budibase/packages/server/src/sdk/app/permissions/index.ts

import { context, roles } from "@budibase/backend-core"
import { features } from "@budibase/pro"
import {
  DocumentType,
  PermissionLevel,
  VirtualDocumentType,
} from "@budibase/types"
import { getRoleParams, isViewID } from "../../../db/utils"
import {
  CURRENTLY_SUPPORTED_LEVELS,
  getBasePermissions,
} from "../../../utilities/security"

type ResourceActionAllowedResult =
  | { allowed: true }
  | {
      allowed: false
      level: PermissionLevel
      resourceType: DocumentType | VirtualDocumentType
    }

export async function resourceActionAllowed({
  resourceId,
  level,
}: {
  resourceId: string
  level: PermissionLevel
}): Promise<ResourceActionAllowedResult> {
  if (!isViewID(resourceId)) {
    return { allowed: true }
  }

  if (await features.isViewPermissionEnabled()) {
    return { allowed: true }
  }

  return {
    allowed: false,
    level,
    resourceType: VirtualDocumentType.VIEW,
  }
}

export async function getResourcePerms(resourceId: string) {
  const db = context.getAppDB()
  const body = await db.allDocs(
    getRoleParams(null, {
      include_docs: true,
    })
  )
  const rolesList = body.rows.map(row => row.doc)
  let permissions: Record<string, string> = {}
  for (let level of CURRENTLY_SUPPORTED_LEVELS) {
    // update the various roleIds in the resource permissions
    for (let role of rolesList) {
      const rolePerms = roles.checkForRoleResourceArray(
        role.permissions,
        resourceId
      )
      if (
        rolePerms &&
        rolePerms[resourceId] &&
        rolePerms[resourceId].indexOf(level) !== -1
      ) {
        permissions[level] = roles.getExternalRoleID(role._id, role.version)!
      }
    }
  }

  return Object.assign(getBasePermissions(resourceId), permissions)
}
Move permissions code to sdk 2023-08-31 10:36:17 +02:00			`import { context, roles } from "@budibase/backend-core"`
			`import { features } from "@budibase/pro"`
Add basic sdk checks 2023-08-21 16:56:40 +02:00			`import {`
			`DocumentType,`
			`PermissionLevel,`
			`VirtualDocumentType,`
			`} from "@budibase/types"`
Move permissions code to sdk 2023-08-31 10:36:17 +02:00			`import { getRoleParams, isViewID } from "../../../db/utils"`
			`import {`
			`CURRENTLY_SUPPORTED_LEVELS,`
			`getBasePermissions,`
			`} from "../../../utilities/security"`
Add basic sdk checks 2023-08-21 16:56:40 +02:00
			`type ResourceActionAllowedResult =`
			`\| { allowed: true }`
			`\| {`
			`allowed: false`
			`level: PermissionLevel`
			`resourceType: DocumentType \| VirtualDocumentType`
			`}`

			`export async function resourceActionAllowed({`
			`resourceId,`
			`level,`
			`}: {`
			`resourceId: string`
			`level: PermissionLevel`
			`}): Promise<ResourceActionAllowedResult> {`
			`if (!isViewID(resourceId)) {`
			`return { allowed: true }`
			`}`

Implemment checks 2023-08-22 10:27:06 +02:00			`if (await features.isViewPermissionEnabled()) {`
			`return { allowed: true }`
			`}`

Add basic sdk checks 2023-08-21 16:56:40 +02:00			`return {`
			`allowed: false,`
			`level,`
			`resourceType: VirtualDocumentType.VIEW,`
			`}`
			`}`
Move permissions code to sdk 2023-08-31 10:36:17 +02:00
			`export async function getResourcePerms(resourceId: string) {`
			`const db = context.getAppDB()`
			`const body = await db.allDocs(`
			`getRoleParams(null, {`
			`include_docs: true,`
			`})`
			`)`
			`const rolesList = body.rows.map(row => row.doc)`
			`let permissions: Record<string, string> = {}`
			`for (let level of CURRENTLY_SUPPORTED_LEVELS) {`
			`// update the various roleIds in the resource permissions`
			`for (let role of rolesList) {`
			`const rolePerms = roles.checkForRoleResourceArray(`
			`role.permissions,`
			`resourceId`
			`)`
			`if (`
			`rolePerms &&`
			`rolePerms[resourceId] &&`
			`rolePerms[resourceId].indexOf(level) !== -1`
			`) {`
			`permissions[level] = roles.getExternalRoleID(role._id, role.version)!`
			`}`
			`}`
			`}`

			`return Object.assign(getBasePermissions(resourceId), permissions)`
			`}`