MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

wip, tests broken

This commit is contained in:
Sam Rose 2024-10-08 11:06:54 +01:00 committed by Adria Navarro
parent 3405e6d6b7
commit 4cde2f26ad
6 changed files with 73 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/server/src/api/controllers/permission.ts
View File

@ -9,6 +9,7 @@ import {
AddPermissionRequest, AddPermissionRequest,
RemovePermissionRequest, RemovePermissionRequest,
RemovePermissionResponse, RemovePermissionResponse,
FetchResourcePermissionInfoResponse,
} from "@budibase/types" } from "@budibase/types"
import { import {
CURRENTLY_SUPPORTED_LEVELS, CURRENTLY_SUPPORTED_LEVELS,
@ -28,7 +29,9 @@ export function fetchLevels(ctx: UserCtx) {
ctx.body = SUPPORTED_LEVELS ctx.body = SUPPORTED_LEVELS
} }
export async function fetch(ctx: UserCtx) { export async function fetch(
ctx: UserCtx<void, FetchResourcePermissionInfoResponse>
) {
const db = context.getAppDB() const db = context.getAppDB()
const dbRoles: Role[] = await sdk.permissions.getAllDBRoles(db) const dbRoles: Role[] = await sdk.permissions.getAllDBRoles(db)
let permissions: any = {} let permissions: any = {}
@ -49,7 +52,7 @@ export async function fetch(ctx: UserCtx) {
} }
} }
// apply the base permissions // apply the base permissions
const finalPermissions: Record<string, Record<string, string>> = {} const finalPermissions: FetchResourcePermissionInfoResponse = {}
for (let [resource, permission] of Object.entries(permissions)) { for (let [resource, permission] of Object.entries(permissions)) {
const basePerms = getBasePermissions(resource) const basePerms = getBasePermissions(resource)
finalPermissions[resource] = Object.assign(basePerms, permission) finalPermissions[resource] = Object.assign(basePerms, permission)

61
packages/server/src/api/routes/tests/permissions.spec.ts
View File

@ -12,7 +12,7 @@ const STD_ROLE_ID = BUILTIN_ROLE_IDS.PUBLIC
describe("/permission", () => { describe("/permission", () => {
let request = setup.getRequest() let request = setup.getRequest()
let config = setup.getConfig() let config = setup.getConfig()
let table: Table & { _id: string } let table: Table
let perms: Document[] let perms: Document[]
let row: Row let row: Row
let view: ViewV2 let view: ViewV2
@ -26,15 +26,33 @@ describe("/permission", () => {
beforeEach(async () => { beforeEach(async () => {
mocks.licenses.useCloudFree() mocks.licenses.useCloudFree()
table = (await config.createTable()) as typeof table table = await config.createTable()
await config.api.permission.revoke({
roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
resourceId: table._id!,
level: PermissionLevel.READ,
})
await config.api.permission.revoke({
roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
resourceId: table._id!,
level: PermissionLevel.WRITE,
})
await config.api.permission.revoke({
roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
resourceId: table._id!,
level: PermissionLevel.EXECUTE,
})
row = await config.createRow() row = await config.createRow()
view = await config.api.viewV2.create({ view = await config.api.viewV2.create({
tableId: table._id!, tableId: table._id!,
name: generator.guid(), name: generator.guid(),
}) })
perms = await config.api.permission.add({ perms = await config.api.permission.add({
roleId: STD_ROLE_ID, roleId: STD_ROLE_ID,
resourceId: table._id, resourceId: table._id!,
level: PermissionLevel.READ, level: PermissionLevel.READ,
}) })
}) })
@ -74,27 +92,22 @@ describe("/permission", () => {
}) })
}) })
it("should get resource permissions with multiple roles", async () => { it.only("should get resource permissions with multiple roles", async () => {
perms = await config.api.permission.add({ perms = await config.api.permission.add({
roleId: HIGHER_ROLE_ID, roleId: HIGHER_ROLE_ID,
resourceId: table._id, resourceId: table._id!,
level: PermissionLevel.WRITE, level: PermissionLevel.WRITE,
}) })
const res = await config.api.permission.get(table._id) const { permissions } = await config.api.permission.get(table._id!)
expect(res).toEqual({ expect(permissions).toEqual({
permissions: { read: { permissionType: "EXPLICIT", role: STD_ROLE_ID },
read: { permissionType: "EXPLICIT", role: STD_ROLE_ID }, write: { permissionType: "EXPLICIT", role: HIGHER_ROLE_ID },
write: { permissionType: "EXPLICIT", role: HIGHER_ROLE_ID }, execute: { permissionType: "BASE", role: "BASIC" },
},
}) })
const allRes = await request const all = await config.api.permission.fetch()
.get(`/api/permission`) expect(all[table._id!]["read"]).toEqual(STD_ROLE_ID)
.set(config.defaultHeaders()) expect(all[table._id!]["write"]).toEqual(HIGHER_ROLE_ID)
.expect("Content-Type", /json/)
.expect(200)
expect(allRes.body[table._id]["read"]).toEqual(STD_ROLE_ID)
expect(allRes.body[table._id]["write"]).toEqual(HIGHER_ROLE_ID)
}) })
}) })
@ -102,11 +115,11 @@ describe("/permission", () => {
it("should be able to remove the permission", async () => { it("should be able to remove the permission", async () => {
const res = await config.api.permission.revoke({ const res = await config.api.permission.revoke({
roleId: STD_ROLE_ID, roleId: STD_ROLE_ID,
resourceId: table._id, resourceId: table._id!,
level: PermissionLevel.READ, level: PermissionLevel.READ,
}) })
expect(res[0]._id).toEqual(STD_ROLE_ID) expect(res[0]._id).toEqual(STD_ROLE_ID)
const permsRes = await config.api.permission.get(table._id) const permsRes = await config.api.permission.get(table._id!)
expect(permsRes.permissions[STD_ROLE_ID]).toBeUndefined() expect(permsRes.permissions[STD_ROLE_ID]).toBeUndefined()
}) })
}) })
@ -142,7 +155,7 @@ describe("/permission", () => {
it("should not be able to access the view data when the table is not public and there are no view permissions overrides", async () => { it("should not be able to access the view data when the table is not public and there are no view permissions overrides", async () => {
await config.api.permission.revoke({ await config.api.permission.revoke({
roleId: STD_ROLE_ID, roleId: STD_ROLE_ID,
resourceId: table._id, resourceId: table._id!,
level: PermissionLevel.READ, level: PermissionLevel.READ,
}) })
@ -167,7 +180,7 @@ describe("/permission", () => {
}) })
await config.api.permission.revoke({ await config.api.permission.revoke({
roleId: STD_ROLE_ID, roleId: STD_ROLE_ID,
resourceId: table._id, resourceId: table._id!,
level: PermissionLevel.READ, level: PermissionLevel.READ,
}) })
// replicate changes before checking permissions // replicate changes before checking permissions
@ -179,8 +192,8 @@ describe("/permission", () => {
it("shouldn't allow writing from a public user", async () => { it("shouldn't allow writing from a public user", async () => {
const res = await request const res = await request
.post(`/api/${table._id}/rows`) .post(`/api/${table._id!}/rows`)
.send(basicRow(table._id)) .send(basicRow(table._id!))
.set(config.publicHeaders()) .set(config.publicHeaders())
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(401) .expect(401)

17
packages/server/src/api/routes/tests/table.spec.ts
View File

@ -21,6 +21,7 @@ import {
ViewCalculation, ViewCalculation,
ViewV2Enriched, ViewV2Enriched,
RowExportFormat, RowExportFormat,
PermissionSource,
} from "@budibase/types" } from "@budibase/types"
import { checkBuilderEndpoint } from "./utilities/TestFunctions" import { checkBuilderEndpoint } from "./utilities/TestFunctions"
import * as setup from "./utilities" import * as setup from "./utilities"
@ -193,8 +194,20 @@ describe.each([
it("should create tables with ADMIN read and write permissions", async () => { it("should create tables with ADMIN read and write permissions", async () => {
const table = await config.api.table.save(tableForDatasource(datasource)) const table = await config.api.table.save(tableForDatasource(datasource))
const { permissions } = await config.api.permission.get(table._id!) const { permissions } = await config.api.permission.get(table._id!)
expect(permissions.read.role).toEqual(roles.BUILTIN_ROLE_IDS.ADMIN) expect(permissions).toEqual({
expect(permissions.write.role).toEqual(roles.BUILTIN_ROLE_IDS.ADMIN) read: {
permissionType: PermissionSource.EXPLICIT,
role: roles.BUILTIN_ROLE_IDS.ADMIN,
},
write: {
permissionType: PermissionSource.EXPLICIT,
role: roles.BUILTIN_ROLE_IDS.ADMIN,
},
execute: {
permissionType: PermissionSource.EXPLICIT,
role: roles.BUILTIN_ROLE_IDS.ADMIN,
},
})
}) })
}) })

10
packages/server/src/tests/utilities/api/permission.ts
View File

@ -1,6 +1,7 @@
import { import {
AddPermissionRequest, AddPermissionRequest,
AddPermissionResponse, AddPermissionResponse,
FetchResourcePermissionInfoResponse,
GetResourcePermsResponse, GetResourcePermsResponse,
RemovePermissionRequest, RemovePermissionRequest,
RemovePermissionResponse, RemovePermissionResponse,
@ -26,6 +27,15 @@ export class PermissionAPI extends TestAPI {
) )
} }
fetch = async (
expectations?: Expectations
): Promise<FetchResourcePermissionInfoResponse> => {
return await this._get<FetchResourcePermissionInfoResponse>(
`/api/permission`,
{ expectations }
)
}
revoke = async ( revoke = async (
request: RemovePermissionRequest, request: RemovePermissionRequest,
expectations?: Expectations expectations?: Expectations

4
packages/server/src/utilities/security.ts
View File

@ -35,9 +35,9 @@ export function getPermissionType(resourceId: string) {
/** /**
* works out the basic permissions based on builtin roles for a resource, using its ID * works out the basic permissions based on builtin roles for a resource, using its ID
*/ */
export function getBasePermissions(resourceId: string) { export function getBasePermissions(resourceId: string): Record<string, string> {
const type = getPermissionType(resourceId) const type = getPermissionType(resourceId)
const basePermissions: { [key: string]: string } = {} const basePermissions: Record<string, string> = {}
for (let [roleId, role] of Object.entries(roles.getBuiltinRoles())) { for (let [roleId, role] of Object.entries(roles.getBuiltinRoles())) {
if (!role.permissionId) { if (!role.permissionId) {
continue continue

4
packages/types/src/api/web/app/permission.ts
View File

@ -1,5 +1,9 @@
import { PermissionLevel } from "../../../sdk" import { PermissionLevel } from "../../../sdk"
export interface FetchResourcePermissionInfoResponse {
[key: string]: Record<string, string>
}
export interface ResourcePermissionInfo { export interface ResourcePermissionInfo {
role: string role: string
permissionType: string permissionType: string