wip, tests broken
This commit is contained in:
parent
3405e6d6b7
commit
4cde2f26ad
|
@ -9,6 +9,7 @@ import {
|
|||
AddPermissionRequest,
|
||||
RemovePermissionRequest,
|
||||
RemovePermissionResponse,
|
||||
FetchResourcePermissionInfoResponse,
|
||||
} from "@budibase/types"
|
||||
import {
|
||||
CURRENTLY_SUPPORTED_LEVELS,
|
||||
|
@ -28,7 +29,9 @@ export function fetchLevels(ctx: UserCtx) {
|
|||
ctx.body = SUPPORTED_LEVELS
|
||||
}
|
||||
|
||||
export async function fetch(ctx: UserCtx) {
|
||||
export async function fetch(
|
||||
ctx: UserCtx<void, FetchResourcePermissionInfoResponse>
|
||||
) {
|
||||
const db = context.getAppDB()
|
||||
const dbRoles: Role[] = await sdk.permissions.getAllDBRoles(db)
|
||||
let permissions: any = {}
|
||||
|
@ -49,7 +52,7 @@ export async function fetch(ctx: UserCtx) {
|
|||
}
|
||||
}
|
||||
// apply the base permissions
|
||||
const finalPermissions: Record<string, Record<string, string>> = {}
|
||||
const finalPermissions: FetchResourcePermissionInfoResponse = {}
|
||||
for (let [resource, permission] of Object.entries(permissions)) {
|
||||
const basePerms = getBasePermissions(resource)
|
||||
finalPermissions[resource] = Object.assign(basePerms, permission)
|
||||
|
|
|
@ -12,7 +12,7 @@ const STD_ROLE_ID = BUILTIN_ROLE_IDS.PUBLIC
|
|||
describe("/permission", () => {
|
||||
let request = setup.getRequest()
|
||||
let config = setup.getConfig()
|
||||
let table: Table & { _id: string }
|
||||
let table: Table
|
||||
let perms: Document[]
|
||||
let row: Row
|
||||
let view: ViewV2
|
||||
|
@ -26,15 +26,33 @@ describe("/permission", () => {
|
|||
beforeEach(async () => {
|
||||
mocks.licenses.useCloudFree()
|
||||
|
||||
table = (await config.createTable()) as typeof table
|
||||
table = await config.createTable()
|
||||
|
||||
await config.api.permission.revoke({
|
||||
roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
|
||||
resourceId: table._id!,
|
||||
level: PermissionLevel.READ,
|
||||
})
|
||||
await config.api.permission.revoke({
|
||||
roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
|
||||
resourceId: table._id!,
|
||||
level: PermissionLevel.WRITE,
|
||||
})
|
||||
await config.api.permission.revoke({
|
||||
roleId: roles.BUILTIN_ROLE_IDS.ADMIN,
|
||||
resourceId: table._id!,
|
||||
level: PermissionLevel.EXECUTE,
|
||||
})
|
||||
|
||||
row = await config.createRow()
|
||||
view = await config.api.viewV2.create({
|
||||
tableId: table._id!,
|
||||
name: generator.guid(),
|
||||
})
|
||||
|
||||
perms = await config.api.permission.add({
|
||||
roleId: STD_ROLE_ID,
|
||||
resourceId: table._id,
|
||||
resourceId: table._id!,
|
||||
level: PermissionLevel.READ,
|
||||
})
|
||||
})
|
||||
|
@ -74,27 +92,22 @@ describe("/permission", () => {
|
|||
})
|
||||
})
|
||||
|
||||
it("should get resource permissions with multiple roles", async () => {
|
||||
it.only("should get resource permissions with multiple roles", async () => {
|
||||
perms = await config.api.permission.add({
|
||||
roleId: HIGHER_ROLE_ID,
|
||||
resourceId: table._id,
|
||||
resourceId: table._id!,
|
||||
level: PermissionLevel.WRITE,
|
||||
})
|
||||
const res = await config.api.permission.get(table._id)
|
||||
expect(res).toEqual({
|
||||
permissions: {
|
||||
const { permissions } = await config.api.permission.get(table._id!)
|
||||
expect(permissions).toEqual({
|
||||
read: { permissionType: "EXPLICIT", role: STD_ROLE_ID },
|
||||
write: { permissionType: "EXPLICIT", role: HIGHER_ROLE_ID },
|
||||
},
|
||||
execute: { permissionType: "BASE", role: "BASIC" },
|
||||
})
|
||||
|
||||
const allRes = await request
|
||||
.get(`/api/permission`)
|
||||
.set(config.defaultHeaders())
|
||||
.expect("Content-Type", /json/)
|
||||
.expect(200)
|
||||
expect(allRes.body[table._id]["read"]).toEqual(STD_ROLE_ID)
|
||||
expect(allRes.body[table._id]["write"]).toEqual(HIGHER_ROLE_ID)
|
||||
const all = await config.api.permission.fetch()
|
||||
expect(all[table._id!]["read"]).toEqual(STD_ROLE_ID)
|
||||
expect(all[table._id!]["write"]).toEqual(HIGHER_ROLE_ID)
|
||||
})
|
||||
})
|
||||
|
||||
|
@ -102,11 +115,11 @@ describe("/permission", () => {
|
|||
it("should be able to remove the permission", async () => {
|
||||
const res = await config.api.permission.revoke({
|
||||
roleId: STD_ROLE_ID,
|
||||
resourceId: table._id,
|
||||
resourceId: table._id!,
|
||||
level: PermissionLevel.READ,
|
||||
})
|
||||
expect(res[0]._id).toEqual(STD_ROLE_ID)
|
||||
const permsRes = await config.api.permission.get(table._id)
|
||||
const permsRes = await config.api.permission.get(table._id!)
|
||||
expect(permsRes.permissions[STD_ROLE_ID]).toBeUndefined()
|
||||
})
|
||||
})
|
||||
|
@ -142,7 +155,7 @@ describe("/permission", () => {
|
|||
it("should not be able to access the view data when the table is not public and there are no view permissions overrides", async () => {
|
||||
await config.api.permission.revoke({
|
||||
roleId: STD_ROLE_ID,
|
||||
resourceId: table._id,
|
||||
resourceId: table._id!,
|
||||
level: PermissionLevel.READ,
|
||||
})
|
||||
|
||||
|
@ -167,7 +180,7 @@ describe("/permission", () => {
|
|||
})
|
||||
await config.api.permission.revoke({
|
||||
roleId: STD_ROLE_ID,
|
||||
resourceId: table._id,
|
||||
resourceId: table._id!,
|
||||
level: PermissionLevel.READ,
|
||||
})
|
||||
// replicate changes before checking permissions
|
||||
|
@ -179,8 +192,8 @@ describe("/permission", () => {
|
|||
|
||||
it("shouldn't allow writing from a public user", async () => {
|
||||
const res = await request
|
||||
.post(`/api/${table._id}/rows`)
|
||||
.send(basicRow(table._id))
|
||||
.post(`/api/${table._id!}/rows`)
|
||||
.send(basicRow(table._id!))
|
||||
.set(config.publicHeaders())
|
||||
.expect("Content-Type", /json/)
|
||||
.expect(401)
|
||||
|
|
|
@ -21,6 +21,7 @@ import {
|
|||
ViewCalculation,
|
||||
ViewV2Enriched,
|
||||
RowExportFormat,
|
||||
PermissionSource,
|
||||
} from "@budibase/types"
|
||||
import { checkBuilderEndpoint } from "./utilities/TestFunctions"
|
||||
import * as setup from "./utilities"
|
||||
|
@ -193,8 +194,20 @@ describe.each([
|
|||
it("should create tables with ADMIN read and write permissions", async () => {
|
||||
const table = await config.api.table.save(tableForDatasource(datasource))
|
||||
const { permissions } = await config.api.permission.get(table._id!)
|
||||
expect(permissions.read.role).toEqual(roles.BUILTIN_ROLE_IDS.ADMIN)
|
||||
expect(permissions.write.role).toEqual(roles.BUILTIN_ROLE_IDS.ADMIN)
|
||||
expect(permissions).toEqual({
|
||||
read: {
|
||||
permissionType: PermissionSource.EXPLICIT,
|
||||
role: roles.BUILTIN_ROLE_IDS.ADMIN,
|
||||
},
|
||||
write: {
|
||||
permissionType: PermissionSource.EXPLICIT,
|
||||
role: roles.BUILTIN_ROLE_IDS.ADMIN,
|
||||
},
|
||||
execute: {
|
||||
permissionType: PermissionSource.EXPLICIT,
|
||||
role: roles.BUILTIN_ROLE_IDS.ADMIN,
|
||||
},
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import {
|
||||
AddPermissionRequest,
|
||||
AddPermissionResponse,
|
||||
FetchResourcePermissionInfoResponse,
|
||||
GetResourcePermsResponse,
|
||||
RemovePermissionRequest,
|
||||
RemovePermissionResponse,
|
||||
|
@ -26,6 +27,15 @@ export class PermissionAPI extends TestAPI {
|
|||
)
|
||||
}
|
||||
|
||||
fetch = async (
|
||||
expectations?: Expectations
|
||||
): Promise<FetchResourcePermissionInfoResponse> => {
|
||||
return await this._get<FetchResourcePermissionInfoResponse>(
|
||||
`/api/permission`,
|
||||
{ expectations }
|
||||
)
|
||||
}
|
||||
|
||||
revoke = async (
|
||||
request: RemovePermissionRequest,
|
||||
expectations?: Expectations
|
||||
|
|
|
@ -35,9 +35,9 @@ export function getPermissionType(resourceId: string) {
|
|||
/**
|
||||
* works out the basic permissions based on builtin roles for a resource, using its ID
|
||||
*/
|
||||
export function getBasePermissions(resourceId: string) {
|
||||
export function getBasePermissions(resourceId: string): Record<string, string> {
|
||||
const type = getPermissionType(resourceId)
|
||||
const basePermissions: { [key: string]: string } = {}
|
||||
const basePermissions: Record<string, string> = {}
|
||||
for (let [roleId, role] of Object.entries(roles.getBuiltinRoles())) {
|
||||
if (!role.permissionId) {
|
||||
continue
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
import { PermissionLevel } from "../../../sdk"
|
||||
|
||||
export interface FetchResourcePermissionInfoResponse {
|
||||
[key: string]: Record<string, string>
|
||||
}
|
||||
|
||||
export interface ResourcePermissionInfo {
|
||||
role: string
|
||||
permissionType: string
|
||||
|
|
Loading…
Reference in New Issue