Set default permissions to view

2024-10-09 14:36:37 +02:00 · 2024-10-09 14:36:37 +02:00 · c84cda40b3
parent d01462221f
commit c84cda40b3
2 changed files with 16 additions and 8 deletions
--- a/packages/server/src/api/routes/tests/permissions.spec.ts
+++ b/packages/server/src/api/routes/tests/permissions.spec.ts
@ -227,23 +227,23 @@ describe("/permission", () => {
      viewId = view.id
    })

-    it("default permissions inherits the table default value", async () => {
+    it("default permissions inherits and persists the table default value", async () => {
      const { permissions } = await config.api.permission.get(viewId)
      expect(permissions).toEqual({
        read: {
-          permissionType: "INHERITED",
+          permissionType: "EXPLICIT",
          role: DEFAULT_TABLE_ROLE_ID,
          inheritablePermission: DEFAULT_TABLE_ROLE_ID,
        },
        write: {
-          permissionType: "INHERITED",
+          permissionType: "EXPLICIT",
          role: DEFAULT_TABLE_ROLE_ID,
          inheritablePermission: DEFAULT_TABLE_ROLE_ID,
        },
      })
    })

-    it("default permissions inherits explicit table permissions", async () => {
+    it("does not update view permissions once persisted, even if table permissions change", async () => {
      await config.api.permission.add({
        roleId: STD_ROLE_ID,
        resourceId: tableId,
@ -253,12 +253,12 @@ describe("/permission", () => {
      const { permissions } = await config.api.permission.get(viewId)
      expect(permissions).toEqual({
        read: {
-          permissionType: "INHERITED",
-          role: STD_ROLE_ID,
+          permissionType: "EXPLICIT",
+          role: DEFAULT_TABLE_ROLE_ID,
          inheritablePermission: STD_ROLE_ID,
        },
        write: {
-          permissionType: "INHERITED",
+          permissionType: "EXPLICIT",
          role: DEFAULT_TABLE_ROLE_ID,
          inheritablePermission: DEFAULT_TABLE_ROLE_ID,
        },
@ -275,7 +275,7 @@ describe("/permission", () => {
      const { permissions } = await config.api.permission.get(viewId)
      expect(permissions).toEqual({
        read: {
-          permissionType: "INHERITED",
+          permissionType: "EXPLICIT",
          role: DEFAULT_TABLE_ROLE_ID,
          inheritablePermission: DEFAULT_TABLE_ROLE_ID,
        },
--- a/packages/server/src/sdk/app/views/index.ts
+++ b/packages/server/src/sdk/app/views/index.ts
@ -3,6 +3,7 @@ import {
  canGroupBy,
  FieldType,
  isNumeric,
+  PermissionLevel,
  RelationSchemaField,
  RenameColumn,
  Table,
@ -243,6 +244,13 @@ export async function create(

  const view = await pickApi(tableId).create(tableId, viewRequest)

+  // Set permissions to be the same as the table
+  const tablePerms = await sdk.permissions.getResourcePerms(tableId)
+  await sdk.permissions.setPermissions(view.id, {
+    writeRole: tablePerms[PermissionLevel.WRITE].role,
+    readRole: tablePerms[PermissionLevel.READ].role,
+  })
+
  return view
 }