MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reset server changes to master

This commit is contained in:
Andrew Kingston 2024-09-13 10:47:56 +01:00
parent 46c83353d9
commit 0404050897
No known key found for this signature in database
6 changed files with 54 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
packages/backend-core/src/security/roles.ts
View File

@ -7,8 +7,9 @@ import {
doWithDB,
} from "../db"
import { getAppDB } from "../context"
import { Screen, Role as RoleDoc } from "@budibase/types"
import { Screen, Role as RoleDoc, RoleUIMetadata } from "@budibase/types"
import cloneDeep from "lodash/fp/cloneDeep"
import { RoleColor } from "@budibase/shared-core"
export const BUILTIN_ROLE_IDS = {
ADMIN: "ADMIN",
@ -45,22 +46,12 @@ export class Role implements RoleDoc {
inherits?: string
version?: string
permissions: Record<string, PermissionLevel[]> = {}
displayName?: string
color?: string
description?: string
uiMetadata?: RoleUIMetadata
constructor(
id: string,
displayName: string,
description: string,
color: string,
permissionId: string
) {
constructor(id: string, permissionId: string, uiMetadata?: RoleUIMetadata) {
this._id = id
this.name = id
this.displayName = displayName
this.color = color
this.description = description
this.name = uiMetadata?.displayName || id
this.uiMetadata = uiMetadata
this.permissionId = permissionId
// version for managing the ID - removing the role_ when responding
this.version = RoleIDVersion.NAME
@ -73,41 +64,31 @@ export class Role implements RoleDoc {
}
const BUILTIN_ROLES = {
ADMIN: new Role(
BUILTIN_IDS.ADMIN,
"App admin",
"Can do everything",
"var(--spectrum-global-color-static-red-400)",
BuiltinPermissionID.ADMIN
).addInheritance(BUILTIN_IDS.POWER),
POWER: new Role(
BUILTIN_IDS.POWER,
"App power user",
"An app user with more access",
"var(--spectrum-global-color-static-orange-400)",
BuiltinPermissionID.POWER
).addInheritance(BUILTIN_IDS.BASIC),
BASIC: new Role(
BUILTIN_IDS.BASIC,
"App user",
"Any logged in user",
"var(--spectrum-global-color-static-green-400)",
BuiltinPermissionID.WRITE
).addInheritance(BUILTIN_IDS.PUBLIC),
PUBLIC: new Role(
BUILTIN_IDS.PUBLIC,
"Public user",
"Accessible to anyone",
"var(--spectrum-global-color-static-blue-400)",
BuiltinPermissionID.PUBLIC
),
BUILDER: new Role(
BUILTIN_IDS.BUILDER,
"Builder user",
"Users that can edit this app",
"var(--spectrum-global-color-static-magenta-600)",
BuiltinPermissionID.ADMIN
),
ADMIN: new Role(BUILTIN_IDS.ADMIN, BuiltinPermissionID.ADMIN, {
displayName: "App admin",
description: "Can do everything",
color: RoleColor.ADMIN,
}).addInheritance(BUILTIN_IDS.POWER),
POWER: new Role(BUILTIN_IDS.POWER, BuiltinPermissionID.POWER, {
displayName: "App power user",
description: "An app user with more access",
color: RoleColor.POWER,
}).addInheritance(BUILTIN_IDS.BASIC),
BASIC: new Role(BUILTIN_IDS.BASIC, BuiltinPermissionID.WRITE, {
displayName: "App user",
description: "Any logged in user",
color: RoleColor.BASIC,
}).addInheritance(BUILTIN_IDS.PUBLIC),
PUBLIC: new Role(BUILTIN_IDS.PUBLIC, BuiltinPermissionID.PUBLIC, {
displayName: "Public user",
description: "Accessible to anyone",
color: RoleColor.PUBLIC,
}),
BUILDER: new Role(BUILTIN_IDS.BUILDER, BuiltinPermissionID.ADMIN, {
displayName: "Builder user",
description: "Users that can edit this app",
color: RoleColor.BUILDER,
}),
}
export function getBuiltinRoles(): { [key: string]: RoleDoc } {

27
packages/server/src/api/controllers/role.ts
View File

@ -19,7 +19,7 @@ import {
UserMetadata,
DocumentType,
} from "@budibase/types"
import { sdk as sharedSdk } from "@budibase/shared-core"
import { RoleColor, sdk as sharedSdk } from "@budibase/shared-core"
import sdk from "../../sdk"
const UpdateRolesOptions = {
@ -62,16 +62,8 @@ export async function find(ctx: UserCtx<void, FindRoleResponse>) {
export async function save(ctx: UserCtx<SaveRoleRequest, SaveRoleResponse>) {
const db = context.getAppDB()
let {
_id,
name,
displayName,
description,
color,
inherits,
permissionId,
version,
} = ctx.request.body
let { _id, name, inherits, permissionId, version, uiMetadata } =
ctx.request.body
let isCreate = false
const isNewVersion = version === roles.RoleIDVersion.NAME
@ -97,14 +89,11 @@ export async function save(ctx: UserCtx<SaveRoleRequest, SaveRoleResponse>) {
ctx.throw(400, "Cannot change custom role name")
}
const role = new roles.Role(
_id,
displayName || name,
description || "Custom role",
color || "var(--spectrum-global-color-static-magenta-400)",
permissionId
).addInheritance(inherits)
const role = new roles.Role(_id, permissionId, {
displayName: uiMetadata?.displayName || name,
description: uiMetadata?.description || "Custom role",
color: uiMetadata?.color || RoleColor.DEFAULT_CUSTOM,
}).addInheritance(inherits)
if (dbRole?.permissions && !role.permissions) {
role.permissions = dbRole.permissions
}

36
packages/server/src/api/routes/tests/permissions.spec.ts
View File

@ -1,16 +1,5 @@
const mockedSdk = sdk.permissions as jest.Mocked<typeof sdk.permissions>
import sdk from "../../../sdk"
import { roles } from "@budibase/backend-core"
import {
Document,
DocumentType,
PermissionLevel,
Row,
Table,
ViewV2,
} from "@budibase/types"
import { Document, PermissionLevel, Row, Table, ViewV2 } from "@budibase/types"
import * as setup from "./utilities"
import { generator, mocks } from "@budibase/backend-core/tests"
@ -36,6 +25,7 @@ describe("/permission", () => {
beforeEach(async () => {
mocks.licenses.useCloudFree()
table = (await config.createTable()) as typeof table
row = await config.createRow()
view = await config.api.viewV2.create({
@ -154,27 +144,7 @@ describe("/permission", () => {
await config.api.viewV2.publicSearch(view.id, undefined, { status: 401 })
})
it("should ignore the view permissions if the flag is not on", async () => {
await config.api.permission.add({
roleId: STD_ROLE_ID,
resourceId: view.id,
level: PermissionLevel.READ,
})
await config.api.permission.revoke({
roleId: STD_ROLE_ID,
resourceId: table._id,
level: PermissionLevel.READ,
})
// replicate changes before checking permissions
await config.publish()
await config.api.viewV2.publicSearch(view.id, undefined, {
status: 401,
})
})
it("should use the view permissions if the flag is on", async () => {
mocks.licenses.useViewPermissions()
it("should use the view permissions", async () => {
await config.api.permission.add({
roleId: STD_ROLE_ID,
resourceId: view.id,

8
packages/server/src/api/routes/utils/validators.ts
View File

@ -208,9 +208,11 @@ export function roleValidator() {
name: Joi.string()
.regex(/^[a-zA-Z0-9_]*$/)
.required(),
displayName: Joi.string().optional(),
color: Joi.string().optional(),
description: Joi.string().optional(),
uiMetadata: Joi.object({
displayName: OPTIONAL_STRING,
color: OPTIONAL_STRING,
description: OPTIONAL_STRING,
}).optional(),
// this is the base permission ID (for now a built in)
permissionId: Joi.string()
.valid(...Object.values(permissions.BuiltinPermissionID))

3
packages/types/src/api/web/role.ts
View File

@ -4,9 +4,6 @@ export interface SaveRoleRequest {
_id?: string
_rev?: string
name: string
displayName?: string
color?: string
description?: string
inherits: string
permissionId: string
version: string

10
packages/types/src/documents/app/role.ts
View File

@ -1,13 +1,17 @@
import { Document } from "../document"
import { PermissionLevel } from "../../sdk"
export interface RoleUIMetadata {
displayName?: string
color?: string
description?: string
}
export interface Role extends Document {
permissionId: string
inherits?: string
permissions: Record<string, PermissionLevel[]>
version?: string
name: string
displayName?: string
color?: string
description?: string
uiMetadata?: RoleUIMetadata
}