2022-11-22 14:56:01 +01:00
|
|
|
import { permissions, roles } from "@budibase/backend-core"
|
2023-08-18 15:33:21 +02:00
|
|
|
import { DocumentType, VirtualDocumentType } from "../db/utils"
|
2022-11-22 14:56:01 +01:00
|
|
|
|
|
|
|
export const CURRENTLY_SUPPORTED_LEVELS: string[] = [
|
|
|
|
permissions.PermissionLevel.WRITE,
|
|
|
|
permissions.PermissionLevel.READ,
|
|
|
|
permissions.PermissionLevel.EXECUTE,
|
|
|
|
]
|
|
|
|
|
|
|
|
export function getPermissionType(resourceId: string) {
|
|
|
|
const docType = Object.values(DocumentType).filter(docType =>
|
|
|
|
resourceId.startsWith(docType)
|
|
|
|
)[0]
|
2023-08-18 15:33:21 +02:00
|
|
|
switch (docType as DocumentType | VirtualDocumentType) {
|
2022-11-22 14:56:01 +01:00
|
|
|
case DocumentType.TABLE:
|
|
|
|
case DocumentType.ROW:
|
2023-08-18 15:33:21 +02:00
|
|
|
case VirtualDocumentType.VIEW:
|
2022-11-22 14:56:01 +01:00
|
|
|
return permissions.PermissionType.TABLE
|
|
|
|
case DocumentType.AUTOMATION:
|
|
|
|
return permissions.PermissionType.AUTOMATION
|
|
|
|
case DocumentType.WEBHOOK:
|
|
|
|
return permissions.PermissionType.WEBHOOK
|
|
|
|
case DocumentType.QUERY:
|
|
|
|
case DocumentType.DATASOURCE:
|
|
|
|
return permissions.PermissionType.QUERY
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* works out the basic permissions based on builtin roles for a resource, using its ID
|
|
|
|
*/
|
|
|
|
export function getBasePermissions(resourceId: string) {
|
|
|
|
const type = getPermissionType(resourceId)
|
|
|
|
const basePermissions: { [key: string]: string } = {}
|
|
|
|
for (let [roleId, role] of Object.entries(roles.getBuiltinRoles())) {
|
|
|
|
if (!role.permissionId) {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
const perms = permissions.getBuiltinPermissionByID(role.permissionId)
|
|
|
|
if (!perms) {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
const typedPermission = perms.permissions.find(perm => perm.type === type)
|
|
|
|
if (
|
|
|
|
typedPermission &&
|
|
|
|
CURRENTLY_SUPPORTED_LEVELS.indexOf(typedPermission.level) !== -1
|
|
|
|
) {
|
|
|
|
const level = typedPermission.level
|
|
|
|
basePermissions[level] = roles.lowerBuiltinRoleID(
|
|
|
|
basePermissions[level],
|
|
|
|
roleId
|
|
|
|
)
|
|
|
|
if (permissions.isPermissionLevelHigherThanRead(level)) {
|
|
|
|
basePermissions[permissions.PermissionLevel.READ] =
|
|
|
|
roles.lowerBuiltinRoleID(
|
|
|
|
basePermissions[permissions.PermissionLevel.READ],
|
|
|
|
roleId
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return basePermissions
|
|
|
|
}
|