2021-02-12 13:02:07 +01:00
|
|
|
const {
|
|
|
|
PermissionLevels,
|
|
|
|
PermissionTypes,
|
|
|
|
getBuiltinPermissionByID,
|
|
|
|
isPermissionLevelHigherThanRead,
|
2022-01-10 20:33:00 +01:00
|
|
|
} = require("@budibase/backend-core/permissions")
|
|
|
|
const {
|
|
|
|
lowerBuiltinRoleID,
|
|
|
|
getBuiltinRoles,
|
|
|
|
} = require("@budibase/backend-core/roles")
|
2021-05-14 16:43:41 +02:00
|
|
|
const { DocumentTypes } = require("../db/utils")
|
2021-02-12 13:02:07 +01:00
|
|
|
|
|
|
|
const CURRENTLY_SUPPORTED_LEVELS = [
|
|
|
|
PermissionLevels.WRITE,
|
|
|
|
PermissionLevels.READ,
|
|
|
|
]
|
|
|
|
|
2021-05-04 12:32:22 +02:00
|
|
|
exports.getPermissionType = resourceId => {
|
|
|
|
const docType = Object.values(DocumentTypes).filter(docType =>
|
2021-02-12 13:02:07 +01:00
|
|
|
resourceId.startsWith(docType)
|
|
|
|
)[0]
|
|
|
|
switch (docType) {
|
|
|
|
case DocumentTypes.TABLE:
|
|
|
|
case DocumentTypes.ROW:
|
|
|
|
return PermissionTypes.TABLE
|
|
|
|
case DocumentTypes.AUTOMATION:
|
|
|
|
return PermissionTypes.AUTOMATION
|
|
|
|
case DocumentTypes.WEBHOOK:
|
|
|
|
return PermissionTypes.WEBHOOK
|
|
|
|
case DocumentTypes.QUERY:
|
|
|
|
case DocumentTypes.DATASOURCE:
|
|
|
|
return PermissionTypes.QUERY
|
|
|
|
default:
|
|
|
|
// views don't have an ID, will end up here
|
|
|
|
return PermissionTypes.VIEW
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* works out the basic permissions based on builtin roles for a resource, using its ID
|
|
|
|
* @param resourceId
|
|
|
|
* @returns {{}}
|
|
|
|
*/
|
2021-05-04 12:32:22 +02:00
|
|
|
exports.getBasePermissions = resourceId => {
|
2021-02-12 13:02:07 +01:00
|
|
|
const type = exports.getPermissionType(resourceId)
|
|
|
|
const permissions = {}
|
2021-02-12 21:34:54 +01:00
|
|
|
for (let [roleId, role] of Object.entries(getBuiltinRoles())) {
|
2021-02-12 13:02:07 +01:00
|
|
|
if (!role.permissionId) {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
const perms = getBuiltinPermissionByID(role.permissionId)
|
2021-05-04 12:32:22 +02:00
|
|
|
const typedPermission = perms.permissions.find(perm => perm.type === type)
|
2021-02-12 13:02:07 +01:00
|
|
|
if (
|
|
|
|
typedPermission &&
|
|
|
|
CURRENTLY_SUPPORTED_LEVELS.indexOf(typedPermission.level) !== -1
|
|
|
|
) {
|
|
|
|
const level = typedPermission.level
|
|
|
|
permissions[level] = lowerBuiltinRoleID(permissions[level], roleId)
|
|
|
|
if (isPermissionLevelHigherThanRead(level)) {
|
|
|
|
permissions[PermissionLevels.READ] = lowerBuiltinRoleID(
|
|
|
|
permissions[PermissionLevels.READ],
|
|
|
|
roleId
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return permissions
|
|
|
|
}
|
|
|
|
|
|
|
|
exports.CURRENTLY_SUPPORTED_LEVELS = CURRENTLY_SUPPORTED_LEVELS
|