set acl for author of Doc when adding a Doc - otherwise, undetermined behaviors happen.

1 files changed, 5 insertions, 5 deletions

diff --git a/src/fields/util.ts b/src/fields/util.ts
index 4ce9a4128..fbbf3e164 100644
--- a/src/fields/util.ts
+++ b/src/fields/util.ts
@@ -132,16 +132,15 @@ export function denormalizeEmail(email: string) {
  * Copies parent's acl fields to the child
  */
 export function inheritParentAcls(parent: Doc, child: Doc, layoutOnly: boolean) {
-    if (GetEffectiveAcl(parent) !== AclAdmin) return;
-    Object.keys(parent)
+    [...Object.keys(parent), ...(Doc.CurrentUserEmail !== parent.author ? ['acl-Owner'] : [])]
         .filter(key => key.startsWith('acl'))
         .forEach(key => {
             // if the default acl mode is private, then don't inherit the acl-guest permission, but set it to private.
             // const permission: string = key === 'acl-guest' && Doc.defaultAclPrivate ? AclPrivate : parent[key];
-            const parAcl = ReverseHierarchyMap.get(StrCast(parent[key]))?.acl;
+            const parAcl = ReverseHierarchyMap.get(StrCast(key === 'acl-Owner' ? (Doc.defaultAclPrivate ? SharingPermissions.None : SharingPermissions.Edit) : parent[key]))?.acl;
             if (parAcl) {
                 const sharePermission = HierarchyMapping.get(parAcl)?.name;
-                sharePermission && distributeAcls(key, sharePermission, child, undefined, false, layoutOnly);
+                sharePermission && distributeAcls(key === 'acl-Owner' ? `acl-${normalizeEmail(StrCast(parent.author))}` : key, sharePermission, child, undefined, false, layoutOnly);
             }
         });
 }
@@ -232,7 +231,7 @@ function getEffectiveAcl(target: any, user?: string): symbol {
  * @param target the document on which this access right is being set
  * @param visited list of Doc's already distributed to.
  * @param allowUpgrade whether permissions can be made less restrictive
- * inheritingFromCollection is not currently being used but could be used if acl assignment defaults change
+ * @param layoutOnly just sets the layout doc's ACL (unless the data doc has no entry for the ACL, in which case it will be set as well)
  */
 export function distributeAcls(key: string, acl: SharingPermissions, target: Doc, visited?: Doc[], allowUpgrade?: boolean, layoutOnly = false) {
     const selfKey = `acl-${Doc.CurrentUserEmailNormalized}`;
@@ -276,6 +275,7 @@ export function distributeAcls(key: string, acl: SharingPermissions, target: Doc
     if (GetEffectiveAcl(target) === AclAdmin && (allowUpgrade || !Doc.GetT(target, key, 'boolean', true) || ReverseHierarchyMap.get(StrCast(target[key]))!.level > aclVal)) {
         target[key] = acl;
         layoutDocChanged = true;
+        if (dataDoc[key] === undefined) dataDoc[key] = acl;
     }
 
     layoutDocChanged && updateCachedAcls(target); // updates target[AclSym] when changes to acls have been made