MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

wip, tests broken

This commit is contained in:
Sam Rose 2024-10-08 11:06:54 +01:00 committed by Adria Navarro
parent 3405e6d6b7
commit 4cde2f26ad
6 changed files with 73 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/server/src/api/controllers/permission.ts
View File

@ -9,6 +9,7 @@ import {
AddPermissionRequest,
RemovePermissionRequest,
RemovePermissionResponse,
FetchResourcePermissionInfoResponse,
} from "@budibase/types"
import {
CURRENTLY_SUPPORTED_LEVELS,
@ -28,7 +29,9 @@ export function fetchLevels(ctx: UserCtx) {
ctx.body = SUPPORTED_LEVELS
}
export async function fetch(ctx: UserCtx) {
export async function fetch(
ctx: UserCtx<void, FetchResourcePermissionInfoResponse>
) {
const db = context.getAppDB()
const dbRoles: Role[] = await sdk.permissions.getAllDBRoles(db)
let permissions: any = {}
@ -49,7 +52,7 @@ export async function fetch(ctx: UserCtx) {
}
}
// apply the base permissions
const finalPermissions: Record<string, Record<string, string>> = {}
const finalPermissions: FetchResourcePermissionInfoResponse = {}
for (let [resource, permission] of Object.entries(permissions)) {
const basePerms = getBasePermissions(resource)
finalPermissions[resource] = Object.assign(basePerms, permission)

61
packages/server/src/api/routes/tests/permissions.spec.ts
View File

@ -12,7 +12,7 @@ const STD_ROLE_ID = BUILTIN_ROLE_IDS.PUBLIC
describe("/permission", () => {
let request = setup.getRequest()
let config = setup.getConfig()
let table: Table & { _id: string }
let table: Table
let perms: Document[]
let row: Row
let view: ViewV2
@ -26,15 +26,33 @@ describe("/permission", () => {
beforeEach(async () => {
mocks.licenses.useCloudFree()
table = (await config.createTable()) as typeof table
table = await config.createTable()
await config.api.permission.revoke({
roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
resourceId: table._id!,
level: PermissionLevel.READ,
})
await config.api.permission.revoke({
roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
resourceId: table._id!,
level: PermissionLevel.WRITE,
})
await config.api.permission.revoke({
roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
resourceId: table._id!,
level: PermissionLevel.EXECUTE,
})
row = await config.createRow()
view = await config.api.viewV2.create({
tableId: table._id!,
name: generator.guid(),
})
perms = await config.api.permission.add({
roleId: STD_ROLE_ID,
resourceId: table._id,
resourceId: table._id!,
level: PermissionLevel.READ,
})
})
@ -74,27 +92,22 @@ describe("/permission", () => {
})
})
it("should get resource permissions with multiple roles", async () => {
it.only("should get resource permissions with multiple roles", async () => {
perms = await config.api.permission.add({
roleId: HIGHER_ROLE_ID,
resourceId: table._id,
resourceId: table._id!,
level: PermissionLevel.WRITE,
})
const res = await config.api.permission.get(table._id)
expect(res).toEqual({
permissions: {
read: { permissionType: "EXPLICIT", role: STD_ROLE_ID },
write: { permissionType: "EXPLICIT", role: HIGHER_ROLE_ID },
},
const { permissions } = await config.api.permission.get(table._id!)
expect(permissions).toEqual({
read: { permissionType: "EXPLICIT", role: STD_ROLE_ID },
write: { permissionType: "EXPLICIT", role: HIGHER_ROLE_ID },
execute: { permissionType: "BASE", role: "BASIC" },
})
const allRes = await request
.get(`/api/permission`)
.set(config.defaultHeaders())
.expect("Content-Type", /json/)
.expect(200)
expect(allRes.body[table._id]["read"]).toEqual(STD_ROLE_ID)
expect(allRes.body[table._id]["write"]).toEqual(HIGHER_ROLE_ID)
const all = await config.api.permission.fetch()
expect(all[table._id!]["read"]).toEqual(STD_ROLE_ID)
expect(all[table._id!]["write"]).toEqual(HIGHER_ROLE_ID)
})
})
@ -102,11 +115,11 @@ describe("/permission", () => {
it("should be able to remove the permission", async () => {
const res = await config.api.permission.revoke({
roleId: STD_ROLE_ID,
resourceId: table._id,
resourceId: table._id!,
level: PermissionLevel.READ,
})
expect(res[0]._id).toEqual(STD_ROLE_ID)
const permsRes = await config.api.permission.get(table._id)
const permsRes = await config.api.permission.get(table._id!)
expect(permsRes.permissions[STD_ROLE_ID]).toBeUndefined()
})
})
@ -142,7 +155,7 @@ describe("/permission", () => {
it("should not be able to access the view data when the table is not public and there are no view permissions overrides", async () => {
await config.api.permission.revoke({
roleId: STD_ROLE_ID,
resourceId: table._id,
resourceId: table._id!,
level: PermissionLevel.READ,
})
@ -167,7 +180,7 @@ describe("/permission", () => {
})
await config.api.permission.revoke({
roleId: STD_ROLE_ID,
resourceId: table._id,
resourceId: table._id!,
level: PermissionLevel.READ,
})
// replicate changes before checking permissions
@ -179,8 +192,8 @@ describe("/permission", () => {
it("shouldn't allow writing from a public user", async () => {
const res = await request
.post(`/api/${table._id}/rows`)
.send(basicRow(table._id))
.post(`/api/${table._id!}/rows`)
.send(basicRow(table._id!))
.set(config.publicHeaders())
.expect("Content-Type", /json/)
.expect(401)

17
packages/server/src/api/routes/tests/table.spec.ts
View File

@ -21,6 +21,7 @@ import {
ViewCalculation,
ViewV2Enriched,
RowExportFormat,
PermissionSource,
} from "@budibase/types"
import { checkBuilderEndpoint } from "./utilities/TestFunctions"
import * as setup from "./utilities"
@ -193,8 +194,20 @@ describe.each([
it("should create tables with ADMIN read and write permissions", async () => {
const table = await config.api.table.save(tableForDatasource(datasource))
const { permissions } = await config.api.permission.get(table._id!)
expect(permissions.read.role).toEqual(roles.BUILTIN_ROLE_IDS.ADMIN)
expect(permissions.write.role).toEqual(roles.BUILTIN_ROLE_IDS.ADMIN)
expect(permissions).toEqual({
read: {
permissionType: PermissionSource.EXPLICIT,
role: roles.BUILTIN_ROLE_IDS.ADMIN,
},
write: {
permissionType: PermissionSource.EXPLICIT,
role: roles.BUILTIN_ROLE_IDS.ADMIN,
},
execute: {
permissionType: PermissionSource.EXPLICIT,
role: roles.BUILTIN_ROLE_IDS.ADMIN,
},
})
})
})

10
packages/server/src/tests/utilities/api/permission.ts
View File

@ -1,6 +1,7 @@
import {
AddPermissionRequest,
AddPermissionResponse,
FetchResourcePermissionInfoResponse,
GetResourcePermsResponse,
RemovePermissionRequest,
RemovePermissionResponse,
@ -26,6 +27,15 @@ export class PermissionAPI extends TestAPI {
)
}
fetch = async (
expectations?: Expectations
): Promise<FetchResourcePermissionInfoResponse> => {
return await this._get<FetchResourcePermissionInfoResponse>(
`/api/permission`,
{ expectations }
)
}
revoke = async (
request: RemovePermissionRequest,
expectations?: Expectations

4
packages/server/src/utilities/security.ts
View File

@ -35,9 +35,9 @@ export function getPermissionType(resourceId: string) {
/**
* works out the basic permissions based on builtin roles for a resource, using its ID
*/
export function getBasePermissions(resourceId: string) {
export function getBasePermissions(resourceId: string): Record<string, string> {
const type = getPermissionType(resourceId)
const basePermissions: { [key: string]: string } = {}
const basePermissions: Record<string, string> = {}
for (let [roleId, role] of Object.entries(roles.getBuiltinRoles())) {
if (!role.permissionId) {
continue

4
packages/types/src/api/web/app/permission.ts
View File

@ -1,5 +1,9 @@
import { PermissionLevel } from "../../../sdk"
export interface FetchResourcePermissionInfoResponse {
[key: string]: Record<string, string>
}
export interface ResourcePermissionInfo {
role: string
permissionType: string