Updating some enums, plural to single.
This commit is contained in:
parent
0557219140
commit
31c198888a
|
@ -5,7 +5,7 @@ export type RoleHierarchy = {
|
|||
permissionId: string
|
||||
}[]
|
||||
|
||||
export enum PermissionLevels {
|
||||
export enum PermissionLevel {
|
||||
READ = "read",
|
||||
WRITE = "write",
|
||||
EXECUTE = "execute",
|
||||
|
@ -13,7 +13,7 @@ export enum PermissionLevels {
|
|||
}
|
||||
|
||||
// these are the global types, that govern the underlying default behaviour
|
||||
export enum PermissionTypes {
|
||||
export enum PermissionType {
|
||||
APP = "app",
|
||||
TABLE = "table",
|
||||
USER = "user",
|
||||
|
@ -25,25 +25,25 @@ export enum PermissionTypes {
|
|||
}
|
||||
|
||||
class Permission {
|
||||
type: PermissionTypes
|
||||
level: PermissionLevels
|
||||
type: PermissionType
|
||||
level: PermissionLevel
|
||||
|
||||
constructor(type: PermissionTypes, level: PermissionLevels) {
|
||||
constructor(type: PermissionType, level: PermissionLevel) {
|
||||
this.type = type
|
||||
this.level = level
|
||||
}
|
||||
}
|
||||
|
||||
function levelToNumber(perm: PermissionLevels) {
|
||||
function levelToNumber(perm: PermissionLevel) {
|
||||
switch (perm) {
|
||||
// not everything has execute privileges
|
||||
case PermissionLevels.EXECUTE:
|
||||
case PermissionLevel.EXECUTE:
|
||||
return 0
|
||||
case PermissionLevels.READ:
|
||||
case PermissionLevel.READ:
|
||||
return 1
|
||||
case PermissionLevels.WRITE:
|
||||
case PermissionLevel.WRITE:
|
||||
return 2
|
||||
case PermissionLevels.ADMIN:
|
||||
case PermissionLevel.ADMIN:
|
||||
return 3
|
||||
default:
|
||||
return -1
|
||||
|
@ -55,25 +55,25 @@ function levelToNumber(perm: PermissionLevels) {
|
|||
* @param {string} userPermLevel The permission level of the user.
|
||||
* @return {string[]} All the permission levels this user is allowed to carry out.
|
||||
*/
|
||||
function getAllowedLevels(userPermLevel: PermissionLevels) {
|
||||
function getAllowedLevels(userPermLevel: PermissionLevel) {
|
||||
switch (userPermLevel) {
|
||||
case PermissionLevels.EXECUTE:
|
||||
return [PermissionLevels.EXECUTE]
|
||||
case PermissionLevels.READ:
|
||||
return [PermissionLevels.EXECUTE, PermissionLevels.READ]
|
||||
case PermissionLevels.WRITE:
|
||||
case PermissionLevels.ADMIN:
|
||||
case PermissionLevel.EXECUTE:
|
||||
return [PermissionLevel.EXECUTE]
|
||||
case PermissionLevel.READ:
|
||||
return [PermissionLevel.EXECUTE, PermissionLevel.READ]
|
||||
case PermissionLevel.WRITE:
|
||||
case PermissionLevel.ADMIN:
|
||||
return [
|
||||
PermissionLevels.READ,
|
||||
PermissionLevels.WRITE,
|
||||
PermissionLevels.EXECUTE,
|
||||
PermissionLevel.READ,
|
||||
PermissionLevel.WRITE,
|
||||
PermissionLevel.EXECUTE,
|
||||
]
|
||||
default:
|
||||
return []
|
||||
}
|
||||
}
|
||||
|
||||
export enum BUILTIN_PERMISSION_IDS {
|
||||
export enum BuiltinPermissionID {
|
||||
PUBLIC = "public",
|
||||
READ_ONLY = "read_only",
|
||||
WRITE = "write",
|
||||
|
@ -83,52 +83,52 @@ export enum BUILTIN_PERMISSION_IDS {
|
|||
|
||||
const BUILTIN_PERMISSIONS = {
|
||||
PUBLIC: {
|
||||
_id: BUILTIN_PERMISSION_IDS.PUBLIC,
|
||||
_id: BuiltinPermissionID.PUBLIC,
|
||||
name: "Public",
|
||||
permissions: [
|
||||
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.EXECUTE),
|
||||
new Permission(PermissionType.WEBHOOK, PermissionLevel.EXECUTE),
|
||||
],
|
||||
},
|
||||
READ_ONLY: {
|
||||
_id: BUILTIN_PERMISSION_IDS.READ_ONLY,
|
||||
_id: BuiltinPermissionID.READ_ONLY,
|
||||
name: "Read only",
|
||||
permissions: [
|
||||
new Permission(PermissionTypes.QUERY, PermissionLevels.READ),
|
||||
new Permission(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
|
||||
new Permission(PermissionType.QUERY, PermissionLevel.READ),
|
||||
new Permission(PermissionType.TABLE, PermissionLevel.READ),
|
||||
new Permission(PermissionType.VIEW, PermissionLevel.READ),
|
||||
],
|
||||
},
|
||||
WRITE: {
|
||||
_id: BUILTIN_PERMISSION_IDS.WRITE,
|
||||
_id: BuiltinPermissionID.WRITE,
|
||||
name: "Read/Write",
|
||||
permissions: [
|
||||
new Permission(PermissionTypes.QUERY, PermissionLevels.WRITE),
|
||||
new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE),
|
||||
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
|
||||
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
|
||||
new Permission(PermissionType.QUERY, PermissionLevel.WRITE),
|
||||
new Permission(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
new Permission(PermissionType.VIEW, PermissionLevel.READ),
|
||||
new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
|
||||
],
|
||||
},
|
||||
POWER: {
|
||||
_id: BUILTIN_PERMISSION_IDS.POWER,
|
||||
_id: BuiltinPermissionID.POWER,
|
||||
name: "Power",
|
||||
permissions: [
|
||||
new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE),
|
||||
new Permission(PermissionTypes.USER, PermissionLevels.READ),
|
||||
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
|
||||
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
|
||||
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
|
||||
new Permission(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
new Permission(PermissionType.USER, PermissionLevel.READ),
|
||||
new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
|
||||
new Permission(PermissionType.VIEW, PermissionLevel.READ),
|
||||
new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
|
||||
],
|
||||
},
|
||||
ADMIN: {
|
||||
_id: BUILTIN_PERMISSION_IDS.ADMIN,
|
||||
_id: BuiltinPermissionID.ADMIN,
|
||||
name: "Admin",
|
||||
permissions: [
|
||||
new Permission(PermissionTypes.TABLE, PermissionLevels.ADMIN),
|
||||
new Permission(PermissionTypes.USER, PermissionLevels.ADMIN),
|
||||
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.ADMIN),
|
||||
new Permission(PermissionTypes.VIEW, PermissionLevels.ADMIN),
|
||||
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
|
||||
new Permission(PermissionTypes.QUERY, PermissionLevels.ADMIN),
|
||||
new Permission(PermissionType.TABLE, PermissionLevel.ADMIN),
|
||||
new Permission(PermissionType.USER, PermissionLevel.ADMIN),
|
||||
new Permission(PermissionType.AUTOMATION, PermissionLevel.ADMIN),
|
||||
new Permission(PermissionType.VIEW, PermissionLevel.ADMIN),
|
||||
new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
|
||||
new Permission(PermissionType.QUERY, PermissionLevel.ADMIN),
|
||||
],
|
||||
},
|
||||
}
|
||||
|
@ -143,8 +143,8 @@ export function getBuiltinPermissionByID(id: string) {
|
|||
}
|
||||
|
||||
export function doesHaveBasePermission(
|
||||
permType: PermissionTypes,
|
||||
permLevel: PermissionLevels,
|
||||
permType: PermissionType,
|
||||
permLevel: PermissionLevel,
|
||||
rolesHierarchy: RoleHierarchy
|
||||
) {
|
||||
const basePermissions = [
|
||||
|
@ -167,9 +167,9 @@ export function doesHaveBasePermission(
|
|||
return false
|
||||
}
|
||||
|
||||
export function isPermissionLevelHigherThanRead(level: PermissionLevels) {
|
||||
export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
|
||||
return levelToNumber(level) > 1
|
||||
}
|
||||
|
||||
// utility as a lot of things need simply the builder permission
|
||||
export const BUILDER = PermissionTypes.BUILDER
|
||||
export const BUILDER = PermissionType.BUILDER
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import { BUILTIN_PERMISSION_IDS, PermissionLevels } from "./permissions"
|
||||
import { BuiltinPermissionID, PermissionLevel } from "./permissions"
|
||||
import {
|
||||
generateRoleID,
|
||||
getRoleParams,
|
||||
|
@ -54,19 +54,19 @@ export class Role {
|
|||
|
||||
const BUILTIN_ROLES = {
|
||||
ADMIN: new Role(BUILTIN_IDS.ADMIN, "Admin")
|
||||
.addPermission(BUILTIN_PERMISSION_IDS.ADMIN)
|
||||
.addPermission(BuiltinPermissionID.ADMIN)
|
||||
.addInheritance(BUILTIN_IDS.POWER),
|
||||
POWER: new Role(BUILTIN_IDS.POWER, "Power")
|
||||
.addPermission(BUILTIN_PERMISSION_IDS.POWER)
|
||||
.addPermission(BuiltinPermissionID.POWER)
|
||||
.addInheritance(BUILTIN_IDS.BASIC),
|
||||
BASIC: new Role(BUILTIN_IDS.BASIC, "Basic")
|
||||
.addPermission(BUILTIN_PERMISSION_IDS.WRITE)
|
||||
.addPermission(BuiltinPermissionID.WRITE)
|
||||
.addInheritance(BUILTIN_IDS.PUBLIC),
|
||||
PUBLIC: new Role(BUILTIN_IDS.PUBLIC, "Public").addPermission(
|
||||
BUILTIN_PERMISSION_IDS.PUBLIC
|
||||
BuiltinPermissionID.PUBLIC
|
||||
),
|
||||
BUILDER: new Role(BUILTIN_IDS.BUILDER, "Builder").addPermission(
|
||||
BUILTIN_PERMISSION_IDS.ADMIN
|
||||
BuiltinPermissionID.ADMIN
|
||||
),
|
||||
}
|
||||
|
||||
|
@ -227,8 +227,8 @@ export function checkForRoleResourceArray(
|
|||
if (rolePerms && !Array.isArray(rolePerms[resourceId])) {
|
||||
const permLevel = rolePerms[resourceId] as any
|
||||
rolePerms[resourceId] = [permLevel]
|
||||
if (permLevel === PermissionLevels.WRITE) {
|
||||
rolePerms[resourceId].push(PermissionLevels.READ)
|
||||
if (permLevel === PermissionLevel.WRITE) {
|
||||
rolePerms[resourceId].push(PermissionLevel.READ)
|
||||
}
|
||||
}
|
||||
return rolePerms
|
||||
|
|
|
@ -3,8 +3,8 @@ const controller = require("../controllers/automation")
|
|||
const authorized = require("../../middleware/authorized")
|
||||
const {
|
||||
BUILDER,
|
||||
PermissionLevels,
|
||||
PermissionTypes,
|
||||
PermissionLevel,
|
||||
PermissionType,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
const { bodyResource, paramResource } = require("../../middleware/resourceId")
|
||||
const {
|
||||
|
@ -71,14 +71,14 @@ router
|
|||
"/api/automations/:id/trigger",
|
||||
appInfoMiddleware({ appType: AppType.PROD }),
|
||||
paramResource("id"),
|
||||
authorized(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
|
||||
authorized(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
|
||||
controller.trigger
|
||||
)
|
||||
.post(
|
||||
"/api/automations/:id/test",
|
||||
appInfoMiddleware({ appType: AppType.DEV }),
|
||||
paramResource("id"),
|
||||
authorized(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
|
||||
authorized(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
|
||||
controller.test
|
||||
)
|
||||
|
||||
|
|
|
@ -3,8 +3,8 @@ const datasourceController = require("../controllers/datasource")
|
|||
const authorized = require("../../middleware/authorized")
|
||||
const {
|
||||
BUILDER,
|
||||
PermissionLevels,
|
||||
PermissionTypes,
|
||||
PermissionLevel,
|
||||
PermissionType,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
const {
|
||||
datasourceValidator,
|
||||
|
@ -17,17 +17,17 @@ router
|
|||
.get("/api/datasources", authorized(BUILDER), datasourceController.fetch)
|
||||
.get(
|
||||
"/api/datasources/:datasourceId",
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.READ),
|
||||
datasourceController.find
|
||||
)
|
||||
.put(
|
||||
"/api/datasources/:datasourceId",
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.READ),
|
||||
datasourceController.update
|
||||
)
|
||||
.post(
|
||||
"/api/datasources/query",
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.READ),
|
||||
datasourceQueryValidator(),
|
||||
datasourceController.query
|
||||
)
|
||||
|
|
|
@ -13,8 +13,8 @@ import env from "../../../environment"
|
|||
const Router = require("@koa/router")
|
||||
const { RateLimit, Stores } = require("koa2-ratelimit")
|
||||
const {
|
||||
PermissionLevels,
|
||||
PermissionTypes,
|
||||
PermissionLevel,
|
||||
PermissionType,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
const { getRedisOptions } = require("@budibase/backend-core/redis").utils
|
||||
|
||||
|
@ -105,7 +105,7 @@ function applyRoutes(
|
|||
: paramResource(resource)
|
||||
const publicApiMiddleware = publicApi({
|
||||
requiresAppId:
|
||||
permType !== PermissionTypes.APP && permType !== PermissionTypes.USER,
|
||||
permType !== PermissionType.APP && permType !== PermissionType.USER,
|
||||
})
|
||||
addMiddleware(endpoints.read, publicApiMiddleware)
|
||||
addMiddleware(endpoints.write, publicApiMiddleware)
|
||||
|
@ -113,8 +113,8 @@ function applyRoutes(
|
|||
addMiddleware(endpoints.read, paramMiddleware)
|
||||
addMiddleware(endpoints.write, paramMiddleware)
|
||||
// add the authorization middleware, using the correct perm type
|
||||
addMiddleware(endpoints.read, authorized(permType, PermissionLevels.READ))
|
||||
addMiddleware(endpoints.write, authorized(permType, PermissionLevels.WRITE))
|
||||
addMiddleware(endpoints.read, authorized(permType, PermissionLevel.READ))
|
||||
addMiddleware(endpoints.write, authorized(permType, PermissionLevel.WRITE))
|
||||
// add the output mapper middleware
|
||||
addMiddleware(endpoints.read, mapperMiddleware, { output: true })
|
||||
addMiddleware(endpoints.write, mapperMiddleware, { output: true })
|
||||
|
@ -122,12 +122,12 @@ function applyRoutes(
|
|||
addToRouter(endpoints.write)
|
||||
}
|
||||
|
||||
applyRoutes(appEndpoints, PermissionTypes.APP, "appId")
|
||||
applyRoutes(tableEndpoints, PermissionTypes.TABLE, "tableId")
|
||||
applyRoutes(userEndpoints, PermissionTypes.USER, "userId")
|
||||
applyRoutes(queryEndpoints, PermissionTypes.QUERY, "queryId")
|
||||
applyRoutes(appEndpoints, PermissionType.APP, "appId")
|
||||
applyRoutes(tableEndpoints, PermissionType.TABLE, "tableId")
|
||||
applyRoutes(userEndpoints, PermissionType.USER, "userId")
|
||||
applyRoutes(queryEndpoints, PermissionType.QUERY, "queryId")
|
||||
// needs to be applied last for routing purposes, don't override other endpoints
|
||||
applyRoutes(rowEndpoints, PermissionTypes.TABLE, "tableId", "rowId")
|
||||
applyRoutes(rowEndpoints, PermissionType.TABLE, "tableId", "rowId")
|
||||
|
||||
export default publicRouter
|
||||
|
||||
|
|
|
@ -2,8 +2,8 @@ const Router = require("@koa/router")
|
|||
const queryController = require("../controllers/query")
|
||||
const authorized = require("../../middleware/authorized")
|
||||
const {
|
||||
PermissionLevels,
|
||||
PermissionTypes,
|
||||
PermissionLevel,
|
||||
PermissionType,
|
||||
BUILDER,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
const {
|
||||
|
@ -38,20 +38,20 @@ router
|
|||
.get(
|
||||
"/api/queries/:queryId",
|
||||
paramResource("queryId"),
|
||||
authorized(PermissionTypes.QUERY, PermissionLevels.READ),
|
||||
authorized(PermissionType.QUERY, PermissionLevel.READ),
|
||||
queryController.find
|
||||
)
|
||||
// DEPRECATED - use new query endpoint for future work
|
||||
.post(
|
||||
"/api/queries/:queryId",
|
||||
paramResource("queryId"),
|
||||
authorized(PermissionTypes.QUERY, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.QUERY, PermissionLevel.WRITE),
|
||||
queryController.executeV1
|
||||
)
|
||||
.post(
|
||||
"/api/v2/queries/:queryId",
|
||||
paramResource("queryId"),
|
||||
authorized(PermissionTypes.QUERY, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.QUERY, PermissionLevel.WRITE),
|
||||
queryController.executeV2
|
||||
)
|
||||
.delete(
|
||||
|
|
|
@ -3,8 +3,8 @@ import * as rowController from "../controllers/row"
|
|||
import authorized from "../../middleware/authorized"
|
||||
import { paramResource, paramSubResource } from "../../middleware/resourceId"
|
||||
const {
|
||||
PermissionLevels,
|
||||
PermissionTypes,
|
||||
PermissionLevel,
|
||||
PermissionType,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
const { internalSearchValidator } = require("./utils/validators")
|
||||
|
||||
|
@ -28,7 +28,7 @@ router
|
|||
.get(
|
||||
"/api/:tableId/:rowId/enrich",
|
||||
paramSubResource("tableId", "rowId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.READ),
|
||||
rowController.fetchEnrichedRow
|
||||
)
|
||||
/**
|
||||
|
@ -48,7 +48,7 @@ router
|
|||
.get(
|
||||
"/api/:tableId/rows",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.READ),
|
||||
rowController.fetch
|
||||
)
|
||||
/**
|
||||
|
@ -67,7 +67,7 @@ router
|
|||
.get(
|
||||
"/api/:tableId/rows/:rowId",
|
||||
paramSubResource("tableId", "rowId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.READ),
|
||||
rowController.find
|
||||
)
|
||||
/**
|
||||
|
@ -137,7 +137,7 @@ router
|
|||
"/api/:tableId/search",
|
||||
internalSearchValidator(),
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.READ),
|
||||
rowController.search
|
||||
)
|
||||
// DEPRECATED - this is an old API, but for backwards compat it needs to be
|
||||
|
@ -145,7 +145,7 @@ router
|
|||
.post(
|
||||
"/api/search/:tableId/rows",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.READ),
|
||||
rowController.search
|
||||
)
|
||||
/**
|
||||
|
@ -175,7 +175,7 @@ router
|
|||
.post(
|
||||
"/api/:tableId/rows",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
rowController.save
|
||||
)
|
||||
/**
|
||||
|
@ -189,7 +189,7 @@ router
|
|||
.patch(
|
||||
"/api/:tableId/rows",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
rowController.patch
|
||||
)
|
||||
/**
|
||||
|
@ -215,7 +215,7 @@ router
|
|||
.post(
|
||||
"/api/:tableId/rows/validate",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
rowController.validate
|
||||
)
|
||||
/**
|
||||
|
@ -241,7 +241,7 @@ router
|
|||
.delete(
|
||||
"/api/:tableId/rows",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
rowController.destroy
|
||||
)
|
||||
|
||||
|
@ -261,7 +261,7 @@ router
|
|||
.post(
|
||||
"/api/:tableId/rows/exportRows",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
rowController.exportRows
|
||||
)
|
||||
|
||||
|
|
|
@ -4,8 +4,8 @@ import { budibaseTempDir } from "../../utilities/budibaseDir"
|
|||
import authorized from "../../middleware/authorized"
|
||||
import {
|
||||
BUILDER,
|
||||
PermissionTypes,
|
||||
PermissionLevels,
|
||||
PermissionType,
|
||||
PermissionLevel,
|
||||
} from "@budibase/backend-core/permissions"
|
||||
import * as env from "../../environment"
|
||||
import { paramResource } from "../../middleware/resourceId"
|
||||
|
@ -47,13 +47,13 @@ router
|
|||
.post(
|
||||
"/api/attachments/:tableId/upload",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
controller.uploadFile
|
||||
)
|
||||
.post(
|
||||
"/api/attachments/:tableId/delete",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
controller.deleteObjects
|
||||
)
|
||||
.get("/app/preview", authorized(BUILDER), controller.serveBuilderPreview)
|
||||
|
@ -61,7 +61,7 @@ router
|
|||
.get("/app/:appUrl/:path*", controller.serveApp)
|
||||
.post(
|
||||
"/api/attachments/:datasourceId/url",
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.READ),
|
||||
controller.getSignedUploadURL
|
||||
)
|
||||
|
||||
|
|
|
@ -4,8 +4,8 @@ const authorized = require("../../middleware/authorized")
|
|||
const { paramResource, bodyResource } = require("../../middleware/resourceId")
|
||||
const {
|
||||
BUILDER,
|
||||
PermissionLevels,
|
||||
PermissionTypes,
|
||||
PermissionLevel,
|
||||
PermissionType,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
const { tableValidator } = require("./utils/validators")
|
||||
|
||||
|
@ -40,7 +40,7 @@ router
|
|||
.get(
|
||||
"/api/tables/:tableId",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionTypes.TABLE, PermissionLevels.READ, { schema: true }),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.READ, { schema: true }),
|
||||
tableController.find
|
||||
)
|
||||
/**
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
|
||||
const {
|
||||
BUILTIN_PERMISSION_IDS,
|
||||
BuiltinPermissionID,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
const setup = require("./utilities")
|
||||
const { basicRole } = setup.structures
|
||||
|
@ -76,18 +76,18 @@ describe("/roles", () => {
|
|||
const adminRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.ADMIN)
|
||||
expect(adminRole).toBeDefined()
|
||||
expect(adminRole.inherits).toEqual(BUILTIN_ROLE_IDS.POWER)
|
||||
expect(adminRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.ADMIN)
|
||||
expect(adminRole.permissionId).toEqual(BuiltinPermissionID.ADMIN)
|
||||
|
||||
const powerUserRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.POWER)
|
||||
expect(powerUserRole).toBeDefined()
|
||||
expect(powerUserRole.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC)
|
||||
expect(powerUserRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.POWER)
|
||||
expect(powerUserRole.permissionId).toEqual(BuiltinPermissionID.POWER)
|
||||
|
||||
const customRoleFetched = res.body.find(r => r._id === customRole._id)
|
||||
expect(customRoleFetched).toBeDefined()
|
||||
expect(customRoleFetched.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC)
|
||||
expect(customRoleFetched.permissionId).toEqual(
|
||||
BUILTIN_PERMISSION_IDS.READ_ONLY
|
||||
BuiltinPermissionID.READ_ONLY
|
||||
)
|
||||
})
|
||||
|
||||
|
@ -109,7 +109,7 @@ describe("/roles", () => {
|
|||
it("should delete custom roles", async () => {
|
||||
const customRole = await config.createRole({
|
||||
name: "user",
|
||||
permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY,
|
||||
permissionId: BuiltinPermissionID.READ_ONLY,
|
||||
inherits: BUILTIN_ROLE_IDS.BASIC,
|
||||
})
|
||||
delete customRole._rev_tree
|
||||
|
|
|
@ -2,8 +2,8 @@ const Router = require("@koa/router")
|
|||
const controller = require("../controllers/user")
|
||||
const authorized = require("../../middleware/authorized")
|
||||
const {
|
||||
PermissionLevels,
|
||||
PermissionTypes,
|
||||
PermissionLevel,
|
||||
PermissionType,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
|
||||
const router = new Router()
|
||||
|
@ -11,42 +11,42 @@ const router = new Router()
|
|||
router
|
||||
.get(
|
||||
"/api/users/metadata",
|
||||
authorized(PermissionTypes.USER, PermissionLevels.READ),
|
||||
authorized(PermissionType.USER, PermissionLevel.READ),
|
||||
controller.fetchMetadata
|
||||
)
|
||||
.get(
|
||||
"/api/users/metadata/:id",
|
||||
authorized(PermissionTypes.USER, PermissionLevels.READ),
|
||||
authorized(PermissionType.USER, PermissionLevel.READ),
|
||||
controller.findMetadata
|
||||
)
|
||||
.put(
|
||||
"/api/users/metadata",
|
||||
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.USER, PermissionLevel.WRITE),
|
||||
controller.updateMetadata
|
||||
)
|
||||
.post(
|
||||
"/api/users/metadata/self",
|
||||
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.USER, PermissionLevel.WRITE),
|
||||
controller.updateSelfMetadata
|
||||
)
|
||||
.delete(
|
||||
"/api/users/metadata/:id",
|
||||
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.USER, PermissionLevel.WRITE),
|
||||
controller.destroyMetadata
|
||||
)
|
||||
.post(
|
||||
"/api/users/metadata/sync/:id",
|
||||
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.USER, PermissionLevel.WRITE),
|
||||
controller.syncUser
|
||||
)
|
||||
.post(
|
||||
"/api/users/flags",
|
||||
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
|
||||
authorized(PermissionType.USER, PermissionLevel.WRITE),
|
||||
controller.setFlag
|
||||
)
|
||||
.get(
|
||||
"/api/users/flags",
|
||||
authorized(PermissionTypes.USER, PermissionLevels.READ),
|
||||
authorized(PermissionType.USER, PermissionLevel.READ),
|
||||
controller.getFlags
|
||||
)
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
const { joiValidator } = require("@budibase/backend-core/auth")
|
||||
const { DataSourceOperation } = require("../../../constants")
|
||||
const {
|
||||
BUILTIN_PERMISSION_IDS,
|
||||
PermissionLevels,
|
||||
BuiltinPermissionID,
|
||||
PermissionLevel,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
const { WebhookActionType } = require("@budibase/types")
|
||||
const Joi = require("joi")
|
||||
|
@ -133,14 +133,14 @@ exports.webhookValidator = () => {
|
|||
}
|
||||
|
||||
exports.roleValidator = () => {
|
||||
const permLevelArray = Object.values(PermissionLevels)
|
||||
const permLevelArray = Object.values(PermissionLevel)
|
||||
// prettier-ignore
|
||||
return joiValidator.body(Joi.object({
|
||||
_id: OPTIONAL_STRING,
|
||||
_rev: OPTIONAL_STRING,
|
||||
name: Joi.string().required(),
|
||||
// this is the base permission ID (for now a built in)
|
||||
permissionId: Joi.string().valid(...Object.values(BUILTIN_PERMISSION_IDS)).required(),
|
||||
permissionId: Joi.string().valid(...Object.values(BuiltinPermissionID)).required(),
|
||||
permissions: Joi.object()
|
||||
.pattern(/.*/, [Joi.string().valid(...permLevelArray)])
|
||||
.optional(),
|
||||
|
@ -149,7 +149,7 @@ exports.roleValidator = () => {
|
|||
}
|
||||
|
||||
exports.permissionValidator = () => {
|
||||
const permLevelArray = Object.values(PermissionLevels)
|
||||
const permLevelArray = Object.values(PermissionLevel)
|
||||
// prettier-ignore
|
||||
return joiValidator.params(Joi.object({
|
||||
level: Joi.string().valid(...permLevelArray).required(),
|
||||
|
|
|
@ -5,8 +5,8 @@ const authorized = require("../../middleware/authorized")
|
|||
const { paramResource } = require("../../middleware/resourceId")
|
||||
const {
|
||||
BUILDER,
|
||||
PermissionTypes,
|
||||
PermissionLevels,
|
||||
PermissionType,
|
||||
PermissionLevel,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
|
||||
const router = new Router()
|
||||
|
@ -16,7 +16,7 @@ router
|
|||
.get(
|
||||
"/api/views/:viewName",
|
||||
paramResource("viewName"),
|
||||
authorized(PermissionTypes.VIEW, PermissionLevels.READ),
|
||||
authorized(PermissionType.VIEW, PermissionLevel.READ),
|
||||
rowController.fetchView
|
||||
)
|
||||
.get("/api/views", authorized(BUILDER), viewController.fetch)
|
||||
|
|
|
@ -4,8 +4,8 @@ import {
|
|||
BUILTIN_ROLE_IDS,
|
||||
} from "@budibase/backend-core/roles"
|
||||
const {
|
||||
PermissionTypes,
|
||||
PermissionLevels,
|
||||
PermissionType,
|
||||
PermissionLevel,
|
||||
doesHaveBasePermission,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
const builderMiddleware = require("./builder")
|
||||
|
@ -33,7 +33,7 @@ const checkAuthorized = async (
|
|||
) => {
|
||||
// check if this is a builder api and the user is not a builder
|
||||
const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global
|
||||
const isBuilderApi = permType === PermissionTypes.BUILDER
|
||||
const isBuilderApi = permType === PermissionType.BUILDER
|
||||
if (isBuilderApi && !isBuilder) {
|
||||
return ctx.throw(403, "Not Authorized")
|
||||
}
|
||||
|
@ -91,9 +91,9 @@ export = (permType: any, permLevel: any = null, opts = { schema: false }) =>
|
|||
let resourceRoles: any = []
|
||||
let otherLevelRoles: any = []
|
||||
const otherLevel =
|
||||
permLevel === PermissionLevels.READ
|
||||
? PermissionLevels.WRITE
|
||||
: PermissionLevels.READ
|
||||
permLevel === PermissionLevel.READ
|
||||
? PermissionLevel.WRITE
|
||||
: PermissionLevel.READ
|
||||
const appId = getAppId()
|
||||
if (appId && hasResource(ctx)) {
|
||||
resourceRoles = await getRequiredResourceRole(permLevel, ctx)
|
||||
|
|
|
@ -70,7 +70,7 @@ export = async function builder(ctx: BBContext, permType: string) {
|
|||
if (!appId) {
|
||||
return
|
||||
}
|
||||
const isBuilderApi = permType === permissions.PermissionTypes.BUILDER
|
||||
const isBuilderApi = permType === permissions.PermissionType.BUILDER
|
||||
const referer = ctx.headers["referer"]
|
||||
|
||||
const overviewPath = "/builder/portal/overview/"
|
||||
|
|
|
@ -9,7 +9,7 @@ jest.mock("../../environment", () => ({
|
|||
)
|
||||
const authorizedMiddleware = require("../authorized")
|
||||
const env = require("../../environment")
|
||||
const { PermissionTypes, PermissionLevels } = require("@budibase/backend-core/permissions")
|
||||
const { PermissionType, PermissionLevel } = require("@budibase/backend-core/permissions")
|
||||
const { doInAppContext } = require("@budibase/backend-core/context")
|
||||
|
||||
const APP_ID = ""
|
||||
|
@ -113,7 +113,7 @@ describe("Authorization middleware", () => {
|
|||
|
||||
it("throws if the user does not have builder permissions", async () => {
|
||||
config.setEnvironment(false)
|
||||
config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER)
|
||||
config.setMiddlewareRequiredPermission(PermissionType.BUILDER)
|
||||
config.setUser({
|
||||
role: {
|
||||
_id: ""
|
||||
|
@ -125,13 +125,13 @@ describe("Authorization middleware", () => {
|
|||
})
|
||||
|
||||
it("passes on to next() middleware if the user has resource permission", async () => {
|
||||
config.setResourceId(PermissionTypes.QUERY)
|
||||
config.setResourceId(PermissionType.QUERY)
|
||||
config.setUser({
|
||||
role: {
|
||||
_id: ""
|
||||
}
|
||||
})
|
||||
config.setMiddlewareRequiredPermission(PermissionTypes.QUERY)
|
||||
config.setMiddlewareRequiredPermission(PermissionType.QUERY)
|
||||
|
||||
await config.executeMiddleware()
|
||||
expect(config.next).toHaveBeenCalled()
|
||||
|
@ -155,7 +155,7 @@ describe("Authorization middleware", () => {
|
|||
_id: ""
|
||||
},
|
||||
})
|
||||
config.setMiddlewareRequiredPermission(PermissionTypes.ADMIN, PermissionLevels.BASIC)
|
||||
config.setMiddlewareRequiredPermission(PermissionType.ADMIN, PermissionLevel.BASIC)
|
||||
|
||||
await config.executeMiddleware()
|
||||
expect(config.throw).toHaveBeenCalledWith(403, "User does not have permission")
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
|
||||
const { BUILTIN_PERMISSION_IDS } = require("@budibase/backend-core/permissions")
|
||||
const { BuiltinPermissionID } = require("@budibase/backend-core/permissions")
|
||||
const { createHomeScreen } = require("../../constants/screens")
|
||||
const { EMPTY_LAYOUT } = require("../../constants/layouts")
|
||||
const { cloneDeep } = require("lodash/fp")
|
||||
|
@ -135,7 +135,7 @@ exports.basicRole = () => {
|
|||
return {
|
||||
name: "NewRole",
|
||||
inherits: BUILTIN_ROLE_IDS.BASIC,
|
||||
permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY,
|
||||
permissionId: BuiltinPermissionID.READ_ONLY,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
const {
|
||||
PermissionLevels,
|
||||
PermissionTypes,
|
||||
PermissionLevel,
|
||||
PermissionType,
|
||||
getBuiltinPermissionByID,
|
||||
isPermissionLevelHigherThanRead,
|
||||
} = require("@budibase/backend-core/permissions")
|
||||
|
@ -11,9 +11,9 @@ const {
|
|||
const { DocumentType } = require("../db/utils")
|
||||
|
||||
const CURRENTLY_SUPPORTED_LEVELS = [
|
||||
PermissionLevels.WRITE,
|
||||
PermissionLevels.READ,
|
||||
PermissionLevels.EXECUTE,
|
||||
PermissionLevel.WRITE,
|
||||
PermissionLevel.READ,
|
||||
PermissionLevel.EXECUTE,
|
||||
]
|
||||
|
||||
exports.getPermissionType = resourceId => {
|
||||
|
@ -23,17 +23,17 @@ exports.getPermissionType = resourceId => {
|
|||
switch (docType) {
|
||||
case DocumentType.TABLE:
|
||||
case DocumentType.ROW:
|
||||
return PermissionTypes.TABLE
|
||||
return PermissionType.TABLE
|
||||
case DocumentType.AUTOMATION:
|
||||
return PermissionTypes.AUTOMATION
|
||||
return PermissionType.AUTOMATION
|
||||
case DocumentType.WEBHOOK:
|
||||
return PermissionTypes.WEBHOOK
|
||||
return PermissionType.WEBHOOK
|
||||
case DocumentType.QUERY:
|
||||
case DocumentType.DATASOURCE:
|
||||
return PermissionTypes.QUERY
|
||||
return PermissionType.QUERY
|
||||
default:
|
||||
// views don't have an ID, will end up here
|
||||
return PermissionTypes.VIEW
|
||||
return PermissionType.VIEW
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -58,8 +58,8 @@ exports.getBasePermissions = resourceId => {
|
|||
const level = typedPermission.level
|
||||
permissions[level] = lowerBuiltinRoleID(permissions[level], roleId)
|
||||
if (isPermissionLevelHigherThanRead(level)) {
|
||||
permissions[PermissionLevels.READ] = lowerBuiltinRoleID(
|
||||
permissions[PermissionLevels.READ],
|
||||
permissions[PermissionLevel.READ] = lowerBuiltinRoleID(
|
||||
permissions[PermissionLevel.READ],
|
||||
roleId
|
||||
)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue