From 040405089783741815081a57f0824a8195e7b7c6 Mon Sep 17 00:00:00 2001 From: Andrew Kingston Date: Fri, 13 Sep 2024 10:47:56 +0100 Subject: [PATCH] Reset server changes to master --- packages/backend-core/src/security/roles.ts | 81 +++++++------------ packages/server/src/api/controllers/role.ts | 27 ++----- .../src/api/routes/tests/permissions.spec.ts | 36 +-------- .../server/src/api/routes/utils/validators.ts | 8 +- packages/types/src/api/web/role.ts | 3 - packages/types/src/documents/app/role.ts | 10 ++- 6 files changed, 54 insertions(+), 111 deletions(-) diff --git a/packages/backend-core/src/security/roles.ts b/packages/backend-core/src/security/roles.ts index 097d6e84da..a7210ec2b8 100644 --- a/packages/backend-core/src/security/roles.ts +++ b/packages/backend-core/src/security/roles.ts @@ -7,8 +7,9 @@ import { doWithDB, } from "../db" import { getAppDB } from "../context" -import { Screen, Role as RoleDoc } from "@budibase/types" +import { Screen, Role as RoleDoc, RoleUIMetadata } from "@budibase/types" import cloneDeep from "lodash/fp/cloneDeep" +import { RoleColor } from "@budibase/shared-core" export const BUILTIN_ROLE_IDS = { ADMIN: "ADMIN", @@ -45,22 +46,12 @@ export class Role implements RoleDoc { inherits?: string version?: string permissions: Record = {} - displayName?: string - color?: string - description?: string + uiMetadata?: RoleUIMetadata - constructor( - id: string, - displayName: string, - description: string, - color: string, - permissionId: string - ) { + constructor(id: string, permissionId: string, uiMetadata?: RoleUIMetadata) { this._id = id - this.name = id - this.displayName = displayName - this.color = color - this.description = description + this.name = uiMetadata?.displayName || id + this.uiMetadata = uiMetadata this.permissionId = permissionId // version for managing the ID - removing the role_ when responding this.version = RoleIDVersion.NAME @@ -73,41 +64,31 @@ export class Role implements RoleDoc { } const BUILTIN_ROLES = { - ADMIN: new Role( - BUILTIN_IDS.ADMIN, - "App admin", - "Can do everything", - "var(--spectrum-global-color-static-red-400)", - BuiltinPermissionID.ADMIN - ).addInheritance(BUILTIN_IDS.POWER), - POWER: new Role( - BUILTIN_IDS.POWER, - "App power user", - "An app user with more access", - "var(--spectrum-global-color-static-orange-400)", - BuiltinPermissionID.POWER - ).addInheritance(BUILTIN_IDS.BASIC), - BASIC: new Role( - BUILTIN_IDS.BASIC, - "App user", - "Any logged in user", - "var(--spectrum-global-color-static-green-400)", - BuiltinPermissionID.WRITE - ).addInheritance(BUILTIN_IDS.PUBLIC), - PUBLIC: new Role( - BUILTIN_IDS.PUBLIC, - "Public user", - "Accessible to anyone", - "var(--spectrum-global-color-static-blue-400)", - BuiltinPermissionID.PUBLIC - ), - BUILDER: new Role( - BUILTIN_IDS.BUILDER, - "Builder user", - "Users that can edit this app", - "var(--spectrum-global-color-static-magenta-600)", - BuiltinPermissionID.ADMIN - ), + ADMIN: new Role(BUILTIN_IDS.ADMIN, BuiltinPermissionID.ADMIN, { + displayName: "App admin", + description: "Can do everything", + color: RoleColor.ADMIN, + }).addInheritance(BUILTIN_IDS.POWER), + POWER: new Role(BUILTIN_IDS.POWER, BuiltinPermissionID.POWER, { + displayName: "App power user", + description: "An app user with more access", + color: RoleColor.POWER, + }).addInheritance(BUILTIN_IDS.BASIC), + BASIC: new Role(BUILTIN_IDS.BASIC, BuiltinPermissionID.WRITE, { + displayName: "App user", + description: "Any logged in user", + color: RoleColor.BASIC, + }).addInheritance(BUILTIN_IDS.PUBLIC), + PUBLIC: new Role(BUILTIN_IDS.PUBLIC, BuiltinPermissionID.PUBLIC, { + displayName: "Public user", + description: "Accessible to anyone", + color: RoleColor.PUBLIC, + }), + BUILDER: new Role(BUILTIN_IDS.BUILDER, BuiltinPermissionID.ADMIN, { + displayName: "Builder user", + description: "Users that can edit this app", + color: RoleColor.BUILDER, + }), } export function getBuiltinRoles(): { [key: string]: RoleDoc } { diff --git a/packages/server/src/api/controllers/role.ts b/packages/server/src/api/controllers/role.ts index 28e9cb2779..ee1c223952 100644 --- a/packages/server/src/api/controllers/role.ts +++ b/packages/server/src/api/controllers/role.ts @@ -19,7 +19,7 @@ import { UserMetadata, DocumentType, } from "@budibase/types" -import { sdk as sharedSdk } from "@budibase/shared-core" +import { RoleColor, sdk as sharedSdk } from "@budibase/shared-core" import sdk from "../../sdk" const UpdateRolesOptions = { @@ -62,16 +62,8 @@ export async function find(ctx: UserCtx) { export async function save(ctx: UserCtx) { const db = context.getAppDB() - let { - _id, - name, - displayName, - description, - color, - inherits, - permissionId, - version, - } = ctx.request.body + let { _id, name, inherits, permissionId, version, uiMetadata } = + ctx.request.body let isCreate = false const isNewVersion = version === roles.RoleIDVersion.NAME @@ -97,14 +89,11 @@ export async function save(ctx: UserCtx) { ctx.throw(400, "Cannot change custom role name") } - const role = new roles.Role( - _id, - displayName || name, - description || "Custom role", - color || "var(--spectrum-global-color-static-magenta-400)", - permissionId - ).addInheritance(inherits) - + const role = new roles.Role(_id, permissionId, { + displayName: uiMetadata?.displayName || name, + description: uiMetadata?.description || "Custom role", + color: uiMetadata?.color || RoleColor.DEFAULT_CUSTOM, + }).addInheritance(inherits) if (dbRole?.permissions && !role.permissions) { role.permissions = dbRole.permissions } diff --git a/packages/server/src/api/routes/tests/permissions.spec.ts b/packages/server/src/api/routes/tests/permissions.spec.ts index 0fba930144..0f059998ae 100644 --- a/packages/server/src/api/routes/tests/permissions.spec.ts +++ b/packages/server/src/api/routes/tests/permissions.spec.ts @@ -1,16 +1,5 @@ -const mockedSdk = sdk.permissions as jest.Mocked - -import sdk from "../../../sdk" - import { roles } from "@budibase/backend-core" -import { - Document, - DocumentType, - PermissionLevel, - Row, - Table, - ViewV2, -} from "@budibase/types" +import { Document, PermissionLevel, Row, Table, ViewV2 } from "@budibase/types" import * as setup from "./utilities" import { generator, mocks } from "@budibase/backend-core/tests" @@ -36,6 +25,7 @@ describe("/permission", () => { beforeEach(async () => { mocks.licenses.useCloudFree() + table = (await config.createTable()) as typeof table row = await config.createRow() view = await config.api.viewV2.create({ @@ -154,27 +144,7 @@ describe("/permission", () => { await config.api.viewV2.publicSearch(view.id, undefined, { status: 401 }) }) - it("should ignore the view permissions if the flag is not on", async () => { - await config.api.permission.add({ - roleId: STD_ROLE_ID, - resourceId: view.id, - level: PermissionLevel.READ, - }) - await config.api.permission.revoke({ - roleId: STD_ROLE_ID, - resourceId: table._id, - level: PermissionLevel.READ, - }) - // replicate changes before checking permissions - await config.publish() - - await config.api.viewV2.publicSearch(view.id, undefined, { - status: 401, - }) - }) - - it("should use the view permissions if the flag is on", async () => { - mocks.licenses.useViewPermissions() + it("should use the view permissions", async () => { await config.api.permission.add({ roleId: STD_ROLE_ID, resourceId: view.id, diff --git a/packages/server/src/api/routes/utils/validators.ts b/packages/server/src/api/routes/utils/validators.ts index 2b50f81868..b589d44b31 100644 --- a/packages/server/src/api/routes/utils/validators.ts +++ b/packages/server/src/api/routes/utils/validators.ts @@ -208,9 +208,11 @@ export function roleValidator() { name: Joi.string() .regex(/^[a-zA-Z0-9_]*$/) .required(), - displayName: Joi.string().optional(), - color: Joi.string().optional(), - description: Joi.string().optional(), + uiMetadata: Joi.object({ + displayName: OPTIONAL_STRING, + color: OPTIONAL_STRING, + description: OPTIONAL_STRING, + }).optional(), // this is the base permission ID (for now a built in) permissionId: Joi.string() .valid(...Object.values(permissions.BuiltinPermissionID)) diff --git a/packages/types/src/api/web/role.ts b/packages/types/src/api/web/role.ts index df63fbaa77..644222b8f9 100644 --- a/packages/types/src/api/web/role.ts +++ b/packages/types/src/api/web/role.ts @@ -4,9 +4,6 @@ export interface SaveRoleRequest { _id?: string _rev?: string name: string - displayName?: string - color?: string - description?: string inherits: string permissionId: string version: string diff --git a/packages/types/src/documents/app/role.ts b/packages/types/src/documents/app/role.ts index 29687ce6e1..6557b7e19d 100644 --- a/packages/types/src/documents/app/role.ts +++ b/packages/types/src/documents/app/role.ts @@ -1,13 +1,17 @@ import { Document } from "../document" import { PermissionLevel } from "../../sdk" +export interface RoleUIMetadata { + displayName?: string + color?: string + description?: string +} + export interface Role extends Document { permissionId: string inherits?: string permissions: Record version?: string name: string - displayName?: string - color?: string - description?: string + uiMetadata?: RoleUIMetadata }