From 37c00f24bd7b254cffe7c4d1b8d1423f9a48e5b4 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Wed, 10 Feb 2021 18:18:31 +0000 Subject: [PATCH] control RBAC from data section --- .../builder/src/builderStore/store/backend.js | 24 ++++++ .../backend/DataTable/DataTable.svelte | 2 + .../backend/DataTable/ViewDataTable.svelte | 2 + .../buttons/ManageAccessButton.svelte | 27 ++++++ .../popovers/ManageAccessPopover.svelte | 83 +++++++++++++++++++ packages/server/src/api/routes/view.js | 3 + 6 files changed, 141 insertions(+) create mode 100644 packages/builder/src/components/backend/DataTable/buttons/ManageAccessButton.svelte create mode 100644 packages/builder/src/components/backend/DataTable/popovers/ManageAccessPopover.svelte diff --git a/packages/builder/src/builderStore/store/backend.js b/packages/builder/src/builderStore/store/backend.js index cb8d154350..d2a19f8726 100644 --- a/packages/builder/src/builderStore/store/backend.js +++ b/packages/builder/src/builderStore/store/backend.js @@ -328,6 +328,30 @@ export const getBackendUiStore = () => { return response }, }, + permissions: { + fetch: async () => { + const response = await api.get("/api/permission") + const json = await response.json() + return json + }, + fetchLevels: async () => { + const response = await api.get("/api/permission/levels") + const json = await response.json() + return json + }, + forResource: async resourceId => { + const response = await api.get(`/api/permission/${resourceId}`) + const json = await response.json() + return json + }, + save: async ({ role, resource, level }) => { + const response = await api.post( + `/api/permission/${role}/${resource}/${level}` + ) + const json = await response.json() + return json + }, + }, } return store diff --git a/packages/builder/src/components/backend/DataTable/DataTable.svelte b/packages/builder/src/components/backend/DataTable/DataTable.svelte index 436a3b4dee..937cb7931a 100644 --- a/packages/builder/src/components/backend/DataTable/DataTable.svelte +++ b/packages/builder/src/components/backend/DataTable/DataTable.svelte @@ -5,6 +5,7 @@ import CreateViewButton from "./buttons/CreateViewButton.svelte" import ExportButton from "./buttons/ExportButton.svelte" import EditRolesButton from "./buttons/EditRolesButton.svelte" + import ManageAccessButton from "./buttons/ManageAccessButton.svelte" import * as api from "./api" import Table from "./Table.svelte" import { TableNames } from "constants" @@ -48,6 +49,7 @@ modalContentComponent={isUsersTable ? CreateEditUser : CreateEditRow} /> + {/if} {#if isUsersTable} diff --git a/packages/builder/src/components/backend/DataTable/ViewDataTable.svelte b/packages/builder/src/components/backend/DataTable/ViewDataTable.svelte index 2ace2bb338..6597dcd481 100644 --- a/packages/builder/src/components/backend/DataTable/ViewDataTable.svelte +++ b/packages/builder/src/components/backend/DataTable/ViewDataTable.svelte @@ -6,6 +6,7 @@ import GroupByButton from "./buttons/GroupByButton.svelte" import FilterButton from "./buttons/FilterButton.svelte" import ExportButton from "./buttons/ExportButton.svelte" + import ManageAccessButton from "./buttons/ManageAccessButton.svelte" export let view = {} @@ -54,4 +55,5 @@ {/if} + diff --git a/packages/builder/src/components/backend/DataTable/buttons/ManageAccessButton.svelte b/packages/builder/src/components/backend/DataTable/buttons/ManageAccessButton.svelte new file mode 100644 index 0000000000..c6c6bddecf --- /dev/null +++ b/packages/builder/src/components/backend/DataTable/buttons/ManageAccessButton.svelte @@ -0,0 +1,27 @@ + + +
+ + + Manage Access + +
+ + + + + diff --git a/packages/builder/src/components/backend/DataTable/popovers/ManageAccessPopover.svelte b/packages/builder/src/components/backend/DataTable/popovers/ManageAccessPopover.svelte new file mode 100644 index 0000000000..bcb75863f3 --- /dev/null +++ b/packages/builder/src/components/backend/DataTable/popovers/ManageAccessPopover.svelte @@ -0,0 +1,83 @@ + + +
+
Manage Access
+ {#each levels as level} + + {/each} + +
+ + diff --git a/packages/server/src/api/routes/view.js b/packages/server/src/api/routes/view.js index 0ae12f687c..f6d1a55803 100644 --- a/packages/server/src/api/routes/view.js +++ b/packages/server/src/api/routes/view.js @@ -2,6 +2,7 @@ const Router = require("@koa/router") const viewController = require("../controllers/view") const rowController = require("../controllers/row") const authorized = require("../../middleware/authorized") +const { paramResource } = require("../../middleware/resourceId") const { BUILDER, PermissionTypes, @@ -15,12 +16,14 @@ router .get("/api/views/export", authorized(BUILDER), viewController.exportView) .get( "/api/views/:viewName", + paramResource("viewName"), authorized(PermissionTypes.VIEW, PermissionLevels.READ), rowController.fetchView ) .get("/api/views", authorized(BUILDER), viewController.fetch) .delete( "/api/views/:viewName", + paramResource("viewName"), authorized(BUILDER), usage, viewController.destroy