From d01462221fb8e8da9e83bc3b5bf171b30a7bff44 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Wed, 9 Oct 2024 14:15:02 +0200 Subject: [PATCH] Set default permissions --- .../server/src/api/controllers/permission.ts | 9 ++++----- .../src/api/routes/tests/permissions.spec.ts | 20 +++++++------------ .../server/src/sdk/app/permissions/index.ts | 20 +++++++++++++++++++ packages/server/src/sdk/app/tables/create.ts | 8 ++++++++ packages/types/src/api/web/app/permission.ts | 4 ++-- 5 files changed, 41 insertions(+), 20 deletions(-) diff --git a/packages/server/src/api/controllers/permission.ts b/packages/server/src/api/controllers/permission.ts index a58d94ce80..ead48d3db8 100644 --- a/packages/server/src/api/controllers/permission.ts +++ b/packages/server/src/api/controllers/permission.ts @@ -94,18 +94,17 @@ export async function getDependantResources( export async function addPermission(ctx: UserCtx) { const params: AddPermissionRequest = ctx.params - ctx.body = await sdk.permissions.updatePermissionOnRole( - params, - PermissionUpdateType.ADD - ) + await sdk.permissions.updatePermissionOnRole(params, PermissionUpdateType.ADD) + ctx.status = 200 } export async function removePermission( ctx: UserCtx ) { const params: RemovePermissionRequest = ctx.params - ctx.body = await sdk.permissions.updatePermissionOnRole( + await sdk.permissions.updatePermissionOnRole( params, PermissionUpdateType.REMOVE ) + ctx.status = 200 } diff --git a/packages/server/src/api/routes/tests/permissions.spec.ts b/packages/server/src/api/routes/tests/permissions.spec.ts index 44b57cf7cb..180f91fb42 100644 --- a/packages/server/src/api/routes/tests/permissions.spec.ts +++ b/packages/server/src/api/routes/tests/permissions.spec.ts @@ -42,12 +42,11 @@ describe("/permission", () => { describe("table permissions", () => { let tableId: string - let perms: Document[] beforeEach(async () => { const table = await config.createTable() tableId = table._id! - perms = await config.api.permission.add({ + await config.api.permission.add({ roleId: STD_ROLE_ID, resourceId: tableId, level: PermissionLevel.READ, @@ -59,11 +58,11 @@ describe("/permission", () => { const { permissions } = await config.api.permission.get(table._id!) expect(permissions).toEqual({ read: { - permissionType: "BASE", + permissionType: "EXPLICIT", role: DEFAULT_TABLE_ROLE_ID, }, write: { - permissionType: "BASE", + permissionType: "EXPLICIT", role: DEFAULT_TABLE_ROLE_ID, }, }) @@ -71,11 +70,6 @@ describe("/permission", () => { describe("add", () => { it("should be able to add permission to a role for the table", async () => { - expect(perms.length).toEqual(1) - expect(perms[0]._id).toEqual(`${STD_ROLE_ID}`) - }) - - it("should get the resource permissions", async () => { const res = await request .get(`/api/permission/${tableId}`) .set(config.defaultHeaders()) @@ -84,13 +78,13 @@ describe("/permission", () => { expect(res.body).toEqual({ permissions: { read: { permissionType: "EXPLICIT", role: STD_ROLE_ID }, - write: { permissionType: "BASE", role: DEFAULT_TABLE_ROLE_ID }, + write: { permissionType: "EXPLICIT", role: DEFAULT_TABLE_ROLE_ID }, }, }) }) it("should get resource permissions with multiple roles", async () => { - perms = await config.api.permission.add({ + await config.api.permission.add({ roleId: HIGHER_ROLE_ID, resourceId: tableId, level: PermissionLevel.WRITE, @@ -115,12 +109,12 @@ describe("/permission", () => { describe("remove", () => { it("should be able to remove the permission", async () => { - const res = await config.api.permission.revoke({ + await config.api.permission.revoke({ roleId: STD_ROLE_ID, resourceId: tableId, level: PermissionLevel.READ, }) - expect(res[0]._id).toEqual(STD_ROLE_ID) + const permsRes = await config.api.permission.get(tableId) expect(permsRes.permissions[STD_ROLE_ID]).toBeUndefined() }) diff --git a/packages/server/src/sdk/app/permissions/index.ts b/packages/server/src/sdk/app/permissions/index.ts index 2c3c0af95b..97af9ccc83 100644 --- a/packages/server/src/sdk/app/permissions/index.ts +++ b/packages/server/src/sdk/app/permissions/index.ts @@ -185,6 +185,26 @@ export async function updatePermissionOnRole( }) } +export async function setPermissions( + resourceId: string, + { + writeRole, + readRole, + }: { + writeRole: string + readRole: string + } +) { + await updatePermissionOnRole( + { roleId: writeRole, resourceId, level: PermissionLevel.WRITE }, + PermissionUpdateType.ADD + ) + await updatePermissionOnRole( + { roleId: readRole, resourceId, level: PermissionLevel.READ }, + PermissionUpdateType.ADD + ) +} + // utility function to stop this repetition - permissions always stored under roles export async function getAllDBRoles(db: Database) { const body = await db.allDocs( diff --git a/packages/server/src/sdk/app/tables/create.ts b/packages/server/src/sdk/app/tables/create.ts index ed6d6baeb0..0b15cdb15a 100644 --- a/packages/server/src/sdk/app/tables/create.ts +++ b/packages/server/src/sdk/app/tables/create.ts @@ -3,6 +3,8 @@ import { Row, Table } from "@budibase/types" import * as external from "./external" import * as internal from "./internal" import { isExternal } from "./utils" +import { setPermissions } from "../permissions" +import { roles } from "@budibase/backend-core" export async function create( table: Omit, @@ -15,5 +17,11 @@ export async function create( } else { createdTable = await internal.create(table, rows, userId) } + + await setPermissions(createdTable._id!, { + writeRole: roles.BUILTIN_ROLE_IDS.ADMIN, + readRole: roles.BUILTIN_ROLE_IDS.ADMIN, + }) + return createdTable } diff --git a/packages/types/src/api/web/app/permission.ts b/packages/types/src/api/web/app/permission.ts index a5c4df5733..b40310f21c 100644 --- a/packages/types/src/api/web/app/permission.ts +++ b/packages/types/src/api/web/app/permission.ts @@ -25,7 +25,7 @@ export interface AddedPermission { reason?: string } -export type AddPermissionResponse = AddedPermission[] +export interface AddPermissionResponse {} export interface AddPermissionRequest { roleId: string @@ -34,4 +34,4 @@ export interface AddPermissionRequest { } export interface RemovePermissionRequest extends AddPermissionRequest {} -export interface RemovePermissionResponse extends AddPermissionResponse {} +export interface RemovePermissionResponse {}