From 2011e1693e35b4102bdbb131dfd23d2f9abd3632 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Tue, 8 Aug 2023 12:06:25 +0100 Subject: [PATCH] PR comments. --- .../server/src/api/controllers/row/utils.ts | 9 ++- packages/server/src/api/routes/row.ts | 72 +++++++++---------- packages/server/src/db/utils.ts | 9 ++- packages/server/src/utilities/security.ts | 6 +- packages/types/src/documents/document.ts | 6 ++ 5 files changed, 57 insertions(+), 45 deletions(-) diff --git a/packages/server/src/api/controllers/row/utils.ts b/packages/server/src/api/controllers/row/utils.ts index 6ff90f2b25..6cc342b8a0 100644 --- a/packages/server/src/api/controllers/row/utils.ts +++ b/packages/server/src/api/controllers/row/utils.ts @@ -45,13 +45,16 @@ export async function findRow(ctx: UserCtx, tableId: string, rowId: string) { } export function getTableId(ctx: Ctx) { - if (ctx.request.body && ctx.request.body.tableId) { + if (ctx.request.body?.tableId) { return ctx.request.body.tableId } - if (ctx.params && ctx.params.tableId) { + if (ctx.params?.sourceId) { + return ctx.params.sourceId + } + if (ctx.params?.tableId) { return ctx.params.tableId } - if (ctx.params && ctx.params.viewName) { + if (ctx.params?.viewName) { return ctx.params.viewName } } diff --git a/packages/server/src/api/routes/row.ts b/packages/server/src/api/routes/row.ts index 1fd45e0e92..a4ac8aa3ee 100644 --- a/packages/server/src/api/routes/row.ts +++ b/packages/server/src/api/routes/row.ts @@ -11,7 +11,7 @@ const router: Router = new Router() router /** - * @api {get} /api/:tableId/:rowId/enrich Get an enriched row + * @api {get} /api/:sourceId/:rowId/enrich Get an enriched row * @apiName Get an enriched row * @apiGroup rows * @apiPermission table read access @@ -25,13 +25,13 @@ router * @apiSuccess {object} row The response body will be the enriched row. */ .get( - "/api/:tableId/:rowId/enrich", - paramSubResource("tableId", "rowId"), + "/api/:sourceId/:rowId/enrich", + paramSubResource("sourceId", "rowId"), authorized(PermissionType.TABLE, PermissionLevel.READ), rowController.fetchEnrichedRow ) /** - * @api {get} /api/:tableId/rows Get all rows in a table + * @api {get} /api/:sourceId/rows Get all rows in a table * @apiName Get all rows in a table * @apiGroup rows * @apiPermission table read access @@ -40,37 +40,37 @@ router * due to its lack of support for pagination. With SQL tables this will retrieve up to a limit and then * will simply stop. * - * @apiParam {string} tableId The ID of the table to retrieve all rows within. + * @apiParam {string} sourceId The ID of the table to retrieve all rows within. * * @apiSuccess {object[]} rows The response body will be an array of all rows found. */ .get( - "/api/:tableId/rows", - paramResource("tableId"), + "/api/:sourceId/rows", + paramResource("sourceId"), authorized(PermissionType.TABLE, PermissionLevel.READ), rowController.fetch ) /** - * @api {get} /api/:tableId/rows/:rowId Retrieve a single row + * @api {get} /api/:sourceId/rows/:rowId Retrieve a single row * @apiName Retrieve a single row * @apiGroup rows * @apiPermission table read access * @apiDescription This endpoint retrieves only the specified row. If you wish to retrieve * a row by anything other than its _id field, use the search endpoint. * - * @apiParam {string} tableId The ID of the table to retrieve a row from. + * @apiParam {string} sourceId The ID of the table to retrieve a row from. * @apiParam {string} rowId The ID of the row to retrieve. * * @apiSuccess {object} body The response body will be the row that was found. */ .get( - "/api/:tableId/rows/:rowId", - paramSubResource("tableId", "rowId"), + "/api/:sourceId/rows/:rowId", + paramSubResource("sourceId", "rowId"), authorized(PermissionType.TABLE, PermissionLevel.READ), rowController.find ) /** - * @api {post} /api/:tableId/search Search for rows in a table + * @api {post} /api/:sourceId/search Search for rows in a table * @apiName Search for rows in a table * @apiGroup rows * @apiPermission table read access @@ -78,7 +78,7 @@ router * and data UI in the builder are built atop this. All filtering, sorting and pagination is * handled through this, for internal and external (datasource plus, e.g. SQL) tables. * - * @apiParam {string} tableId The ID of the table to retrieve rows from. + * @apiParam {string} sourceId The ID of the table to retrieve rows from. * * @apiParam (Body) {boolean} [paginate] If pagination is required then this should be set to true, * defaults to false. @@ -133,22 +133,22 @@ router * page. */ .post( - "/api/:tableId/search", + "/api/:sourceId/search", internalSearchValidator(), - paramResource("tableId"), + paramResource("sourceId"), authorized(PermissionType.TABLE, PermissionLevel.READ), rowController.search ) // DEPRECATED - this is an old API, but for backwards compat it needs to be // supported still .post( - "/api/search/:tableId/rows", - paramResource("tableId"), + "/api/search/:sourceId/rows", + paramResource("sourceId"), authorized(PermissionType.TABLE, PermissionLevel.READ), rowController.search ) /** - * @api {post} /api/:tableId/rows Creates a new row + * @api {post} /api/:sourceId/rows Creates a new row * @apiName Creates a new row * @apiGroup rows * @apiPermission table write access @@ -157,7 +157,7 @@ router * links to one. Please note that "_id", "_rev" and "tableId" are fields that are * already used by Budibase tables and cannot be used for columns. * - * @apiParam {string} tableId The ID of the table to save a row to. + * @apiParam {string} sourceId The ID of the table to save a row to. * * @apiParam (Body) {string} [_id] If the row exists already then an ID for the row must be provided. * @apiParam (Body) {string} [_rev] If working with an existing row for an internal table its revision @@ -172,14 +172,14 @@ router * @apiSuccess {object} body The contents of the row that was saved will be returned as well. */ .post( - "/api/:tableId/rows", - paramResource("tableId"), + "/api/:sourceId/rows", + paramResource("sourceId"), authorized(PermissionType.TABLE, PermissionLevel.WRITE), trimViewRowInfo, rowController.save ) /** - * @api {patch} /api/:tableId/rows Updates a row + * @api {patch} /api/:sourceId/rows Updates a row * @apiName Update a row * @apiGroup rows * @apiPermission table write access @@ -187,14 +187,14 @@ router * error if an _id isn't provided, it will only function for existing rows. */ .patch( - "/api/:tableId/rows", - paramResource("tableId"), + "/api/:sourceId/rows", + paramResource("sourceId"), authorized(PermissionType.TABLE, PermissionLevel.WRITE), trimViewRowInfo, rowController.patch ) /** - * @api {post} /api/:tableId/rows/validate Validate inputs for a row + * @api {post} /api/:sourceId/rows/validate Validate inputs for a row * @apiName Validate inputs for a row * @apiGroup rows * @apiPermission table write access @@ -202,7 +202,7 @@ router * given the table schema, this will iterate through all the constraints on the table and * check if the request body is valid. * - * @apiParam {string} tableId The ID of the table the row is to be validated for. + * @apiParam {string} sourceId The ID of the table the row is to be validated for. * * @apiParam (Body) {any} [any] Any fields provided in the request body will be tested * against the table schema and constraints. @@ -214,20 +214,20 @@ router * the schema. */ .post( - "/api/:tableId/rows/validate", - paramResource("tableId"), + "/api/:sourceId/rows/validate", + paramResource("sourceId"), authorized(PermissionType.TABLE, PermissionLevel.WRITE), rowController.validate ) /** - * @api {delete} /api/:tableId/rows Delete rows + * @api {delete} /api/:sourceId/rows Delete rows * @apiName Delete rows * @apiGroup rows * @apiPermission table write access * @apiDescription This endpoint can delete a single row, or delete them in a bulk * fashion. * - * @apiParam {string} tableId The ID of the table the row is to be deleted from. + * @apiParam {string} sourceId The ID of the table the row is to be deleted from. * * @apiParam (Body) {object[]} [rows] If bulk deletion is desired then provide the rows in this * key of the request body that are to be deleted. @@ -240,29 +240,29 @@ router * is the deleted row. */ .delete( - "/api/:tableId/rows", - paramResource("tableId"), + "/api/:sourceId/rows", + paramResource("sourceId"), authorized(PermissionType.TABLE, PermissionLevel.WRITE), trimViewRowInfo, rowController.destroy ) /** - * @api {post} /api/:tableId/rows/exportRows Export Rows + * @api {post} /api/:sourceId/rows/exportRows Export Rows * @apiName Export rows * @apiGroup rows * @apiPermission table write access * @apiDescription This API can export a number of provided rows * - * @apiParam {string} tableId The ID of the table the row is to be deleted from. + * @apiParam {string} sourceId The ID of the table the row is to be deleted from. * * @apiParam (Body) {object[]} [rows] The row IDs which are to be exported * * @apiSuccess {object[]|object} */ .post( - "/api/:tableId/rows/exportRows", - paramResource("tableId"), + "/api/:sourceId/rows/exportRows", + paramResource("sourceId"), authorized(PermissionType.TABLE, PermissionLevel.WRITE), rowController.exportRows ) diff --git a/packages/server/src/db/utils.ts b/packages/server/src/db/utils.ts index e8dc3b3f6c..abea725707 100644 --- a/packages/server/src/db/utils.ts +++ b/packages/server/src/db/utils.ts @@ -1,5 +1,7 @@ import newid from "./newid" import { db as dbCore } from "@budibase/backend-core" +import { DocumentType, VirtualDocumentType } from "@budibase/types" +export { DocumentType, VirtualDocumentType } from "@budibase/types" type Optional = string | null @@ -19,7 +21,6 @@ export const BudibaseInternalDB = { export const SEPARATOR = dbCore.SEPARATOR export const StaticDatabases = dbCore.StaticDatabases -export const DocumentType = dbCore.DocumentType export const APP_PREFIX = dbCore.APP_PREFIX export const APP_DEV_PREFIX = dbCore.APP_DEV_PREFIX export const isDevAppID = dbCore.isDevAppID @@ -284,11 +285,13 @@ export function getMultiIDParams(ids: string[]) { * @returns {string} The new view ID which the view doc can be stored under. */ export function generateViewID(tableId: string) { - return `${DocumentType.VIEW}${SEPARATOR}${tableId}${SEPARATOR}${newid()}` + return `${ + VirtualDocumentType.VIEW + }${SEPARATOR}${tableId}${SEPARATOR}${newid()}` } export function isViewID(viewId: string) { - return viewId?.split(SEPARATOR)[0] === DocumentType.VIEW + return viewId?.split(SEPARATOR)[0] === VirtualDocumentType.VIEW } export function extractViewInfoFromID(viewId: string) { diff --git a/packages/server/src/utilities/security.ts b/packages/server/src/utilities/security.ts index 54e19007f1..0da7621773 100644 --- a/packages/server/src/utilities/security.ts +++ b/packages/server/src/utilities/security.ts @@ -1,5 +1,5 @@ import { permissions, roles } from "@budibase/backend-core" -import { DocumentType } from "../db/utils" +import { DocumentType, VirtualDocumentType } from "../db/utils" export const CURRENTLY_SUPPORTED_LEVELS: string[] = [ permissions.PermissionLevel.WRITE, @@ -11,10 +11,10 @@ export function getPermissionType(resourceId: string) { const docType = Object.values(DocumentType).filter(docType => resourceId.startsWith(docType) )[0] - switch (docType) { + switch (docType as DocumentType | VirtualDocumentType) { case DocumentType.TABLE: case DocumentType.ROW: - case DocumentType.VIEW: + case VirtualDocumentType.VIEW: return permissions.PermissionType.TABLE case DocumentType.AUTOMATION: return permissions.PermissionType.AUTOMATION diff --git a/packages/types/src/documents/document.ts b/packages/types/src/documents/document.ts index 164aa79ac9..75f55e1367 100644 --- a/packages/types/src/documents/document.ts +++ b/packages/types/src/documents/document.ts @@ -37,6 +37,12 @@ export enum DocumentType { USER_FLAG = "flag", AUTOMATION_METADATA = "meta_au", AUDIT_LOG = "al", + VIEW = "awd", +} + +// these documents don't really exist, they are part of other +// documents or enriched into existence as part of get requests +export enum VirtualDocumentType { VIEW = "view", }