From 31c198888aafbebcb3ad9f39ea8a992cf9fb4572 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Thu, 17 Nov 2022 14:59:18 +0000 Subject: [PATCH] Updating some enums, plural to single. --- .../backend-core/src/security/permissions.ts | 98 +++++++++---------- packages/backend-core/src/security/roles.ts | 16 +-- packages/server/src/api/routes/automation.js | 8 +- packages/server/src/api/routes/datasource.js | 10 +- .../server/src/api/routes/public/index.ts | 20 ++-- packages/server/src/api/routes/query.js | 10 +- packages/server/src/api/routes/row.ts | 24 ++--- packages/server/src/api/routes/static.ts | 10 +- packages/server/src/api/routes/table.js | 6 +- .../server/src/api/routes/tests/role.spec.js | 10 +- packages/server/src/api/routes/user.js | 20 ++-- .../server/src/api/routes/utils/validators.js | 10 +- packages/server/src/api/routes/view.js | 6 +- packages/server/src/middleware/authorized.ts | 12 +-- packages/server/src/middleware/builder.ts | 2 +- .../src/middleware/tests/authorized.spec.js | 10 +- .../server/src/tests/utilities/structures.js | 4 +- packages/server/src/utilities/security.js | 24 ++--- 18 files changed, 150 insertions(+), 150 deletions(-) diff --git a/packages/backend-core/src/security/permissions.ts b/packages/backend-core/src/security/permissions.ts index dda041924f..42189bba0c 100644 --- a/packages/backend-core/src/security/permissions.ts +++ b/packages/backend-core/src/security/permissions.ts @@ -5,7 +5,7 @@ export type RoleHierarchy = { permissionId: string }[] -export enum PermissionLevels { +export enum PermissionLevel { READ = "read", WRITE = "write", EXECUTE = "execute", @@ -13,7 +13,7 @@ export enum PermissionLevels { } // these are the global types, that govern the underlying default behaviour -export enum PermissionTypes { +export enum PermissionType { APP = "app", TABLE = "table", USER = "user", @@ -25,25 +25,25 @@ export enum PermissionTypes { } class Permission { - type: PermissionTypes - level: PermissionLevels + type: PermissionType + level: PermissionLevel - constructor(type: PermissionTypes, level: PermissionLevels) { + constructor(type: PermissionType, level: PermissionLevel) { this.type = type this.level = level } } -function levelToNumber(perm: PermissionLevels) { +function levelToNumber(perm: PermissionLevel) { switch (perm) { // not everything has execute privileges - case PermissionLevels.EXECUTE: + case PermissionLevel.EXECUTE: return 0 - case PermissionLevels.READ: + case PermissionLevel.READ: return 1 - case PermissionLevels.WRITE: + case PermissionLevel.WRITE: return 2 - case PermissionLevels.ADMIN: + case PermissionLevel.ADMIN: return 3 default: return -1 @@ -55,25 +55,25 @@ function levelToNumber(perm: PermissionLevels) { * @param {string} userPermLevel The permission level of the user. * @return {string[]} All the permission levels this user is allowed to carry out. */ -function getAllowedLevels(userPermLevel: PermissionLevels) { +function getAllowedLevels(userPermLevel: PermissionLevel) { switch (userPermLevel) { - case PermissionLevels.EXECUTE: - return [PermissionLevels.EXECUTE] - case PermissionLevels.READ: - return [PermissionLevels.EXECUTE, PermissionLevels.READ] - case PermissionLevels.WRITE: - case PermissionLevels.ADMIN: + case PermissionLevel.EXECUTE: + return [PermissionLevel.EXECUTE] + case PermissionLevel.READ: + return [PermissionLevel.EXECUTE, PermissionLevel.READ] + case PermissionLevel.WRITE: + case PermissionLevel.ADMIN: return [ - PermissionLevels.READ, - PermissionLevels.WRITE, - PermissionLevels.EXECUTE, + PermissionLevel.READ, + PermissionLevel.WRITE, + PermissionLevel.EXECUTE, ] default: return [] } } -export enum BUILTIN_PERMISSION_IDS { +export enum BuiltinPermissionID { PUBLIC = "public", READ_ONLY = "read_only", WRITE = "write", @@ -83,52 +83,52 @@ export enum BUILTIN_PERMISSION_IDS { const BUILTIN_PERMISSIONS = { PUBLIC: { - _id: BUILTIN_PERMISSION_IDS.PUBLIC, + _id: BuiltinPermissionID.PUBLIC, name: "Public", permissions: [ - new Permission(PermissionTypes.WEBHOOK, PermissionLevels.EXECUTE), + new Permission(PermissionType.WEBHOOK, PermissionLevel.EXECUTE), ], }, READ_ONLY: { - _id: BUILTIN_PERMISSION_IDS.READ_ONLY, + _id: BuiltinPermissionID.READ_ONLY, name: "Read only", permissions: [ - new Permission(PermissionTypes.QUERY, PermissionLevels.READ), - new Permission(PermissionTypes.TABLE, PermissionLevels.READ), - new Permission(PermissionTypes.VIEW, PermissionLevels.READ), + new Permission(PermissionType.QUERY, PermissionLevel.READ), + new Permission(PermissionType.TABLE, PermissionLevel.READ), + new Permission(PermissionType.VIEW, PermissionLevel.READ), ], }, WRITE: { - _id: BUILTIN_PERMISSION_IDS.WRITE, + _id: BuiltinPermissionID.WRITE, name: "Read/Write", permissions: [ - new Permission(PermissionTypes.QUERY, PermissionLevels.WRITE), - new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE), - new Permission(PermissionTypes.VIEW, PermissionLevels.READ), - new Permission(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE), + new Permission(PermissionType.QUERY, PermissionLevel.WRITE), + new Permission(PermissionType.TABLE, PermissionLevel.WRITE), + new Permission(PermissionType.VIEW, PermissionLevel.READ), + new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE), ], }, POWER: { - _id: BUILTIN_PERMISSION_IDS.POWER, + _id: BuiltinPermissionID.POWER, name: "Power", permissions: [ - new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE), - new Permission(PermissionTypes.USER, PermissionLevels.READ), - new Permission(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE), - new Permission(PermissionTypes.VIEW, PermissionLevels.READ), - new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ), + new Permission(PermissionType.TABLE, PermissionLevel.WRITE), + new Permission(PermissionType.USER, PermissionLevel.READ), + new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE), + new Permission(PermissionType.VIEW, PermissionLevel.READ), + new Permission(PermissionType.WEBHOOK, PermissionLevel.READ), ], }, ADMIN: { - _id: BUILTIN_PERMISSION_IDS.ADMIN, + _id: BuiltinPermissionID.ADMIN, name: "Admin", permissions: [ - new Permission(PermissionTypes.TABLE, PermissionLevels.ADMIN), - new Permission(PermissionTypes.USER, PermissionLevels.ADMIN), - new Permission(PermissionTypes.AUTOMATION, PermissionLevels.ADMIN), - new Permission(PermissionTypes.VIEW, PermissionLevels.ADMIN), - new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ), - new Permission(PermissionTypes.QUERY, PermissionLevels.ADMIN), + new Permission(PermissionType.TABLE, PermissionLevel.ADMIN), + new Permission(PermissionType.USER, PermissionLevel.ADMIN), + new Permission(PermissionType.AUTOMATION, PermissionLevel.ADMIN), + new Permission(PermissionType.VIEW, PermissionLevel.ADMIN), + new Permission(PermissionType.WEBHOOK, PermissionLevel.READ), + new Permission(PermissionType.QUERY, PermissionLevel.ADMIN), ], }, } @@ -143,8 +143,8 @@ export function getBuiltinPermissionByID(id: string) { } export function doesHaveBasePermission( - permType: PermissionTypes, - permLevel: PermissionLevels, + permType: PermissionType, + permLevel: PermissionLevel, rolesHierarchy: RoleHierarchy ) { const basePermissions = [ @@ -167,9 +167,9 @@ export function doesHaveBasePermission( return false } -export function isPermissionLevelHigherThanRead(level: PermissionLevels) { +export function isPermissionLevelHigherThanRead(level: PermissionLevel) { return levelToNumber(level) > 1 } // utility as a lot of things need simply the builder permission -export const BUILDER = PermissionTypes.BUILDER +export const BUILDER = PermissionType.BUILDER diff --git a/packages/backend-core/src/security/roles.ts b/packages/backend-core/src/security/roles.ts index cba88d9751..da475322a7 100644 --- a/packages/backend-core/src/security/roles.ts +++ b/packages/backend-core/src/security/roles.ts @@ -1,4 +1,4 @@ -import { BUILTIN_PERMISSION_IDS, PermissionLevels } from "./permissions" +import { BuiltinPermissionID, PermissionLevel } from "./permissions" import { generateRoleID, getRoleParams, @@ -54,19 +54,19 @@ export class Role { const BUILTIN_ROLES = { ADMIN: new Role(BUILTIN_IDS.ADMIN, "Admin") - .addPermission(BUILTIN_PERMISSION_IDS.ADMIN) + .addPermission(BuiltinPermissionID.ADMIN) .addInheritance(BUILTIN_IDS.POWER), POWER: new Role(BUILTIN_IDS.POWER, "Power") - .addPermission(BUILTIN_PERMISSION_IDS.POWER) + .addPermission(BuiltinPermissionID.POWER) .addInheritance(BUILTIN_IDS.BASIC), BASIC: new Role(BUILTIN_IDS.BASIC, "Basic") - .addPermission(BUILTIN_PERMISSION_IDS.WRITE) + .addPermission(BuiltinPermissionID.WRITE) .addInheritance(BUILTIN_IDS.PUBLIC), PUBLIC: new Role(BUILTIN_IDS.PUBLIC, "Public").addPermission( - BUILTIN_PERMISSION_IDS.PUBLIC + BuiltinPermissionID.PUBLIC ), BUILDER: new Role(BUILTIN_IDS.BUILDER, "Builder").addPermission( - BUILTIN_PERMISSION_IDS.ADMIN + BuiltinPermissionID.ADMIN ), } @@ -227,8 +227,8 @@ export function checkForRoleResourceArray( if (rolePerms && !Array.isArray(rolePerms[resourceId])) { const permLevel = rolePerms[resourceId] as any rolePerms[resourceId] = [permLevel] - if (permLevel === PermissionLevels.WRITE) { - rolePerms[resourceId].push(PermissionLevels.READ) + if (permLevel === PermissionLevel.WRITE) { + rolePerms[resourceId].push(PermissionLevel.READ) } } return rolePerms diff --git a/packages/server/src/api/routes/automation.js b/packages/server/src/api/routes/automation.js index e30a0c1113..544d94abb2 100644 --- a/packages/server/src/api/routes/automation.js +++ b/packages/server/src/api/routes/automation.js @@ -3,8 +3,8 @@ const controller = require("../controllers/automation") const authorized = require("../../middleware/authorized") const { BUILDER, - PermissionLevels, - PermissionTypes, + PermissionLevel, + PermissionType, } = require("@budibase/backend-core/permissions") const { bodyResource, paramResource } = require("../../middleware/resourceId") const { @@ -71,14 +71,14 @@ router "/api/automations/:id/trigger", appInfoMiddleware({ appType: AppType.PROD }), paramResource("id"), - authorized(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE), + authorized(PermissionType.AUTOMATION, PermissionLevel.EXECUTE), controller.trigger ) .post( "/api/automations/:id/test", appInfoMiddleware({ appType: AppType.DEV }), paramResource("id"), - authorized(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE), + authorized(PermissionType.AUTOMATION, PermissionLevel.EXECUTE), controller.test ) diff --git a/packages/server/src/api/routes/datasource.js b/packages/server/src/api/routes/datasource.js index 23a3ea9fb0..402e464e16 100644 --- a/packages/server/src/api/routes/datasource.js +++ b/packages/server/src/api/routes/datasource.js @@ -3,8 +3,8 @@ const datasourceController = require("../controllers/datasource") const authorized = require("../../middleware/authorized") const { BUILDER, - PermissionLevels, - PermissionTypes, + PermissionLevel, + PermissionType, } = require("@budibase/backend-core/permissions") const { datasourceValidator, @@ -17,17 +17,17 @@ router .get("/api/datasources", authorized(BUILDER), datasourceController.fetch) .get( "/api/datasources/:datasourceId", - authorized(PermissionTypes.TABLE, PermissionLevels.READ), + authorized(PermissionType.TABLE, PermissionLevel.READ), datasourceController.find ) .put( "/api/datasources/:datasourceId", - authorized(PermissionTypes.TABLE, PermissionLevels.READ), + authorized(PermissionType.TABLE, PermissionLevel.READ), datasourceController.update ) .post( "/api/datasources/query", - authorized(PermissionTypes.TABLE, PermissionLevels.READ), + authorized(PermissionType.TABLE, PermissionLevel.READ), datasourceQueryValidator(), datasourceController.query ) diff --git a/packages/server/src/api/routes/public/index.ts b/packages/server/src/api/routes/public/index.ts index ca49a1a7d6..198ba2d2b2 100644 --- a/packages/server/src/api/routes/public/index.ts +++ b/packages/server/src/api/routes/public/index.ts @@ -13,8 +13,8 @@ import env from "../../../environment" const Router = require("@koa/router") const { RateLimit, Stores } = require("koa2-ratelimit") const { - PermissionLevels, - PermissionTypes, + PermissionLevel, + PermissionType, } = require("@budibase/backend-core/permissions") const { getRedisOptions } = require("@budibase/backend-core/redis").utils @@ -105,7 +105,7 @@ function applyRoutes( : paramResource(resource) const publicApiMiddleware = publicApi({ requiresAppId: - permType !== PermissionTypes.APP && permType !== PermissionTypes.USER, + permType !== PermissionType.APP && permType !== PermissionType.USER, }) addMiddleware(endpoints.read, publicApiMiddleware) addMiddleware(endpoints.write, publicApiMiddleware) @@ -113,8 +113,8 @@ function applyRoutes( addMiddleware(endpoints.read, paramMiddleware) addMiddleware(endpoints.write, paramMiddleware) // add the authorization middleware, using the correct perm type - addMiddleware(endpoints.read, authorized(permType, PermissionLevels.READ)) - addMiddleware(endpoints.write, authorized(permType, PermissionLevels.WRITE)) + addMiddleware(endpoints.read, authorized(permType, PermissionLevel.READ)) + addMiddleware(endpoints.write, authorized(permType, PermissionLevel.WRITE)) // add the output mapper middleware addMiddleware(endpoints.read, mapperMiddleware, { output: true }) addMiddleware(endpoints.write, mapperMiddleware, { output: true }) @@ -122,12 +122,12 @@ function applyRoutes( addToRouter(endpoints.write) } -applyRoutes(appEndpoints, PermissionTypes.APP, "appId") -applyRoutes(tableEndpoints, PermissionTypes.TABLE, "tableId") -applyRoutes(userEndpoints, PermissionTypes.USER, "userId") -applyRoutes(queryEndpoints, PermissionTypes.QUERY, "queryId") +applyRoutes(appEndpoints, PermissionType.APP, "appId") +applyRoutes(tableEndpoints, PermissionType.TABLE, "tableId") +applyRoutes(userEndpoints, PermissionType.USER, "userId") +applyRoutes(queryEndpoints, PermissionType.QUERY, "queryId") // needs to be applied last for routing purposes, don't override other endpoints -applyRoutes(rowEndpoints, PermissionTypes.TABLE, "tableId", "rowId") +applyRoutes(rowEndpoints, PermissionType.TABLE, "tableId", "rowId") export default publicRouter diff --git a/packages/server/src/api/routes/query.js b/packages/server/src/api/routes/query.js index 14434a45c7..1195e55113 100644 --- a/packages/server/src/api/routes/query.js +++ b/packages/server/src/api/routes/query.js @@ -2,8 +2,8 @@ const Router = require("@koa/router") const queryController = require("../controllers/query") const authorized = require("../../middleware/authorized") const { - PermissionLevels, - PermissionTypes, + PermissionLevel, + PermissionType, BUILDER, } = require("@budibase/backend-core/permissions") const { @@ -38,20 +38,20 @@ router .get( "/api/queries/:queryId", paramResource("queryId"), - authorized(PermissionTypes.QUERY, PermissionLevels.READ), + authorized(PermissionType.QUERY, PermissionLevel.READ), queryController.find ) // DEPRECATED - use new query endpoint for future work .post( "/api/queries/:queryId", paramResource("queryId"), - authorized(PermissionTypes.QUERY, PermissionLevels.WRITE), + authorized(PermissionType.QUERY, PermissionLevel.WRITE), queryController.executeV1 ) .post( "/api/v2/queries/:queryId", paramResource("queryId"), - authorized(PermissionTypes.QUERY, PermissionLevels.WRITE), + authorized(PermissionType.QUERY, PermissionLevel.WRITE), queryController.executeV2 ) .delete( diff --git a/packages/server/src/api/routes/row.ts b/packages/server/src/api/routes/row.ts index cb342adebb..72189a2482 100644 --- a/packages/server/src/api/routes/row.ts +++ b/packages/server/src/api/routes/row.ts @@ -3,8 +3,8 @@ import * as rowController from "../controllers/row" import authorized from "../../middleware/authorized" import { paramResource, paramSubResource } from "../../middleware/resourceId" const { - PermissionLevels, - PermissionTypes, + PermissionLevel, + PermissionType, } = require("@budibase/backend-core/permissions") const { internalSearchValidator } = require("./utils/validators") @@ -28,7 +28,7 @@ router .get( "/api/:tableId/:rowId/enrich", paramSubResource("tableId", "rowId"), - authorized(PermissionTypes.TABLE, PermissionLevels.READ), + authorized(PermissionType.TABLE, PermissionLevel.READ), rowController.fetchEnrichedRow ) /** @@ -48,7 +48,7 @@ router .get( "/api/:tableId/rows", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.READ), + authorized(PermissionType.TABLE, PermissionLevel.READ), rowController.fetch ) /** @@ -67,7 +67,7 @@ router .get( "/api/:tableId/rows/:rowId", paramSubResource("tableId", "rowId"), - authorized(PermissionTypes.TABLE, PermissionLevels.READ), + authorized(PermissionType.TABLE, PermissionLevel.READ), rowController.find ) /** @@ -137,7 +137,7 @@ router "/api/:tableId/search", internalSearchValidator(), paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.READ), + authorized(PermissionType.TABLE, PermissionLevel.READ), rowController.search ) // DEPRECATED - this is an old API, but for backwards compat it needs to be @@ -145,7 +145,7 @@ router .post( "/api/search/:tableId/rows", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.READ), + authorized(PermissionType.TABLE, PermissionLevel.READ), rowController.search ) /** @@ -175,7 +175,7 @@ router .post( "/api/:tableId/rows", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), + authorized(PermissionType.TABLE, PermissionLevel.WRITE), rowController.save ) /** @@ -189,7 +189,7 @@ router .patch( "/api/:tableId/rows", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), + authorized(PermissionType.TABLE, PermissionLevel.WRITE), rowController.patch ) /** @@ -215,7 +215,7 @@ router .post( "/api/:tableId/rows/validate", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), + authorized(PermissionType.TABLE, PermissionLevel.WRITE), rowController.validate ) /** @@ -241,7 +241,7 @@ router .delete( "/api/:tableId/rows", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), + authorized(PermissionType.TABLE, PermissionLevel.WRITE), rowController.destroy ) @@ -261,7 +261,7 @@ router .post( "/api/:tableId/rows/exportRows", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), + authorized(PermissionType.TABLE, PermissionLevel.WRITE), rowController.exportRows ) diff --git a/packages/server/src/api/routes/static.ts b/packages/server/src/api/routes/static.ts index 8ca8a1cc2b..ccfec6fd8c 100644 --- a/packages/server/src/api/routes/static.ts +++ b/packages/server/src/api/routes/static.ts @@ -4,8 +4,8 @@ import { budibaseTempDir } from "../../utilities/budibaseDir" import authorized from "../../middleware/authorized" import { BUILDER, - PermissionTypes, - PermissionLevels, + PermissionType, + PermissionLevel, } from "@budibase/backend-core/permissions" import * as env from "../../environment" import { paramResource } from "../../middleware/resourceId" @@ -47,13 +47,13 @@ router .post( "/api/attachments/:tableId/upload", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), + authorized(PermissionType.TABLE, PermissionLevel.WRITE), controller.uploadFile ) .post( "/api/attachments/:tableId/delete", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), + authorized(PermissionType.TABLE, PermissionLevel.WRITE), controller.deleteObjects ) .get("/app/preview", authorized(BUILDER), controller.serveBuilderPreview) @@ -61,7 +61,7 @@ router .get("/app/:appUrl/:path*", controller.serveApp) .post( "/api/attachments/:datasourceId/url", - authorized(PermissionTypes.TABLE, PermissionLevels.READ), + authorized(PermissionType.TABLE, PermissionLevel.READ), controller.getSignedUploadURL ) diff --git a/packages/server/src/api/routes/table.js b/packages/server/src/api/routes/table.js index 711312149a..8d280e06d3 100644 --- a/packages/server/src/api/routes/table.js +++ b/packages/server/src/api/routes/table.js @@ -4,8 +4,8 @@ const authorized = require("../../middleware/authorized") const { paramResource, bodyResource } = require("../../middleware/resourceId") const { BUILDER, - PermissionLevels, - PermissionTypes, + PermissionLevel, + PermissionType, } = require("@budibase/backend-core/permissions") const { tableValidator } = require("./utils/validators") @@ -40,7 +40,7 @@ router .get( "/api/tables/:tableId", paramResource("tableId"), - authorized(PermissionTypes.TABLE, PermissionLevels.READ, { schema: true }), + authorized(PermissionType.TABLE, PermissionLevel.READ, { schema: true }), tableController.find ) /** diff --git a/packages/server/src/api/routes/tests/role.spec.js b/packages/server/src/api/routes/tests/role.spec.js index 9f44cbd136..56a3f1e9d9 100644 --- a/packages/server/src/api/routes/tests/role.spec.js +++ b/packages/server/src/api/routes/tests/role.spec.js @@ -1,6 +1,6 @@ const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles") const { - BUILTIN_PERMISSION_IDS, + BuiltinPermissionID, } = require("@budibase/backend-core/permissions") const setup = require("./utilities") const { basicRole } = setup.structures @@ -76,18 +76,18 @@ describe("/roles", () => { const adminRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.ADMIN) expect(adminRole).toBeDefined() expect(adminRole.inherits).toEqual(BUILTIN_ROLE_IDS.POWER) - expect(adminRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.ADMIN) + expect(adminRole.permissionId).toEqual(BuiltinPermissionID.ADMIN) const powerUserRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.POWER) expect(powerUserRole).toBeDefined() expect(powerUserRole.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC) - expect(powerUserRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.POWER) + expect(powerUserRole.permissionId).toEqual(BuiltinPermissionID.POWER) const customRoleFetched = res.body.find(r => r._id === customRole._id) expect(customRoleFetched).toBeDefined() expect(customRoleFetched.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC) expect(customRoleFetched.permissionId).toEqual( - BUILTIN_PERMISSION_IDS.READ_ONLY + BuiltinPermissionID.READ_ONLY ) }) @@ -109,7 +109,7 @@ describe("/roles", () => { it("should delete custom roles", async () => { const customRole = await config.createRole({ name: "user", - permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY, + permissionId: BuiltinPermissionID.READ_ONLY, inherits: BUILTIN_ROLE_IDS.BASIC, }) delete customRole._rev_tree diff --git a/packages/server/src/api/routes/user.js b/packages/server/src/api/routes/user.js index a0eaf26ec6..a290ced829 100644 --- a/packages/server/src/api/routes/user.js +++ b/packages/server/src/api/routes/user.js @@ -2,8 +2,8 @@ const Router = require("@koa/router") const controller = require("../controllers/user") const authorized = require("../../middleware/authorized") const { - PermissionLevels, - PermissionTypes, + PermissionLevel, + PermissionType, } = require("@budibase/backend-core/permissions") const router = new Router() @@ -11,42 +11,42 @@ const router = new Router() router .get( "/api/users/metadata", - authorized(PermissionTypes.USER, PermissionLevels.READ), + authorized(PermissionType.USER, PermissionLevel.READ), controller.fetchMetadata ) .get( "/api/users/metadata/:id", - authorized(PermissionTypes.USER, PermissionLevels.READ), + authorized(PermissionType.USER, PermissionLevel.READ), controller.findMetadata ) .put( "/api/users/metadata", - authorized(PermissionTypes.USER, PermissionLevels.WRITE), + authorized(PermissionType.USER, PermissionLevel.WRITE), controller.updateMetadata ) .post( "/api/users/metadata/self", - authorized(PermissionTypes.USER, PermissionLevels.WRITE), + authorized(PermissionType.USER, PermissionLevel.WRITE), controller.updateSelfMetadata ) .delete( "/api/users/metadata/:id", - authorized(PermissionTypes.USER, PermissionLevels.WRITE), + authorized(PermissionType.USER, PermissionLevel.WRITE), controller.destroyMetadata ) .post( "/api/users/metadata/sync/:id", - authorized(PermissionTypes.USER, PermissionLevels.WRITE), + authorized(PermissionType.USER, PermissionLevel.WRITE), controller.syncUser ) .post( "/api/users/flags", - authorized(PermissionTypes.USER, PermissionLevels.WRITE), + authorized(PermissionType.USER, PermissionLevel.WRITE), controller.setFlag ) .get( "/api/users/flags", - authorized(PermissionTypes.USER, PermissionLevels.READ), + authorized(PermissionType.USER, PermissionLevel.READ), controller.getFlags ) diff --git a/packages/server/src/api/routes/utils/validators.js b/packages/server/src/api/routes/utils/validators.js index f1d8871805..b44cce5771 100644 --- a/packages/server/src/api/routes/utils/validators.js +++ b/packages/server/src/api/routes/utils/validators.js @@ -1,8 +1,8 @@ const { joiValidator } = require("@budibase/backend-core/auth") const { DataSourceOperation } = require("../../../constants") const { - BUILTIN_PERMISSION_IDS, - PermissionLevels, + BuiltinPermissionID, + PermissionLevel, } = require("@budibase/backend-core/permissions") const { WebhookActionType } = require("@budibase/types") const Joi = require("joi") @@ -133,14 +133,14 @@ exports.webhookValidator = () => { } exports.roleValidator = () => { - const permLevelArray = Object.values(PermissionLevels) + const permLevelArray = Object.values(PermissionLevel) // prettier-ignore return joiValidator.body(Joi.object({ _id: OPTIONAL_STRING, _rev: OPTIONAL_STRING, name: Joi.string().required(), // this is the base permission ID (for now a built in) - permissionId: Joi.string().valid(...Object.values(BUILTIN_PERMISSION_IDS)).required(), + permissionId: Joi.string().valid(...Object.values(BuiltinPermissionID)).required(), permissions: Joi.object() .pattern(/.*/, [Joi.string().valid(...permLevelArray)]) .optional(), @@ -149,7 +149,7 @@ exports.roleValidator = () => { } exports.permissionValidator = () => { - const permLevelArray = Object.values(PermissionLevels) + const permLevelArray = Object.values(PermissionLevel) // prettier-ignore return joiValidator.params(Joi.object({ level: Joi.string().valid(...permLevelArray).required(), diff --git a/packages/server/src/api/routes/view.js b/packages/server/src/api/routes/view.js index a7045f0814..0a8bd7d4ce 100644 --- a/packages/server/src/api/routes/view.js +++ b/packages/server/src/api/routes/view.js @@ -5,8 +5,8 @@ const authorized = require("../../middleware/authorized") const { paramResource } = require("../../middleware/resourceId") const { BUILDER, - PermissionTypes, - PermissionLevels, + PermissionType, + PermissionLevel, } = require("@budibase/backend-core/permissions") const router = new Router() @@ -16,7 +16,7 @@ router .get( "/api/views/:viewName", paramResource("viewName"), - authorized(PermissionTypes.VIEW, PermissionLevels.READ), + authorized(PermissionType.VIEW, PermissionLevel.READ), rowController.fetchView ) .get("/api/views", authorized(BUILDER), viewController.fetch) diff --git a/packages/server/src/middleware/authorized.ts b/packages/server/src/middleware/authorized.ts index 1fa983a72a..9c870208a7 100644 --- a/packages/server/src/middleware/authorized.ts +++ b/packages/server/src/middleware/authorized.ts @@ -4,8 +4,8 @@ import { BUILTIN_ROLE_IDS, } from "@budibase/backend-core/roles" const { - PermissionTypes, - PermissionLevels, + PermissionType, + PermissionLevel, doesHaveBasePermission, } = require("@budibase/backend-core/permissions") const builderMiddleware = require("./builder") @@ -33,7 +33,7 @@ const checkAuthorized = async ( ) => { // check if this is a builder api and the user is not a builder const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global - const isBuilderApi = permType === PermissionTypes.BUILDER + const isBuilderApi = permType === PermissionType.BUILDER if (isBuilderApi && !isBuilder) { return ctx.throw(403, "Not Authorized") } @@ -91,9 +91,9 @@ export = (permType: any, permLevel: any = null, opts = { schema: false }) => let resourceRoles: any = [] let otherLevelRoles: any = [] const otherLevel = - permLevel === PermissionLevels.READ - ? PermissionLevels.WRITE - : PermissionLevels.READ + permLevel === PermissionLevel.READ + ? PermissionLevel.WRITE + : PermissionLevel.READ const appId = getAppId() if (appId && hasResource(ctx)) { resourceRoles = await getRequiredResourceRole(permLevel, ctx) diff --git a/packages/server/src/middleware/builder.ts b/packages/server/src/middleware/builder.ts index b53f2903b7..529818a916 100644 --- a/packages/server/src/middleware/builder.ts +++ b/packages/server/src/middleware/builder.ts @@ -70,7 +70,7 @@ export = async function builder(ctx: BBContext, permType: string) { if (!appId) { return } - const isBuilderApi = permType === permissions.PermissionTypes.BUILDER + const isBuilderApi = permType === permissions.PermissionType.BUILDER const referer = ctx.headers["referer"] const overviewPath = "/builder/portal/overview/" diff --git a/packages/server/src/middleware/tests/authorized.spec.js b/packages/server/src/middleware/tests/authorized.spec.js index f23eb6206b..c64f758749 100644 --- a/packages/server/src/middleware/tests/authorized.spec.js +++ b/packages/server/src/middleware/tests/authorized.spec.js @@ -9,7 +9,7 @@ jest.mock("../../environment", () => ({ ) const authorizedMiddleware = require("../authorized") const env = require("../../environment") -const { PermissionTypes, PermissionLevels } = require("@budibase/backend-core/permissions") +const { PermissionType, PermissionLevel } = require("@budibase/backend-core/permissions") const { doInAppContext } = require("@budibase/backend-core/context") const APP_ID = "" @@ -113,7 +113,7 @@ describe("Authorization middleware", () => { it("throws if the user does not have builder permissions", async () => { config.setEnvironment(false) - config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER) + config.setMiddlewareRequiredPermission(PermissionType.BUILDER) config.setUser({ role: { _id: "" @@ -125,13 +125,13 @@ describe("Authorization middleware", () => { }) it("passes on to next() middleware if the user has resource permission", async () => { - config.setResourceId(PermissionTypes.QUERY) + config.setResourceId(PermissionType.QUERY) config.setUser({ role: { _id: "" } }) - config.setMiddlewareRequiredPermission(PermissionTypes.QUERY) + config.setMiddlewareRequiredPermission(PermissionType.QUERY) await config.executeMiddleware() expect(config.next).toHaveBeenCalled() @@ -155,7 +155,7 @@ describe("Authorization middleware", () => { _id: "" }, }) - config.setMiddlewareRequiredPermission(PermissionTypes.ADMIN, PermissionLevels.BASIC) + config.setMiddlewareRequiredPermission(PermissionType.ADMIN, PermissionLevel.BASIC) await config.executeMiddleware() expect(config.throw).toHaveBeenCalledWith(403, "User does not have permission") diff --git a/packages/server/src/tests/utilities/structures.js b/packages/server/src/tests/utilities/structures.js index c4bd6fc774..39361c5d32 100644 --- a/packages/server/src/tests/utilities/structures.js +++ b/packages/server/src/tests/utilities/structures.js @@ -1,5 +1,5 @@ const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles") -const { BUILTIN_PERMISSION_IDS } = require("@budibase/backend-core/permissions") +const { BuiltinPermissionID } = require("@budibase/backend-core/permissions") const { createHomeScreen } = require("../../constants/screens") const { EMPTY_LAYOUT } = require("../../constants/layouts") const { cloneDeep } = require("lodash/fp") @@ -135,7 +135,7 @@ exports.basicRole = () => { return { name: "NewRole", inherits: BUILTIN_ROLE_IDS.BASIC, - permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY, + permissionId: BuiltinPermissionID.READ_ONLY, } } diff --git a/packages/server/src/utilities/security.js b/packages/server/src/utilities/security.js index d8133e585b..34d31ce8d0 100644 --- a/packages/server/src/utilities/security.js +++ b/packages/server/src/utilities/security.js @@ -1,6 +1,6 @@ const { - PermissionLevels, - PermissionTypes, + PermissionLevel, + PermissionType, getBuiltinPermissionByID, isPermissionLevelHigherThanRead, } = require("@budibase/backend-core/permissions") @@ -11,9 +11,9 @@ const { const { DocumentType } = require("../db/utils") const CURRENTLY_SUPPORTED_LEVELS = [ - PermissionLevels.WRITE, - PermissionLevels.READ, - PermissionLevels.EXECUTE, + PermissionLevel.WRITE, + PermissionLevel.READ, + PermissionLevel.EXECUTE, ] exports.getPermissionType = resourceId => { @@ -23,17 +23,17 @@ exports.getPermissionType = resourceId => { switch (docType) { case DocumentType.TABLE: case DocumentType.ROW: - return PermissionTypes.TABLE + return PermissionType.TABLE case DocumentType.AUTOMATION: - return PermissionTypes.AUTOMATION + return PermissionType.AUTOMATION case DocumentType.WEBHOOK: - return PermissionTypes.WEBHOOK + return PermissionType.WEBHOOK case DocumentType.QUERY: case DocumentType.DATASOURCE: - return PermissionTypes.QUERY + return PermissionType.QUERY default: // views don't have an ID, will end up here - return PermissionTypes.VIEW + return PermissionType.VIEW } } @@ -58,8 +58,8 @@ exports.getBasePermissions = resourceId => { const level = typedPermission.level permissions[level] = lowerBuiltinRoleID(permissions[level], roleId) if (isPermissionLevelHigherThanRead(level)) { - permissions[PermissionLevels.READ] = lowerBuiltinRoleID( - permissions[PermissionLevels.READ], + permissions[PermissionLevel.READ] = lowerBuiltinRoleID( + permissions[PermissionLevel.READ], roleId ) }