PR comments.

2023-08-08 12:06:25 +01:00 · 2023-08-08 12:06:25 +01:00 · 2011e1693e
parent a44a92dcc2
commit 2011e1693e
5 changed files with 57 additions and 45 deletions
--- a/packages/server/src/api/controllers/row/utils.ts
+++ b/packages/server/src/api/controllers/row/utils.ts
@ -45,13 +45,16 @@ export async function findRow(ctx: UserCtx, tableId: string, rowId: string) {
 }

 export function getTableId(ctx: Ctx) {
-  if (ctx.request.body && ctx.request.body.tableId) {
+  if (ctx.request.body?.tableId) {
    return ctx.request.body.tableId
  }
-  if (ctx.params && ctx.params.tableId) {
+  if (ctx.params?.sourceId) {
+    return ctx.params.sourceId
+  }
+  if (ctx.params?.tableId) {
    return ctx.params.tableId
  }
-  if (ctx.params && ctx.params.viewName) {
+  if (ctx.params?.viewName) {
    return ctx.params.viewName
  }
 }
--- a/packages/server/src/api/routes/row.ts
+++ b/packages/server/src/api/routes/row.ts
@ -11,7 +11,7 @@ const router: Router = new Router()

 router
  /**
-   * @api {get} /api/:tableId/:rowId/enrich Get an enriched row
+   * @api {get} /api/:sourceId/:rowId/enrich Get an enriched row
   * @apiName Get an enriched row
   * @apiGroup rows
   * @apiPermission table read access
@ -25,13 +25,13 @@ router
   * @apiSuccess {object} row The response body will be the enriched row.
   */
  .get(
-    "/api/:tableId/:rowId/enrich",
-    paramSubResource("tableId", "rowId"),
+    "/api/:sourceId/:rowId/enrich",
+    paramSubResource("sourceId", "rowId"),
    authorized(PermissionType.TABLE, PermissionLevel.READ),
    rowController.fetchEnrichedRow
  )
  /**
-   * @api {get} /api/:tableId/rows Get all rows in a table
+   * @api {get} /api/:sourceId/rows Get all rows in a table
   * @apiName Get all rows in a table
   * @apiGroup rows
   * @apiPermission table read access
@ -40,37 +40,37 @@ router
   * due to its lack of support for pagination. With SQL tables this will retrieve up to a limit and then
   * will simply stop.
   *
-   * @apiParam {string} tableId The ID of the table to retrieve all rows within.
+   * @apiParam {string} sourceId The ID of the table to retrieve all rows within.
   *
   * @apiSuccess {object[]} rows The response body will be an array of all rows found.
   */
  .get(
-    "/api/:tableId/rows",
-    paramResource("tableId"),
+    "/api/:sourceId/rows",
+    paramResource("sourceId"),
    authorized(PermissionType.TABLE, PermissionLevel.READ),
    rowController.fetch
  )
  /**
-   * @api {get} /api/:tableId/rows/:rowId Retrieve a single row
+   * @api {get} /api/:sourceId/rows/:rowId Retrieve a single row
   * @apiName Retrieve a single row
   * @apiGroup rows
   * @apiPermission table read access
   * @apiDescription This endpoint retrieves only the specified row. If you wish to retrieve
   * a row by anything other than its _id field, use the search endpoint.
   *
-   * @apiParam {string} tableId The ID of the table to retrieve a row from.
+   * @apiParam {string} sourceId The ID of the table to retrieve a row from.
   * @apiParam {string} rowId The ID of the row to retrieve.
   *
   * @apiSuccess {object} body The response body will be the row that was found.
   */
  .get(
-    "/api/:tableId/rows/:rowId",
-    paramSubResource("tableId", "rowId"),
+    "/api/:sourceId/rows/:rowId",
+    paramSubResource("sourceId", "rowId"),
    authorized(PermissionType.TABLE, PermissionLevel.READ),
    rowController.find
  )
  /**
-   * @api {post} /api/:tableId/search Search for rows in a table
+   * @api {post} /api/:sourceId/search Search for rows in a table
   * @apiName Search for rows in a table
   * @apiGroup rows
   * @apiPermission table read access
@ -78,7 +78,7 @@ router
   * and data UI in the builder are built atop this. All filtering, sorting and pagination is
   * handled through this, for internal and external (datasource plus, e.g. SQL) tables.
   *
-   * @apiParam {string} tableId The ID of the table to retrieve rows from.
+   * @apiParam {string} sourceId The ID of the table to retrieve rows from.
   *
   * @apiParam (Body) {boolean} [paginate] If pagination is required then this should be set to true,
   * defaults to false.
@ -133,22 +133,22 @@ router
   * page.
   */
  .post(
-    "/api/:tableId/search",
+    "/api/:sourceId/search",
    internalSearchValidator(),
-    paramResource("tableId"),
+    paramResource("sourceId"),
    authorized(PermissionType.TABLE, PermissionLevel.READ),
    rowController.search
  )
  // DEPRECATED - this is an old API, but for backwards compat it needs to be
  // supported still
  .post(
-    "/api/search/:tableId/rows",
-    paramResource("tableId"),
+    "/api/search/:sourceId/rows",
+    paramResource("sourceId"),
    authorized(PermissionType.TABLE, PermissionLevel.READ),
    rowController.search
  )
  /**
-   * @api {post} /api/:tableId/rows Creates a new row
+   * @api {post} /api/:sourceId/rows Creates a new row
   * @apiName Creates a new row
   * @apiGroup rows
   * @apiPermission table write access
@ -157,7 +157,7 @@ router
   * links to one. Please note that "_id", "_rev" and "tableId" are fields that are
   * already used by Budibase tables and cannot be used for columns.
   *
-   * @apiParam {string} tableId The ID of the table to save a row to.
+   * @apiParam {string} sourceId The ID of the table to save a row to.
   *
   * @apiParam (Body) {string} [_id] If the row exists already then an ID for the row must be provided.
   * @apiParam (Body) {string} [_rev] If working with an existing row for an internal table its revision
@ -172,14 +172,14 @@ router
   * @apiSuccess {object} body The contents of the row that was saved will be returned as well.
   */
  .post(
-    "/api/:tableId/rows",
-    paramResource("tableId"),
+    "/api/:sourceId/rows",
+    paramResource("sourceId"),
    authorized(PermissionType.TABLE, PermissionLevel.WRITE),
    trimViewRowInfo,
    rowController.save
  )
  /**
-   * @api {patch} /api/:tableId/rows Updates a row
+   * @api {patch} /api/:sourceId/rows Updates a row
   * @apiName Update a row
   * @apiGroup rows
   * @apiPermission table write access
@ -187,14 +187,14 @@ router
   * error if an _id isn't provided, it will only function for existing rows.
   */
  .patch(
-    "/api/:tableId/rows",
-    paramResource("tableId"),
+    "/api/:sourceId/rows",
+    paramResource("sourceId"),
    authorized(PermissionType.TABLE, PermissionLevel.WRITE),
    trimViewRowInfo,
    rowController.patch
  )
  /**
-   * @api {post} /api/:tableId/rows/validate Validate inputs for a row
+   * @api {post} /api/:sourceId/rows/validate Validate inputs for a row
   * @apiName Validate inputs for a row
   * @apiGroup rows
   * @apiPermission table write access
@ -202,7 +202,7 @@ router
   * given the table schema, this will iterate through all the constraints on the table and
   * check if the request body is valid.
   *
-   * @apiParam {string} tableId The ID of the table the row is to be validated for.
+   * @apiParam {string} sourceId The ID of the table the row is to be validated for.
   *
   * @apiParam (Body) {any} [any] Any fields provided in the request body will be tested
   * against the table schema and constraints.
@ -214,20 +214,20 @@ router
   * the schema.
   */
  .post(
-    "/api/:tableId/rows/validate",
-    paramResource("tableId"),
+    "/api/:sourceId/rows/validate",
+    paramResource("sourceId"),
    authorized(PermissionType.TABLE, PermissionLevel.WRITE),
    rowController.validate
  )
  /**
-   * @api {delete} /api/:tableId/rows Delete rows
+   * @api {delete} /api/:sourceId/rows Delete rows
   * @apiName Delete rows
   * @apiGroup rows
   * @apiPermission table write access
   * @apiDescription This endpoint can delete a single row, or delete them in a bulk
   * fashion.
   *
-   * @apiParam {string} tableId The ID of the table the row is to be deleted from.
+   * @apiParam {string} sourceId The ID of the table the row is to be deleted from.
   *
   * @apiParam (Body) {object[]} [rows] If bulk deletion is desired then provide the rows in this
   * key of the request body that are to be deleted.
@ -240,29 +240,29 @@ router
   * is the deleted row.
   */
  .delete(
-    "/api/:tableId/rows",
-    paramResource("tableId"),
+    "/api/:sourceId/rows",
+    paramResource("sourceId"),
    authorized(PermissionType.TABLE, PermissionLevel.WRITE),
    trimViewRowInfo,
    rowController.destroy
  )

  /**
-   * @api {post} /api/:tableId/rows/exportRows Export Rows
+   * @api {post} /api/:sourceId/rows/exportRows Export Rows
   * @apiName Export rows
   * @apiGroup rows
   * @apiPermission table write access
   * @apiDescription This API can export a number of provided rows
   *
-   * @apiParam {string} tableId The ID of the table the row is to be deleted from.
+   * @apiParam {string} sourceId The ID of the table the row is to be deleted from.
   *
   * @apiParam (Body) {object[]} [rows] The row IDs which are to be exported
   *
   * @apiSuccess {object[]|object}
   */
  .post(
-    "/api/:tableId/rows/exportRows",
-    paramResource("tableId"),
+    "/api/:sourceId/rows/exportRows",
+    paramResource("sourceId"),
    authorized(PermissionType.TABLE, PermissionLevel.WRITE),
    rowController.exportRows
  )
--- a/packages/server/src/db/utils.ts
+++ b/packages/server/src/db/utils.ts
@ -1,5 +1,7 @@
 import newid from "./newid"
 import { db as dbCore } from "@budibase/backend-core"
+import { DocumentType, VirtualDocumentType } from "@budibase/types"
+export { DocumentType, VirtualDocumentType } from "@budibase/types"

 type Optional = string | null

@ -19,7 +21,6 @@ export const BudibaseInternalDB = {

 export const SEPARATOR = dbCore.SEPARATOR
 export const StaticDatabases = dbCore.StaticDatabases
-export const DocumentType = dbCore.DocumentType
 export const APP_PREFIX = dbCore.APP_PREFIX
 export const APP_DEV_PREFIX = dbCore.APP_DEV_PREFIX
 export const isDevAppID = dbCore.isDevAppID
@ -284,11 +285,13 @@ export function getMultiIDParams(ids: string[]) {
 * @returns {string} The new view ID which the view doc can be stored under.
 */
 export function generateViewID(tableId: string) {
-  return `${DocumentType.VIEW}${SEPARATOR}${tableId}${SEPARATOR}${newid()}`
+  return `${
+    VirtualDocumentType.VIEW
+  }${SEPARATOR}${tableId}${SEPARATOR}${newid()}`
 }

 export function isViewID(viewId: string) {
-  return viewId?.split(SEPARATOR)[0] === DocumentType.VIEW
+  return viewId?.split(SEPARATOR)[0] === VirtualDocumentType.VIEW
 }

 export function extractViewInfoFromID(viewId: string) {
--- a/packages/server/src/utilities/security.ts
+++ b/packages/server/src/utilities/security.ts
@ -1,5 +1,5 @@
 import { permissions, roles } from "@budibase/backend-core"
-import { DocumentType } from "../db/utils"
+import { DocumentType, VirtualDocumentType } from "../db/utils"

 export const CURRENTLY_SUPPORTED_LEVELS: string[] = [
  permissions.PermissionLevel.WRITE,
@ -11,10 +11,10 @@ export function getPermissionType(resourceId: string) {
  const docType = Object.values(DocumentType).filter(docType =>
    resourceId.startsWith(docType)
  )[0]
-  switch (docType) {
+  switch (docType as DocumentType | VirtualDocumentType) {
    case DocumentType.TABLE:
    case DocumentType.ROW:
-    case DocumentType.VIEW:
+    case VirtualDocumentType.VIEW:
      return permissions.PermissionType.TABLE
    case DocumentType.AUTOMATION:
      return permissions.PermissionType.AUTOMATION
--- a/packages/types/src/documents/document.ts
+++ b/packages/types/src/documents/document.ts
@ -37,6 +37,12 @@ export enum DocumentType {
  USER_FLAG = "flag",
  AUTOMATION_METADATA = "meta_au",
  AUDIT_LOG = "al",
+  VIEW = "awd",
+}
+
+// these documents don't really exist, they are part of other
+// documents or enriched into existence as part of get requests
+export enum VirtualDocumentType {
  VIEW = "view",
 }