From 4c4f766a6a7fd3951c034694460196f07768ec2d Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Fri, 4 Oct 2024 13:30:54 +0200 Subject: [PATCH] Endpoint to allow/disallow runs from table --- .../src/api/controllers/rowAction/crud.ts | 31 +++++++++++++++++++ packages/server/src/api/routes/rowAction.ts | 10 ++++++ packages/server/src/sdk/app/rowActions.ts | 17 ++++++++++ 3 files changed, 58 insertions(+) diff --git a/packages/server/src/api/controllers/rowAction/crud.ts b/packages/server/src/api/controllers/rowAction/crud.ts index 579f7e5f78..87a8cee909 100644 --- a/packages/server/src/api/controllers/rowAction/crud.ts +++ b/packages/server/src/api/controllers/rowAction/crud.ts @@ -95,6 +95,37 @@ export async function remove(ctx: Ctx) { ctx.status = 204 } +export async function setTablePermission(ctx: Ctx) { + const table = await getTable(ctx) + const tableId = table._id! + const { actionId } = ctx.params + + const action = await sdk.rowActions.setTablePermission(tableId, actionId) + ctx.body = { + tableId, + id: action.id, + name: action.name, + automationId: action.automationId, + allowedSources: flattenAllowedSources(tableId, action.permissions), + } +} + +export async function unsetTablePermission(ctx: Ctx) { + const table = await getTable(ctx) + const tableId = table._id! + const { actionId } = ctx.params + + const action = await sdk.rowActions.unsetTablePermission(tableId, actionId) + + ctx.body = { + tableId, + id: action.id, + name: action.name, + automationId: action.automationId, + allowedSources: flattenAllowedSources(tableId, action.permissions), + } +} + export async function setViewPermission(ctx: Ctx) { const table = await getTable(ctx) const tableId = table._id! diff --git a/packages/server/src/api/routes/rowAction.ts b/packages/server/src/api/routes/rowAction.ts index 54154e3ee8..3d14633509 100644 --- a/packages/server/src/api/routes/rowAction.ts +++ b/packages/server/src/api/routes/rowAction.ts @@ -51,6 +51,16 @@ router authorized(BUILDER), rowActionController.remove ) + .post( + "/api/tables/:tableId/actions/:actionId/permissions", + authorized(BUILDER), + rowActionController.setTablePermission + ) + .delete( + "/api/tables/:tableId/actions/:actionId/permissions", + authorized(BUILDER), + rowActionController.unsetTablePermission + ) .post( "/api/tables/:tableId/actions/:actionId/permissions/:viewId", authorized(BUILDER), diff --git a/packages/server/src/sdk/app/rowActions.ts b/packages/server/src/sdk/app/rowActions.ts index 4a8f3afb28..418a906c00 100644 --- a/packages/server/src/sdk/app/rowActions.ts +++ b/packages/server/src/sdk/app/rowActions.ts @@ -163,6 +163,23 @@ async function guardView(tableId: string, viewId: string) { } } +export async function setTablePermission(tableId: string, rowActionId: string) { + return await updateDoc(tableId, rowActionId, async actionsDoc => { + actionsDoc.actions[rowActionId].permissions.table.runAllowed = true + return actionsDoc + }) +} + +export async function unsetTablePermission( + tableId: string, + rowActionId: string +) { + return await updateDoc(tableId, rowActionId, async actionsDoc => { + actionsDoc.actions[rowActionId].permissions.table.runAllowed = false + return actionsDoc + }) +} + export async function setViewPermission( tableId: string, rowActionId: string,