Merge branch 'develop' into BUDI-7393/use_permissions_on_middleware

2023-09-04 15:51:45 +02:00 · 2023-09-04 15:51:45 +02:00 · 111e999962
parent d16110ca73 bb12d2a8cb
commit 111e999962
11 changed files with 38 additions and 14 deletions
--- a/lerna.json
+++ b/lerna.json
@ -1,5 +1,5 @@
 {
-  "version": "2.9.33-alpha.12",
+  "version": "2.9.33-alpha.13",
  "npmClient": "yarn",
  "packages": [
    "packages/*"
--- a/packages/backend-core/src/security/permissions.ts
+++ b/packages/backend-core/src/security/permissions.ts
@ -87,6 +87,7 @@ export const BUILTIN_PERMISSIONS = {
      new Permission(PermissionType.QUERY, PermissionLevel.WRITE),
      new Permission(PermissionType.TABLE, PermissionLevel.WRITE),
      new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
+      new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
    ],
  },
  POWER: {
@ -97,6 +98,7 @@ export const BUILTIN_PERMISSIONS = {
      new Permission(PermissionType.USER, PermissionLevel.READ),
      new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
      new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
+      new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
    ],
  },
  ADMIN: {
@ -108,6 +110,7 @@ export const BUILTIN_PERMISSIONS = {
      new Permission(PermissionType.AUTOMATION, PermissionLevel.ADMIN),
      new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
      new Permission(PermissionType.QUERY, PermissionLevel.ADMIN),
+      new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
    ],
  },
 }
--- a/packages/server/src/api/routes/tests/permissions.spec.ts
+++ b/packages/server/src/api/routes/tests/permissions.spec.ts
@ -270,4 +270,21 @@ describe("/permission", () => {
      expect(publicPerm.name).toBeDefined()
    })
  })
+
+  describe("default permissions", () => {
+    it("legacy views", async () => {
+      const legacyView = await config.createLegacyView()
+
+      const res = await config.api.permission.get(legacyView.name)
+
+      expect(res.body).toEqual({
+        permissions: {
+          read: {
+            permissionType: "BASE",
+            role: "BASIC",
+          },
+        },
+      })
+    })
+  })
 })
--- a/packages/server/src/api/routes/tests/row.spec.ts
+++ b/packages/server/src/api/routes/tests/row.spec.ts
@ -673,7 +673,7 @@ describe("/rows", () => {
    })

    it("should be able to run on a view", async () => {
-      const view = await config.createView()
+      const view = await config.createLegacyView()
      const row = await config.createRow()
      const rowUsage = await getRowUsage()
      const queryUsage = await getQueryUsage()
--- a/packages/server/src/api/routes/tests/table.spec.ts
+++ b/packages/server/src/api/routes/tests/table.spec.ts
@ -87,7 +87,7 @@ describe("/tables", () => {

    it("updates all the row fields for a table when a schema key is renamed", async () => {
      const testTable = await config.createTable()
-      await config.createView({
+      await config.createLegacyView({
        name: "TestView",
        field: "Price",
        calculation: "stats",
@ -254,7 +254,7 @@ describe("/tables", () => {
      }))

      await config.api.viewV2.create({ tableId })
-      await config.createView({ tableId, name: generator.guid() })
+      await config.createLegacyView({ tableId, name: generator.guid() })

      const res = await config.api.table.fetch()

--- a/packages/server/src/api/routes/tests/view.spec.js
+++ b/packages/server/src/api/routes/tests/view.spec.js
@ -249,7 +249,7 @@ describe("/views", () => {
    })

    it("returns only custom views", async () => {
-      await config.createView({
+      await config.createLegacyView({
        name: "TestView",
        field: "Price",
        calculation: "stats",
@ -267,7 +267,7 @@ describe("/views", () => {

  describe("query", () => {
    it("returns data for the created view", async () => {
-      await config.createView({
+      await config.createLegacyView({
        name: "TestView",
        field: "Price",
        calculation: "stats",
@ -295,7 +295,7 @@ describe("/views", () => {
    })

    it("returns data for the created view using a group by", async () => {
-      await config.createView({
+      await config.createLegacyView({
        calculation: "stats",
        name: "TestView",
        field: "Price",
@ -331,7 +331,7 @@ describe("/views", () => {
  describe("destroy", () => {
    it("should be able to delete a view", async () => {
      const table = await config.createTable(priceTable())
-      const view = await config.createView()
+      const view = await config.createLegacyView()
      const res = await request
        .delete(`/api/views/${view.name}`)
        .set(config.defaultHeaders())
@ -395,7 +395,7 @@ describe("/views", () => {

    it("should be able to export a view as JSON", async () => {
      let table = await setupExport()
-      const view = await config.createView()
+      const view = await config.createLegacyView()
      table = await config.getTable(table._id)

      let res = await exportView(view.name, "json")
@ -407,7 +407,7 @@ describe("/views", () => {

    it("should be able to export a view as CSV", async () => {
      let table = await setupExport()
-      const view = await config.createView()
+      const view = await config.createLegacyView()
      table = await config.getTable(table._id)

      let res = await exportView(view.name, "csv")
--- a/packages/server/src/api/routes/tests/viewV2.spec.ts
+++ b/packages/server/src/api/routes/tests/viewV2.spec.ts
@ -296,7 +296,7 @@ describe.each([
    })

    it("cannot update views v1", async () => {
-      const viewV1 = await config.createView()
+      const viewV1 = await config.createLegacyView()
      await config.api.viewV2.update(
        {
          ...viewV1,
--- a/packages/server/src/migrations/tests/index.spec.ts
+++ b/packages/server/src/migrations/tests/index.spec.ts
@ -50,9 +50,9 @@ describe("migrations", () => {
        await config.createRole()
        await config.createRole()
        await config.createTable()
-        await config.createView()
+        await config.createLegacyView()
        await config.createTable()
-        await config.createView(structures.view(config.table!._id!))
+        await config.createLegacyView(structures.view(config.table!._id!))
        await config.createScreen()
        await config.createScreen()

--- a/packages/server/src/tests/utilities/TestConfiguration.ts
+++ b/packages/server/src/tests/utilities/TestConfiguration.ts
@ -622,7 +622,7 @@ class TestConfiguration {

  // VIEW

-  async createView(config?: any) {
+  async createLegacyView(config?: any) {
    if (!this.table) {
      throw "Test requires table to be configured."
    }
--- a/packages/server/src/utilities/security.ts
+++ b/packages/server/src/utilities/security.ts
@ -23,6 +23,9 @@ export function getPermissionType(resourceId: string) {
    case DocumentType.QUERY:
    case DocumentType.DATASOURCE:
      return permissions.PermissionType.QUERY
+    default:
+      // legacy views don't have an ID, will end up here
+      return permissions.PermissionType.LEGACY_VIEW
  }
 }

--- a/packages/types/src/sdk/permissions.ts
+++ b/packages/types/src/sdk/permissions.ts
@ -16,6 +16,7 @@ export enum PermissionType {
  GLOBAL_BUILDER = "globalBuilder",
  QUERY = "query",
  VIEW = "view",
+  LEGACY_VIEW = "legacy_view",
 }

 export enum PermissionSource {