budibase/packages/server/src/utilities/security.ts

import { permissions, roles } from "@budibase/backend-core"
import { DocumentType } from "../db/utils"

export const CURRENTLY_SUPPORTED_LEVELS: string[] = [
  permissions.PermissionLevel.WRITE,
  permissions.PermissionLevel.READ,
  permissions.PermissionLevel.EXECUTE,
]

export function getPermissionType(resourceId: string) {
  const docType = Object.values(DocumentType).filter(docType =>
    resourceId.startsWith(docType)
  )[0]
  switch (docType) {
    case DocumentType.TABLE:
    case DocumentType.ROW:
      return permissions.PermissionType.TABLE
    case DocumentType.AUTOMATION:
      return permissions.PermissionType.AUTOMATION
    case DocumentType.WEBHOOK:
      return permissions.PermissionType.WEBHOOK
    case DocumentType.QUERY:
    case DocumentType.DATASOURCE:
      return permissions.PermissionType.QUERY
    default:
      // views don't have an ID, will end up here
      return permissions.PermissionType.VIEW
  }
}

/**
 *  works out the basic permissions based on builtin roles for a resource, using its ID
 */
export function getBasePermissions(resourceId: string) {
  const type = getPermissionType(resourceId)
  const basePermissions: { [key: string]: string } = {}
  for (let [roleId, role] of Object.entries(roles.getBuiltinRoles())) {
    if (!role.permissionId) {
      continue
    }
    const perms = permissions.getBuiltinPermissionByID(role.permissionId)
    if (!perms) {
      continue
    }
    const typedPermission = perms.permissions.find(perm => perm.type === type)
    if (
      typedPermission &&
      CURRENTLY_SUPPORTED_LEVELS.indexOf(typedPermission.level) !== -1
    ) {
      const level = typedPermission.level
      basePermissions[level] = roles.lowerBuiltinRoleID(
        basePermissions[level],
        roleId
      )
      if (permissions.isPermissionLevelHigherThanRead(level)) {
        basePermissions[permissions.PermissionLevel.READ] =
          roles.lowerBuiltinRoleID(
            basePermissions[permissions.PermissionLevel.READ],
            roleId
          )
      }
    }
  }
  return basePermissions
}
Typescript conversion of the table controllers. 2022-11-22 14:56:01 +01:00			`import { permissions, roles } from "@budibase/backend-core"`
revert develop into master 2023-08-17 11:28:15 +02:00			`import { DocumentType } from "../db/utils"`
Typescript conversion of the table controllers. 2022-11-22 14:56:01 +01:00
			`export const CURRENTLY_SUPPORTED_LEVELS: string[] = [`
			`permissions.PermissionLevel.WRITE,`
			`permissions.PermissionLevel.READ,`
			`permissions.PermissionLevel.EXECUTE,`
			`]`

			`export function getPermissionType(resourceId: string) {`
			`const docType = Object.values(DocumentType).filter(docType =>`
			`resourceId.startsWith(docType)`
			`)[0]`
revert develop into master 2023-08-17 11:28:15 +02:00			`switch (docType) {`
Typescript conversion of the table controllers. 2022-11-22 14:56:01 +01:00			`case DocumentType.TABLE:`
			`case DocumentType.ROW:`
			`return permissions.PermissionType.TABLE`
			`case DocumentType.AUTOMATION:`
			`return permissions.PermissionType.AUTOMATION`
			`case DocumentType.WEBHOOK:`
			`return permissions.PermissionType.WEBHOOK`
			`case DocumentType.QUERY:`
			`case DocumentType.DATASOURCE:`
			`return permissions.PermissionType.QUERY`
revert develop into master 2023-08-17 11:28:15 +02:00			`default:`
			`// views don't have an ID, will end up here`
			`return permissions.PermissionType.VIEW`
Typescript conversion of the table controllers. 2022-11-22 14:56:01 +01:00			`}`
			`}`

			`/**`
			`* works out the basic permissions based on builtin roles for a resource, using its ID`
			`*/`
			`export function getBasePermissions(resourceId: string) {`
			`const type = getPermissionType(resourceId)`
			`const basePermissions: { [key: string]: string } = {}`
			`for (let [roleId, role] of Object.entries(roles.getBuiltinRoles())) {`
			`if (!role.permissionId) {`
			`continue`
			`}`
			`const perms = permissions.getBuiltinPermissionByID(role.permissionId)`
			`if (!perms) {`
			`continue`
			`}`
			`const typedPermission = perms.permissions.find(perm => perm.type === type)`
			`if (`
			`typedPermission &&`
			`CURRENTLY_SUPPORTED_LEVELS.indexOf(typedPermission.level) !== -1`
			`) {`
			`const level = typedPermission.level`
			`basePermissions[level] = roles.lowerBuiltinRoleID(`
			`basePermissions[level],`
			`roleId`
			`)`
			`if (permissions.isPermissionLevelHigherThanRead(level)) {`
			`basePermissions[permissions.PermissionLevel.READ] =`
			`roles.lowerBuiltinRoleID(`
			`basePermissions[permissions.PermissionLevel.READ],`
			`roleId`
			`)`
			`}`
			`}`
			`}`
			`return basePermissions`
			`}`