From 25c704a77f15478b0e830ecd9e2bc3931a5780c4 Mon Sep 17 00:00:00 2001
From: Micha de Vries <micha@devrie.sh>
Date: Wed, 21 Feb 2024 11:04:45 +0100
Subject: [PATCH] Fix document not being available to delete permissions clause
 (#3555)

---
 core/src/doc/allow.rs | 14 ++++++++++-
 lib/tests/delete.rs   | 54 ++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/core/src/doc/allow.rs b/core/src/doc/allow.rs
index 47872cc4..fb943151 100644
--- a/core/src/doc/allow.rs
+++ b/core/src/doc/allow.rs
@@ -37,7 +37,19 @@ impl<'a> Document<'a> {
 						// Disable permissions
 						let opt = &opt.new_with_perms(false);
 						// Process the PERMISSION clause
-						if !e.compute(ctx, opt, txn, Some(&self.current)).await?.is_truthy() {
+						if !e
+							.compute(
+								ctx,
+								opt,
+								txn,
+								Some(match stm.is_delete() {
+									true => &self.initial,
+									false => &self.current,
+								}),
+							)
+							.await?
+							.is_truthy()
+						{
 							return Err(Error::Ignore);
 						}
 					}
diff --git a/lib/tests/delete.rs b/lib/tests/delete.rs
index affa6649..6c968aed 100644
--- a/lib/tests/delete.rs
+++ b/lib/tests/delete.rs
@@ -6,7 +6,7 @@ use helpers::new_ds;
 use surrealdb::dbs::{Action, Notification, Session};
 use surrealdb::err::Error;
 use surrealdb::iam::Role;
-use surrealdb::sql::Value;
+use surrealdb::sql::{Thing, Value};
 
 #[tokio::test]
 async fn delete() -> Result<(), Error> {
@@ -426,3 +426,55 @@ async fn delete_filtered_live_notification() -> Result<(), Error> {
 	);
 	Ok(())
 }
+
+#[tokio::test]
+async fn delete_with_permissions() -> Result<(), Error> {
+	let sql = "
+		DEFINE TABLE friends_with PERMISSIONS FOR delete WHERE in = $auth;
+		CREATE user:john, user:mary;
+		RELATE user:john->friends_with:1->user:mary;
+		RELATE user:mary->friends_with:2->user:john;
+	";
+	let dbs = new_ds().await?.with_auth_enabled(true);
+	let ses = Session::owner().with_ns("test").with_db("test");
+	let res = &mut dbs.execute(sql, &ses, None).await?;
+	assert_eq!(res.len(), 4);
+	//
+	let tmp = res.remove(0).result;
+	assert!(tmp.is_ok());
+	//
+	let tmp = res.remove(0).result;
+	assert!(tmp.is_ok());
+	//
+	let tmp = res.remove(0).result;
+	assert!(tmp.is_ok());
+	//
+	let tmp = res.remove(0).result;
+	assert!(tmp.is_ok());
+	//
+	let sql = "
+		DELETE friends_with:1 RETURN BEFORE;
+		DELETE friends_with:2 RETURN BEFORE;
+	";
+	let ses = Session::for_scope("test", "test", "test", Thing::from(("user", "john")).into());
+	let res = &mut dbs.execute(sql, &ses, None).await?;
+	assert_eq!(res.len(), 2);
+	//
+	let tmp = res.remove(0).result?;
+	let val = Value::parse(
+		"[
+			{
+				id: friends_with:1,
+				in: user:john,
+				out: user:mary,
+			},
+		]",
+	);
+	assert_eq!(tmp, val);
+	//
+	let tmp = res.remove(0).result?;
+	let val = Value::parse("[]");
+	assert_eq!(tmp, val);
+	//
+	Ok(())
+}