budibase/packages/server/src/api/controllers/role.js

const CouchDB = require("../../db")
const {
  BUILTIN_ROLES,
  Role,
  getRole,
} = require("../../utilities/security/roles")
const {
  generateRoleID,
  getRoleParams,
  getUserParams,
  ViewNames,
} = require("../../db/utils")

const UpdateRolesOptions = {
  CREATED: "created",
  REMOVED: "removed",
}

async function updateRolesOnUserTable(db, roleId, updateOption) {
  const table = await db.get(ViewNames.USERS)
  const schema = table.schema
  const remove = updateOption === UpdateRolesOptions.REMOVED
  let updated = false
  for (let prop of Object.keys(schema)) {
    if (prop === "roleId") {
      updated = true
      const constraints = schema[prop].constraints
      const indexOf = constraints.inclusion.indexOf(roleId)
      if (remove && indexOf !== -1) {
        constraints.inclusion.splice(indexOf, 1)
      } else if (!remove && indexOf === -1) {
        constraints.inclusion.push(roleId)
      }
      break
    }
  }
  if (updated) {
    await db.put(table)
  }
}

exports.fetch = async function(ctx) {
  const db = new CouchDB(ctx.user.appId)
  const body = await db.allDocs(
    getRoleParams(null, {
      include_docs: true,
    })
  )
  const customRoles = body.rows.map(row => row.doc)

  // exclude internal roles like builder
  const staticRoles = [
    BUILTIN_ROLES.ADMIN,
    BUILTIN_ROLES.POWER,
    BUILTIN_ROLES.BASIC,
    BUILTIN_ROLES.PUBLIC,
  ]
  ctx.body = [...staticRoles, ...customRoles]
}

exports.find = async function(ctx) {
  ctx.body = await getRole(ctx.user.appId, ctx.params.roleId)
}

exports.save = async function(ctx) {
  const db = new CouchDB(ctx.user.appId)
  let { _id, name, inherits, permissionId } = ctx.request.body
  if (!_id) {
    _id = generateRoleID()
  }
  const role = new Role(_id, name)
    .addPermission(permissionId)
    .addInheritance(inherits)
  if (ctx.request.body._rev) {
    role._rev = ctx.request.body._rev
  }
  const result = await db.put(role)
  await updateRolesOnUserTable(db, _id, UpdateRolesOptions.CREATED)
  role._rev = result.rev
  ctx.body = role
  ctx.message = `Role '${role.name}' created successfully.`
}

exports.destroy = async function(ctx) {
  const db = new CouchDB(ctx.user.appId)
  const roleId = ctx.params.roleId
  // first check no users actively attached to role
  const users = (
    await db.allDocs(
      getUserParams(null, {
        include_docs: true,
      })
    )
  ).rows.map(row => row.doc)
  const usersWithRole = users.filter(user => user.roleId === roleId)
  if (usersWithRole.length !== 0) {
    ctx.throw("Cannot delete role when it is in use.")
  }

  await db.remove(roleId, ctx.params.rev)
  await updateRolesOnUserTable(
    db,
    ctx.params.roleId,
    UpdateRolesOptions.REMOVED
  )
  ctx.message = `Role ${ctx.params.roleId} deleted successfully`
  ctx.status = 200
}
Changing the naming of access levels to be roles. 2020-12-02 14:20:56 +01:00			`const CouchDB = require("../../db")`
			`const {`
			`BUILTIN_ROLES,`
			`Role,`
			`getRole,`
			`} = require("../../utilities/security/roles")`
Updating role constraints and making sure roles can't be deleted if they are in use. 2020-12-07 16:21:06 +01:00			`const {`
			`generateRoleID,`
			`getRoleParams,`
			`getUserParams,`
			`ViewNames,`
			`} = require("../../db/utils")`

			`const UpdateRolesOptions = {`
			`CREATED: "created",`
			`REMOVED: "removed",`
			`}`

			`async function updateRolesOnUserTable(db, roleId, updateOption) {`
			`const table = await db.get(ViewNames.USERS)`
			`const schema = table.schema`
			`const remove = updateOption === UpdateRolesOptions.REMOVED`
			`let updated = false`
			`for (let prop of Object.keys(schema)) {`
			`if (prop === "roleId") {`
			`updated = true`
			`const constraints = schema[prop].constraints`
			`const indexOf = constraints.inclusion.indexOf(roleId)`
			`if (remove && indexOf !== -1) {`
			`constraints.inclusion.splice(indexOf, 1)`
			`} else if (!remove && indexOf === -1) {`
			`constraints.inclusion.push(roleId)`
			`}`
			`break`
			`}`
			`}`
			`if (updated) {`
			`await db.put(table)`
			`}`
			`}`
Changing the naming of access levels to be roles. 2020-12-02 14:20:56 +01:00
			`exports.fetch = async function(ctx) {`
			`const db = new CouchDB(ctx.user.appId)`
			`const body = await db.allDocs(`
			`getRoleParams(null, {`
			`include_docs: true,`
			`})`
			`)`
			`const customRoles = body.rows.map(row => row.doc)`

Making public and basic roles accessible. 2020-12-03 13:28:30 +01:00			`// exclude internal roles like builder`
			`const staticRoles = [`
			`BUILTIN_ROLES.ADMIN,`
			`BUILTIN_ROLES.POWER,`
			`BUILTIN_ROLES.BASIC,`
			`BUILTIN_ROLES.PUBLIC,`
			`]`
Changing the naming of access levels to be roles. 2020-12-02 14:20:56 +01:00			`ctx.body = [...staticRoles, ...customRoles]`
			`}`

			`exports.find = async function(ctx) {`
			`ctx.body = await getRole(ctx.user.appId, ctx.params.roleId)`
			`}`

			`exports.save = async function(ctx) {`
			`const db = new CouchDB(ctx.user.appId)`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-02 18:08:25 +01:00			`let { _id, name, inherits, permissionId } = ctx.request.body`
			`if (!_id) {`
			`_id = generateRoleID()`
			`}`
			`const role = new Role(_id, name)`
			`.addPermission(permissionId)`
			`.addInheritance(inherits)`
Changing the naming of access levels to be roles. 2020-12-02 14:20:56 +01:00			`if (ctx.request.body._rev) {`
			`role._rev = ctx.request.body._rev`
			`}`
			`const result = await db.put(role)`
Updating role constraints and making sure roles can't be deleted if they are in use. 2020-12-07 16:21:06 +01:00			`await updateRolesOnUserTable(db, _id, UpdateRolesOptions.CREATED)`
Changing the naming of access levels to be roles. 2020-12-02 14:20:56 +01:00			`role._rev = result.rev`
			`ctx.body = role`
			ctx.message = `Role '${role.name}' created successfully.`
			`}`

			`exports.destroy = async function(ctx) {`
			`const db = new CouchDB(ctx.user.appId)`
Updating role constraints and making sure roles can't be deleted if they are in use. 2020-12-07 16:21:06 +01:00			`const roleId = ctx.params.roleId`
			`// first check no users actively attached to role`
			`const users = (`
			`await db.allDocs(`
			`getUserParams(null, {`
			`include_docs: true,`
			`})`
			`)`
			`).rows.map(row => row.doc)`
			`const usersWithRole = users.filter(user => user.roleId === roleId)`
			`if (usersWithRole.length !== 0) {`
			`ctx.throw("Cannot delete role when it is in use.")`
			`}`

			`await db.remove(roleId, ctx.params.rev)`
			`await updateRolesOnUserTable(`
			`db,`
			`ctx.params.roleId,`
			`UpdateRolesOptions.REMOVED`
			`)`
Fix variable name in returned message when deleting a role 2020-12-04 09:28:35 +01:00			ctx.message = `Role ${ctx.params.roleId} deleted successfully`
Changing the naming of access levels to be roles. 2020-12-02 14:20:56 +01:00			`ctx.status = 200`
			`}`