diff --git a/packages/server/src/api/controllers/permission.ts b/packages/server/src/api/controllers/permission.ts index ea9b9a4596..8cc5bcec74 100644 --- a/packages/server/src/api/controllers/permission.ts +++ b/packages/server/src/api/controllers/permission.ts @@ -1,5 +1,11 @@ import { permissions, roles, context, HTTPError } from "@budibase/backend-core" -import { UserCtx, Database, Role, PermissionLevel } from "@budibase/types" +import { + UserCtx, + Database, + Role, + PermissionLevel, + GetResourcePermsResponse, +} from "@budibase/types" import { getRoleParams } from "../../db/utils" import { CURRENTLY_SUPPORTED_LEVELS, @@ -145,10 +151,27 @@ export async function fetch(ctx: UserCtx) { ctx.body = finalPermissions } -export async function getResourcePerms(ctx: UserCtx) { +export async function getResourcePerms( + ctx: UserCtx +) { const resourceId = ctx.params.resourceId + const resourcePermissions = await sdk.permissions.getResourcePerms(resourceId) + ctx.body = { - permissions: await sdk.permissions.getResourcePerms(resourceId), + permissions: Object.entries(resourcePermissions).reduce( + (p, [level, role]) => { + p[level] = role.role + return p + }, + {} as Record + ), + permissionType: Object.entries(resourcePermissions).reduce( + (p, [level, role]) => { + p[level] = role.type + return p + }, + {} as Record + ), } } diff --git a/packages/server/src/sdk/app/permissions/index.ts b/packages/server/src/sdk/app/permissions/index.ts index cb4ce93250..b1ebbd2ac8 100644 --- a/packages/server/src/sdk/app/permissions/index.ts +++ b/packages/server/src/sdk/app/permissions/index.ts @@ -46,12 +46,15 @@ export async function resourceActionAllowed({ } } +enum PermissionType { + EXPLICIT = "explicit", + INHERITED = "inherited", + BASE = "base", +} + type ResourcePermissions = Record< string, - { - role: string - inherited?: boolean | undefined - } + { role: string; type: PermissionType } > export async function getResourcePerms( @@ -64,11 +67,13 @@ export async function getResourcePerms( }) ) const rolesList = body.rows.map(row => row.doc) - let permissions: Record = {} + let permissions: ResourcePermissions = {} - let parentResourceToCheck + let permsToInherit: ResourcePermissions | undefined if (isViewID(resourceId) && (await features.isViewPermissionEnabled())) { - parentResourceToCheck = extractViewInfoFromID(resourceId).tableId + permsToInherit = await getResourcePerms( + extractViewInfoFromID(resourceId).tableId + ) } for (let level of CURRENTLY_SUPPORTED_LEVELS) { @@ -81,14 +86,12 @@ export async function getResourcePerms( if (rolePerms[resourceId]?.indexOf(level) > -1) { permissions[level] = { role: roles.getExternalRoleID(role._id!, role.version), + type: PermissionType.EXPLICIT, } - } else if ( - parentResourceToCheck && - rolePerms[parentResourceToCheck]?.indexOf(level) > -1 - ) { + } else if (permsToInherit && permsToInherit[level]) { permissions[level] = { - role: roles.getExternalRoleID(role._id!, role.version), - inherited: true, + role: permsToInherit[level].role, + type: PermissionType.INHERITED, } } } @@ -97,7 +100,7 @@ export async function getResourcePerms( const basePermissions = Object.entries( getBasePermissions(resourceId) ).reduce((p, [level, role]) => { - p[level] = { role } + p[level] = { role, type: PermissionType.BASE } return p }, {}) const result = Object.assign(basePermissions, permissions) diff --git a/packages/types/src/api/web/app/index.ts b/packages/types/src/api/web/app/index.ts index e7b4b87aa9..276d7fa7c1 100644 --- a/packages/types/src/api/web/app/index.ts +++ b/packages/types/src/api/web/app/index.ts @@ -4,3 +4,4 @@ export * from "./row" export * from "./view" export * from "./rows" export * from "./table" +export * from "./permission" diff --git a/packages/types/src/api/web/app/permission.ts b/packages/types/src/api/web/app/permission.ts new file mode 100644 index 0000000000..52f6bdcabb --- /dev/null +++ b/packages/types/src/api/web/app/permission.ts @@ -0,0 +1,4 @@ +export interface GetResourcePermsResponse { + permissions: Record + permissionType: Record +}