2022-11-22 14:56:01 +01:00
|
|
|
import { permissions, roles } from "@budibase/backend-core"
|
2023-08-18 15:33:21 +02:00
|
|
|
import { DocumentType, VirtualDocumentType } from "../db/utils"
|
2024-10-04 17:12:01 +02:00
|
|
|
import { getDocumentType, getVirtualDocumentType } from "@budibase/types"
|
2022-11-22 14:56:01 +01:00
|
|
|
|
|
|
|
export const CURRENTLY_SUPPORTED_LEVELS: string[] = [
|
|
|
|
permissions.PermissionLevel.WRITE,
|
|
|
|
permissions.PermissionLevel.READ,
|
|
|
|
permissions.PermissionLevel.EXECUTE,
|
|
|
|
]
|
|
|
|
|
|
|
|
export function getPermissionType(resourceId: string) {
|
2024-10-04 17:12:01 +02:00
|
|
|
const virtualDocType = getVirtualDocumentType(resourceId)
|
|
|
|
switch (virtualDocType) {
|
2023-08-18 15:33:21 +02:00
|
|
|
case VirtualDocumentType.VIEW:
|
2022-11-22 14:56:01 +01:00
|
|
|
return permissions.PermissionType.TABLE
|
2024-10-04 17:12:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
const docType = getDocumentType(resourceId)
|
|
|
|
switch (docType) {
|
|
|
|
case DocumentType.TABLE:
|
|
|
|
case DocumentType.ROW:
|
2022-11-22 14:56:01 +01:00
|
|
|
case DocumentType.AUTOMATION:
|
|
|
|
return permissions.PermissionType.AUTOMATION
|
|
|
|
case DocumentType.WEBHOOK:
|
|
|
|
return permissions.PermissionType.WEBHOOK
|
|
|
|
case DocumentType.QUERY:
|
|
|
|
case DocumentType.DATASOURCE:
|
|
|
|
return permissions.PermissionType.QUERY
|
2023-09-04 12:00:58 +02:00
|
|
|
default:
|
|
|
|
// legacy views don't have an ID, will end up here
|
|
|
|
return permissions.PermissionType.LEGACY_VIEW
|
2022-11-22 14:56:01 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* works out the basic permissions based on builtin roles for a resource, using its ID
|
|
|
|
*/
|
2024-10-08 12:06:54 +02:00
|
|
|
export function getBasePermissions(resourceId: string): Record<string, string> {
|
2022-11-22 14:56:01 +01:00
|
|
|
const type = getPermissionType(resourceId)
|
2024-10-08 12:06:54 +02:00
|
|
|
const basePermissions: Record<string, string> = {}
|
2022-11-22 14:56:01 +01:00
|
|
|
for (let [roleId, role] of Object.entries(roles.getBuiltinRoles())) {
|
|
|
|
if (!role.permissionId) {
|
|
|
|
continue
|
|
|
|
}
|
2024-10-04 17:12:01 +02:00
|
|
|
|
2022-11-22 14:56:01 +01:00
|
|
|
const perms = permissions.getBuiltinPermissionByID(role.permissionId)
|
|
|
|
if (!perms) {
|
|
|
|
continue
|
|
|
|
}
|
2024-10-04 17:12:01 +02:00
|
|
|
|
2022-11-22 14:56:01 +01:00
|
|
|
const typedPermission = perms.permissions.find(perm => perm.type === type)
|
2024-10-04 17:12:01 +02:00
|
|
|
if (!typedPermission) {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if (CURRENTLY_SUPPORTED_LEVELS.includes(typedPermission.level)) {
|
2022-11-22 14:56:01 +01:00
|
|
|
const level = typedPermission.level
|
|
|
|
basePermissions[level] = roles.lowerBuiltinRoleID(
|
|
|
|
basePermissions[level],
|
|
|
|
roleId
|
|
|
|
)
|
|
|
|
if (permissions.isPermissionLevelHigherThanRead(level)) {
|
|
|
|
basePermissions[permissions.PermissionLevel.READ] =
|
|
|
|
roles.lowerBuiltinRoleID(
|
|
|
|
basePermissions[permissions.PermissionLevel.READ],
|
|
|
|
roleId
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return basePermissions
|
|
|
|
}
|