Set default permissions
This commit is contained in:
Adria Navarro
parent
b3efea95bf
commit
d01462221f
|
|
@ -94,18 +94,17 @@ export async function getDependantResources(
|
|||
|
||||
export async function addPermission(ctx: UserCtx<void, AddPermissionResponse>) {
|
||||
const params: AddPermissionRequest = ctx.params
|
||||
ctx.body = await sdk.permissions.updatePermissionOnRole(
|
||||
params,
|
||||
PermissionUpdateType.ADD
|
||||
)
|
||||
await sdk.permissions.updatePermissionOnRole(params, PermissionUpdateType.ADD)
|
||||
ctx.status = 200
|
||||
}
|
||||
|
||||
export async function removePermission(
|
||||
ctx: UserCtx<void, RemovePermissionResponse>
|
||||
) {
|
||||
const params: RemovePermissionRequest = ctx.params
|
||||
ctx.body = await sdk.permissions.updatePermissionOnRole(
|
||||
await sdk.permissions.updatePermissionOnRole(
|
||||
params,
|
||||
PermissionUpdateType.REMOVE
|
||||
)
|
||||
ctx.status = 200
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,12 +42,11 @@ describe("/permission", () => {
|
|||
|
||||
describe("table permissions", () => {
|
||||
let tableId: string
|
||||
let perms: Document[]
|
||||
|
||||
beforeEach(async () => {
|
||||
const table = await config.createTable()
|
||||
tableId = table._id!
|
||||
perms = await config.api.permission.add({
|
||||
await config.api.permission.add({
|
||||
roleId: STD_ROLE_ID,
|
||||
resourceId: tableId,
|
||||
level: PermissionLevel.READ,
|
||||
|
|
@ -59,11 +58,11 @@ describe("/permission", () => {
|
|||
const { permissions } = await config.api.permission.get(table._id!)
|
||||
expect(permissions).toEqual({
|
||||
read: {
|
||||
permissionType: "BASE",
|
||||
permissionType: "EXPLICIT",
|
||||
role: DEFAULT_TABLE_ROLE_ID,
|
||||
},
|
||||
write: {
|
||||
permissionType: "BASE",
|
||||
permissionType: "EXPLICIT",
|
||||
role: DEFAULT_TABLE_ROLE_ID,
|
||||
},
|
||||
})
|
||||
|
|
@ -71,11 +70,6 @@ describe("/permission", () => {
|
|||
|
||||
describe("add", () => {
|
||||
it("should be able to add permission to a role for the table", async () => {
|
||||
expect(perms.length).toEqual(1)
|
||||
expect(perms[0]._id).toEqual(`${STD_ROLE_ID}`)
|
||||
})
|
||||
|
||||
it("should get the resource permissions", async () => {
|
||||
const res = await request
|
||||
.get(`/api/permission/${tableId}`)
|
||||
.set(config.defaultHeaders())
|
||||
|
|
@ -84,13 +78,13 @@ describe("/permission", () => {
|
|||
expect(res.body).toEqual({
|
||||
permissions: {
|
||||
read: { permissionType: "EXPLICIT", role: STD_ROLE_ID },
|
||||
write: { permissionType: "BASE", role: DEFAULT_TABLE_ROLE_ID },
|
||||
write: { permissionType: "EXPLICIT", role: DEFAULT_TABLE_ROLE_ID },
|
||||
},
|
||||
})
|
||||
})
|
||||
|
||||
it("should get resource permissions with multiple roles", async () => {
|
||||
perms = await config.api.permission.add({
|
||||
await config.api.permission.add({
|
||||
roleId: HIGHER_ROLE_ID,
|
||||
resourceId: tableId,
|
||||
level: PermissionLevel.WRITE,
|
||||
|
|
@ -115,12 +109,12 @@ describe("/permission", () => {
|
|||
|
||||
describe("remove", () => {
|
||||
it("should be able to remove the permission", async () => {
|
||||
const res = await config.api.permission.revoke({
|
||||
await config.api.permission.revoke({
|
||||
roleId: STD_ROLE_ID,
|
||||
resourceId: tableId,
|
||||
level: PermissionLevel.READ,
|
||||
})
|
||||
expect(res[0]._id).toEqual(STD_ROLE_ID)
|
||||
|
||||
const permsRes = await config.api.permission.get(tableId)
|
||||
expect(permsRes.permissions[STD_ROLE_ID]).toBeUndefined()
|
||||
})
|
||||
|
|
|
|||
|
|
@ -185,6 +185,26 @@ export async function updatePermissionOnRole(
|
|||
})
|
||||
}
|
||||
|
||||
export async function setPermissions(
|
||||
resourceId: string,
|
||||
{
|
||||
writeRole,
|
||||
readRole,
|
||||
}: {
|
||||
writeRole: string
|
||||
readRole: string
|
||||
}
|
||||
) {
|
||||
await updatePermissionOnRole(
|
||||
{ roleId: writeRole, resourceId, level: PermissionLevel.WRITE },
|
||||
PermissionUpdateType.ADD
|
||||
)
|
||||
await updatePermissionOnRole(
|
||||
{ roleId: readRole, resourceId, level: PermissionLevel.READ },
|
||||
PermissionUpdateType.ADD
|
||||
)
|
||||
}
|
||||
|
||||
// utility function to stop this repetition - permissions always stored under roles
|
||||
export async function getAllDBRoles(db: Database) {
|
||||
const body = await db.allDocs<Role>(
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@ import { Row, Table } from "@budibase/types"
|
|||
import * as external from "./external"
|
||||
import * as internal from "./internal"
|
||||
import { isExternal } from "./utils"
|
||||
import { setPermissions } from "../permissions"
|
||||
import { roles } from "@budibase/backend-core"
|
||||
|
||||
export async function create(
|
||||
table: Omit<Table, "_id" | "_rev">,
|
||||
|
|
@ -15,5 +17,11 @@ export async function create(
|
|||
} else {
|
||||
createdTable = await internal.create(table, rows, userId)
|
||||
}
|
||||
|
||||
await setPermissions(createdTable._id!, {
|
||||
writeRole: roles.BUILTIN_ROLE_IDS.ADMIN,
|
||||
readRole: roles.BUILTIN_ROLE_IDS.ADMIN,
|
||||
})
|
||||
|
||||
return createdTable
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ export interface AddedPermission {
|
|||
reason?: string
|
||||
}
|
||||
|
||||
export type AddPermissionResponse = AddedPermission[]
|
||||
export interface AddPermissionResponse {}
|
||||
|
||||
export interface AddPermissionRequest {
|
||||
roleId: string
|
||||
|
|
@ -34,4 +34,4 @@ export interface AddPermissionRequest {
|
|||
}
|
||||
|
||||
export interface RemovePermissionRequest extends AddPermissionRequest {}
|
||||
export interface RemovePermissionResponse extends AddPermissionResponse {}
|
||||
export interface RemovePermissionResponse {}
|
||||
|
|
|
|||
Loading…
Reference in New Issue