Builder
+        include ForestAdminDatasourceToolkit::Components::Query::ConditionTree
         def setup_routes
           add_route('forest_count', 'get', '/:collection_name/count', ->(args) { handle_request(args) })
 
@@ -13,12 +14,14 @@ module ForestAdminAgent
 
         def handle_request(args = {})
           build(args)
+          @permissions.can?(:browse, @collection)
 
           if @collection.is_countable?
-            caller = ForestAdminAgent::Utils::QueryStringParser.parse_caller(args)
-            filter = ForestAdminDatasourceToolkit::Components::Query::Filter.new
+            filter = ForestAdminDatasourceToolkit::Components::Query::Filter.new(
+              condition_tree: @permissions.get_scope(@collection)
+            )
             aggregation = ForestAdminDatasourceToolkit::Components::Query::Aggregation.new(operation: 'Count')
-            result = @collection.aggregate(caller, filter, aggregation)
+            result = @collection.aggregate(@caller, filter, aggregation)
 
             return {
               name: args[:params]['collection_name'],

data/lib/forest_admin_agent/routes/resources/delete.rb

@@ -7,6 +7,7 @@ module ForestAdminAgent
       class Delete < AbstractAuthenticatedRoute
         include ForestAdminAgent::Builder
         include ForestAdminDatasourceToolkit::Components::Query
+        include ForestAdminDatasourceToolkit::Components::Query::ConditionTree
 
         def setup_routes
           add_route('forest_delete_bulk', 'delete', '/:collection_name', ->(args) { handle_request_bulk(args) })
@@ -17,6 +18,7 @@ module ForestAdminAgent
 
         def handle_request(args = {})
           build(args)
+          @permissions.can?(:delete, @collection)
           id = Utils::Id.unpack_id(@collection, args[:params]['id'], with_key: true)
           delete_records(args, { ids: [id], are_excluded: false })
 
@@ -25,6 +27,7 @@ module ForestAdminAgent
 
         def handle_request_bulk(args = {})
           build(args)
+          @permissions.can?(:delete, @collection)
           selection_ids = Utils::Id.parse_selection_ids(@collection, args[:params], with_key: true)
           delete_records(args, selection_ids)
 
@@ -38,7 +41,8 @@ module ForestAdminAgent
             condition_tree: ConditionTree::ConditionTreeFactory.intersect(
               [
                 Utils::QueryStringParser.parse_condition_tree(@collection, args),
-                condition_tree_ids
+                condition_tree_ids,
+                @permissions.get_scope(@collection)
               ]
             )
           )

data/lib/forest_admin_agent/routes/resources/list.rb

@@ -5,6 +5,7 @@ module ForestAdminAgent
     module Resources
       class List < AbstractAuthenticatedRoute
         include ForestAdminAgent::Builder
+        include ForestAdminDatasourceToolkit::Components::Query::ConditionTree
         def setup_routes
           add_route('forest_list', 'get', '/:collection_name', ->(args) { handle_request(args) })
 
@@ -13,14 +14,19 @@ module ForestAdminAgent
 
         def handle_request(args = {})
           build(args)
-          caller = ForestAdminAgent::Utils::QueryStringParser.parse_caller(args)
+          @permissions.can?(:browse, @collection)
 
           filter = ForestAdminDatasourceToolkit::Components::Query::Filter.new(
-            condition_tree: ForestAdminAgent::Utils::QueryStringParser.parse_condition_tree(@collection, args),
+            condition_tree: ConditionTreeFactory.intersect([
+                                                             @permissions.get_scope(@collection),
+                                                             ForestAdminAgent::Utils::QueryStringParser.parse_condition_tree(
+                                                               @collection, args
+                                                             )
+                                                           ]),
             page: ForestAdminAgent::Utils::QueryStringParser.parse_pagination(args)
           )
           projection = ForestAdminAgent::Utils::QueryStringParser.parse_projection_with_pks(@collection, args)
-          records = @collection.list(caller, filter, projection)
+          records = @collection.list(@caller, filter, projection)
 
           {
             name: args[:params]['collection_name'],

data/lib/forest_admin_agent/routes/resources/related/associate_related.rb

@@ -8,6 +8,7 @@ module ForestAdminAgent
           include ForestAdminAgent::Builder
           include ForestAdminDatasourceToolkit::Utils
           include ForestAdminDatasourceToolkit::Components::Query
+
           def setup_routes
             add_route(
               'forest_related_associate',
@@ -21,6 +22,7 @@ module ForestAdminAgent
 
           def handle_request(args = {})
             build(args)
+            @permissions.can?(:edit, @collection)
 
             parent_id = Utils::Id.unpack_id(@collection, args[:params]['id'], with_key: true)
             target_relation_id = Utils::Id.unpack_id(@child_collection, args[:params]['data'][0]['id'], with_key: true)
@@ -40,7 +42,14 @@ module ForestAdminAgent
           def associate_one_to_many(relation, parent_id, target_relation_id)
             id = Schema.primary_keys(@child_collection)[0]
             value = Collection.get_value(@child_collection, @caller, target_relation_id, id)
-            filter = Filter.new(condition_tree: ConditionTree::Nodes::ConditionTreeLeaf.new(id, 'Equal', value))
+            filter = Filter.new(
+              condition_tree: ConditionTree::ConditionTreeFactory.intersect(
+                [
+                  ConditionTree::Nodes::ConditionTreeLeaf.new(id, 'Equal', value),
+                  @permissions.get_scope(@collection)
+                ]
+              )
+            )
             value = Collection.get_value(@collection, @caller, parent_id, relation.origin_key_target)
 
             @child_collection.update(@caller, filter, { relation.origin_key => value })

data/lib/forest_admin_agent/routes/resources/related/count_related.rb

@@ -21,9 +21,10 @@ module ForestAdminAgent
 
           def handle_request(args = {})
             build(args)
+            @permissions.can?(:browse, @collection)
 
             if @child_collection.is_countable?
-              filter = Filter.new
+              filter = Filter.new(condition_tree: @permissions.get_scope(@collection))
               id = Utils::Id.unpack_id(@collection, args[:params]['id'], with_key: true)
               result = Collection.aggregate_relation(
                 @collection,

data/lib/forest_admin_agent/routes/resources/related/dissociate_related.rb

@@ -21,6 +21,7 @@ module ForestAdminAgent
 
           def handle_request(args = {})
             build(args)
+            @permissions.can?(:delete, @collection)
 
             parent_id = Utils::Id.unpack_id(@collection, args[:params]['id'], with_key: true)
             is_delete_mode = !args.dig(:params, :delete).nil?
@@ -84,6 +85,7 @@ module ForestAdminAgent
             Filter.new(
               condition_tree: ConditionTree::ConditionTreeFactory.intersect(
                 [
+                  @permissions.get_scope(@child_collection),
                   Utils::QueryStringParser.parse_condition_tree(@child_collection, args),
                   selected_ids
                 ]

data/lib/forest_admin_agent/routes/resources/related/list_related.rb

@@ -7,6 +7,8 @@ module ForestAdminAgent
         class ListRelated < AbstractRelatedRoute
           include ForestAdminAgent::Builder
           include ForestAdminDatasourceToolkit::Utils
+          include ForestAdminDatasourceToolkit::Components::Query::ConditionTree
+
           def setup_routes
             add_route(
               'forest_related_list',
@@ -20,10 +22,16 @@ module ForestAdminAgent
 
           def handle_request(args = {})
             build(args)
+            @permissions.can?(:browse, @collection)
             # TODO: add csv behaviour
 
             filter = ForestAdminDatasourceToolkit::Components::Query::Filter.new(
-              condition_tree: ForestAdminAgent::Utils::QueryStringParser.parse_condition_tree(@child_collection, args),
+              condition_tree: ConditionTreeFactory.intersect(
+                [
+                  @permissions.get_scope(@collection),
+                  ForestAdminAgent::Utils::QueryStringParser.parse_condition_tree(@child_collection, args)
+                ]
+              ),
               page: ForestAdminAgent::Utils::QueryStringParser.parse_pagination(args)
             )
             projection = ForestAdminAgent::Utils::QueryStringParser.parse_projection_with_pks(@child_collection, args)

data/lib/forest_admin_agent/routes/resources/related/update_related.rb

@@ -21,6 +21,7 @@ module ForestAdminAgent
 
           def handle_request(args = {})
             build(args)
+            @permissions.can?(:edit, @collection)
 
             relation = @collection.fields[args[:params]['relation_name']]
             parent_id = Utils::Id.unpack_id(@collection, args[:params]['id'])
@@ -61,6 +62,7 @@ module ForestAdminAgent
             old_fk_owner_filter = Filter.new(
               condition_tree: ConditionTree::ConditionTreeFactory.intersect(
                 [
+                  @permissions.get_scope(@collection),
                   ConditionTree::Nodes::ConditionTreeLeaf.new(
                     relation.origin_key,
                     ConditionTree::Operators::EQUAL,
@@ -91,7 +93,12 @@ module ForestAdminAgent
 
             @child_collection.update(
               @caller,
-              Filter.new(condition_tree: new_fk_owner),
+              Filter.new(condition_tree: ConditionTree::ConditionTreeFactory.intersect(
+                [
+                  @permissions.get_scope(@collection),
+                  new_fk_owner
+                ]
+              )),
               { relation.origin_key => origin_value }
             )
           end