MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use permissions sdk on authorized middleware

This commit is contained in:
Adria Navarro 2023-09-04 14:13:10 +02:00
parent f6329e6a22
commit ad8fb01657
1 changed files with 22 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
packages/server/src/middleware/authorized.ts
View File

@ -6,11 +6,10 @@ import {
users, users,
} from "@budibase/backend-core" } from "@budibase/backend-core"
import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types" import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types"
import { features } from "@budibase/pro"
import builderMiddleware from "./builder" import builderMiddleware from "./builder"
import { isWebhookEndpoint } from "./utils" import { isWebhookEndpoint } from "./utils"
import { paramResource } from "./resourceId" import { paramResource } from "./resourceId"
import { extractViewInfoFromID, isViewID } from "../db/utils" import sdk from "../sdk"
function hasResource(ctx: any) { function hasResource(ctx: any) {
return ctx.resourceId != null return ctx.resourceId != null
@ -77,31 +76,6 @@ const checkAuthorizedResource = async (
} }
} }
const resourceIdTranformers: Partial<
Record<PermissionType, (ctx: UserCtx) => Promise<void>>
> = {
[PermissionType.VIEW]: async ctx => {
const { resourceId } = ctx
if (!resourceId) {
ctx.throw(400, `Cannot obtain the view id`)
return
}
if (!isViewID(resourceId)) {
ctx.throw(400, `"${resourceId}" is not a valid view id`)
return
}
if (await features.isViewPermissionEnabled()) {
ctx.subResourceId = ctx.resourceId
ctx.resourceId = extractViewInfoFromID(resourceId).tableId
} else {
ctx.resourceId = extractViewInfoFromID(resourceId).tableId
delete ctx.subResourceId
}
},
}
const authorized = const authorized =
( (
permType: PermissionType, permType: PermissionType,
@ -121,8 +95,8 @@ const authorized =
} }
// get the resource roles // get the resource roles
let resourceRoles: any = [] let resourceRoles: string[] = []
let otherLevelRoles: any = [] let otherLevelRoles: string[] = []
const otherLevel = const otherLevel =
permLevel === PermissionLevel.READ permLevel === PermissionLevel.READ
? PermissionLevel.WRITE ? PermissionLevel.WRITE
@ -133,21 +107,28 @@ const authorized =
paramResource(resourcePath)(ctx, () => {}) paramResource(resourcePath)(ctx, () => {})
} }
if (resourceIdTranformers[permType]) {
await resourceIdTranformers[permType]!(ctx)
}
if (hasResource(ctx)) { if (hasResource(ctx)) {
const { resourceId, subResourceId } = ctx const { resourceId, subResourceId } = ctx
resourceRoles = await roles.getRequiredResourceRole(permLevel!, {
resourceId, const permissions = await sdk.permissions.getResourcePerms(resourceId)
subResourceId, const subPermissions =
}) !!subResourceId &&
(await sdk.permissions.getResourcePerms(subResourceId))
function getPermLevel(permLevel: string) {
let result: string[] = []
if (permissions[permLevel]) {
result.push(permissions[permLevel].role)
}
if (subPermissions && subPermissions[permLevel]) {
result.push(subPermissions[permLevel].role)
}
return result
}
resourceRoles = getPermLevel(permLevel!)
if (opts && opts.schema) { if (opts && opts.schema) {
otherLevelRoles = await roles.getRequiredResourceRole(otherLevel, { otherLevelRoles = getPermLevel(otherLevel!)
resourceId,
subResourceId,
})
} }
} }