Return role origin

packages/server/src/api/controllers/permission.ts

@@ -1,5 +1,11 @@
 import { permissions, roles, context, HTTPError } from "@budibase/backend-core"
-import { UserCtx, Database, Role, PermissionLevel } from "@budibase/types"
+import {
+  UserCtx,
+  Database,
+  Role,
+  PermissionLevel,
+  GetResourcePermsResponse,
+} from "@budibase/types"
 import { getRoleParams } from "../../db/utils"
 import {
   CURRENTLY_SUPPORTED_LEVELS,
@@ -145,10 +151,27 @@ export async function fetch(ctx: UserCtx) {
   ctx.body = finalPermissions
 }
 
-export async function getResourcePerms(ctx: UserCtx) {
+export async function getResourcePerms(
+  ctx: UserCtx<void, GetResourcePermsResponse>
+) {
   const resourceId = ctx.params.resourceId
+  const resourcePermissions = await sdk.permissions.getResourcePerms(resourceId)
+
   ctx.body = {
-    permissions: await sdk.permissions.getResourcePerms(resourceId),
+    permissions: Object.entries(resourcePermissions).reduce(
+      (p, [level, role]) => {
+        p[level] = role.role
+        return p
+      },
+      {} as Record<string, string>
+    ),
+    permissionType: Object.entries(resourcePermissions).reduce(
+      (p, [level, role]) => {
+        p[level] = role.type
+        return p
+      },
+      {} as Record<string, string>
+    ),
   }
 }
 

packages/server/src/sdk/app/permissions/index.ts

@@ -46,12 +46,15 @@ export async function resourceActionAllowed({
   }
 }
 
+enum PermissionType {
+  EXPLICIT = "explicit",
+  INHERITED = "inherited",
+  BASE = "base",
+}
+
 type ResourcePermissions = Record<
   string,
-  {
+  { role: string; type: PermissionType }
-    role: string
-    inherited?: boolean | undefined
-  }
 >
 
 export async function getResourcePerms(
@@ -64,11 +67,13 @@ export async function getResourcePerms(
     })
   )
   const rolesList = body.rows.map<Role>(row => row.doc)
-  let permissions: Record<string, { role: string; inherited?: boolean }> = {}
+  let permissions: ResourcePermissions = {}
 
-  let parentResourceToCheck
+  let permsToInherit: ResourcePermissions | undefined
   if (isViewID(resourceId) && (await features.isViewPermissionEnabled())) {
-    parentResourceToCheck = extractViewInfoFromID(resourceId).tableId
+    permsToInherit = await getResourcePerms(
+      extractViewInfoFromID(resourceId).tableId
+    )
   }
 
   for (let level of CURRENTLY_SUPPORTED_LEVELS) {
@@ -81,14 +86,12 @@ export async function getResourcePerms(
       if (rolePerms[resourceId]?.indexOf(level) > -1) {
         permissions[level] = {
           role: roles.getExternalRoleID(role._id!, role.version),
+          type: PermissionType.EXPLICIT,
         }
-      } else if (
+      } else if (permsToInherit && permsToInherit[level]) {
-        parentResourceToCheck &&
-        rolePerms[parentResourceToCheck]?.indexOf(level) > -1
-      ) {
         permissions[level] = {
-          role: roles.getExternalRoleID(role._id!, role.version),
+          role: permsToInherit[level].role,
-          inherited: true,
+          type: PermissionType.INHERITED,
         }
       }
     }
@@ -97,7 +100,7 @@ export async function getResourcePerms(
   const basePermissions = Object.entries(
     getBasePermissions(resourceId)
   ).reduce<ResourcePermissions>((p, [level, role]) => {
-    p[level] = { role }
+    p[level] = { role, type: PermissionType.BASE }
     return p
   }, {})
   const result = Object.assign(basePermissions, permissions)

packages/types/src/api/web/app/index.ts

@@ -4,3 +4,4 @@ export * from "./row"
 export * from "./view"
 export * from "./rows"
 export * from "./table"
+export * from "./permission"

packages/types/src/api/web/app/permission.ts

@@ -0,0 +1,4 @@
+export interface GetResourcePermsResponse {
+  permissions: Record<string, string>
+  permissionType: Record<string, string>
+}