budibase/packages/server/src/utilities/security.ts

64 lines
2.0 KiB
TypeScript
Raw Normal View History

import { permissions, roles } from "@budibase/backend-core"
import { DocumentType, VirtualDocumentType } from "../db/utils"
export const CURRENTLY_SUPPORTED_LEVELS: string[] = [
permissions.PermissionLevel.WRITE,
permissions.PermissionLevel.READ,
permissions.PermissionLevel.EXECUTE,
]
export function getPermissionType(resourceId: string) {
const docType = Object.values(DocumentType).filter(docType =>
resourceId.startsWith(docType)
)[0]
switch (docType as DocumentType | VirtualDocumentType) {
case DocumentType.TABLE:
case DocumentType.ROW:
case VirtualDocumentType.VIEW:
return permissions.PermissionType.TABLE
case DocumentType.AUTOMATION:
return permissions.PermissionType.AUTOMATION
case DocumentType.WEBHOOK:
return permissions.PermissionType.WEBHOOK
case DocumentType.QUERY:
case DocumentType.DATASOURCE:
return permissions.PermissionType.QUERY
}
}
/**
* works out the basic permissions based on builtin roles for a resource, using its ID
*/
export function getBasePermissions(resourceId: string) {
const type = getPermissionType(resourceId)
const basePermissions: { [key: string]: string } = {}
for (let [roleId, role] of Object.entries(roles.getBuiltinRoles())) {
if (!role.permissionId) {
continue
}
const perms = permissions.getBuiltinPermissionByID(role.permissionId)
if (!perms) {
continue
}
const typedPermission = perms.permissions.find(perm => perm.type === type)
if (
typedPermission &&
CURRENTLY_SUPPORTED_LEVELS.indexOf(typedPermission.level) !== -1
) {
const level = typedPermission.level
basePermissions[level] = roles.lowerBuiltinRoleID(
basePermissions[level],
roleId
)
if (permissions.isPermissionLevelHigherThanRead(level)) {
basePermissions[permissions.PermissionLevel.READ] =
roles.lowerBuiltinRoleID(
basePermissions[permissions.PermissionLevel.READ],
roleId
)
}
}
}
return basePermissions
}