Set default permissions

packages/server/src/api/controllers/permission.ts

@@ -94,18 +94,17 @@ export async function getDependantResources(
 
 export async function addPermission(ctx: UserCtx<void, AddPermissionResponse>) {
   const params: AddPermissionRequest = ctx.params
-  ctx.body = await sdk.permissions.updatePermissionOnRole(
+  await sdk.permissions.updatePermissionOnRole(params, PermissionUpdateType.ADD)
-    params,
+  ctx.status = 200
-    PermissionUpdateType.ADD
-  )
 }
 
 export async function removePermission(
   ctx: UserCtx<void, RemovePermissionResponse>
 ) {
   const params: RemovePermissionRequest = ctx.params
-  ctx.body = await sdk.permissions.updatePermissionOnRole(
+  await sdk.permissions.updatePermissionOnRole(
     params,
     PermissionUpdateType.REMOVE
   )
+  ctx.status = 200
 }

packages/server/src/api/routes/tests/permissions.spec.ts

@@ -42,12 +42,11 @@ describe("/permission", () => {
 
   describe("table permissions", () => {
     let tableId: string
-    let perms: Document[]
 
     beforeEach(async () => {
       const table = await config.createTable()
       tableId = table._id!
-      perms = await config.api.permission.add({
+      await config.api.permission.add({
         roleId: STD_ROLE_ID,
         resourceId: tableId,
         level: PermissionLevel.READ,
@@ -59,11 +58,11 @@ describe("/permission", () => {
       const { permissions } = await config.api.permission.get(table._id!)
       expect(permissions).toEqual({
         read: {
-          permissionType: "BASE",
+          permissionType: "EXPLICIT",
           role: DEFAULT_TABLE_ROLE_ID,
         },
         write: {
-          permissionType: "BASE",
+          permissionType: "EXPLICIT",
           role: DEFAULT_TABLE_ROLE_ID,
         },
       })
@@ -71,11 +70,6 @@ describe("/permission", () => {
 
     describe("add", () => {
       it("should be able to add permission to a role for the table", async () => {
-        expect(perms.length).toEqual(1)
-        expect(perms[0]._id).toEqual(`${STD_ROLE_ID}`)
-      })
-
-      it("should get the resource permissions", async () => {
         const res = await request
           .get(`/api/permission/${tableId}`)
           .set(config.defaultHeaders())
@@ -84,13 +78,13 @@ describe("/permission", () => {
         expect(res.body).toEqual({
           permissions: {
             read: { permissionType: "EXPLICIT", role: STD_ROLE_ID },
-            write: { permissionType: "BASE", role: DEFAULT_TABLE_ROLE_ID },
+            write: { permissionType: "EXPLICIT", role: DEFAULT_TABLE_ROLE_ID },
           },
         })
       })
 
       it("should get resource permissions with multiple roles", async () => {
-        perms = await config.api.permission.add({
+        await config.api.permission.add({
           roleId: HIGHER_ROLE_ID,
           resourceId: tableId,
           level: PermissionLevel.WRITE,
@@ -115,12 +109,12 @@ describe("/permission", () => {
 
     describe("remove", () => {
       it("should be able to remove the permission", async () => {
-        const res = await config.api.permission.revoke({
+        await config.api.permission.revoke({
           roleId: STD_ROLE_ID,
           resourceId: tableId,
           level: PermissionLevel.READ,
         })
-        expect(res[0]._id).toEqual(STD_ROLE_ID)
+
         const permsRes = await config.api.permission.get(tableId)
         expect(permsRes.permissions[STD_ROLE_ID]).toBeUndefined()
       })

packages/server/src/sdk/app/permissions/index.ts

@@ -185,6 +185,26 @@ export async function updatePermissionOnRole(
   })
 }
 
+export async function setPermissions(
+  resourceId: string,
+  {
+    writeRole,
+    readRole,
+  }: {
+    writeRole: string
+    readRole: string
+  }
+) {
+  await updatePermissionOnRole(
+    { roleId: writeRole, resourceId, level: PermissionLevel.WRITE },
+    PermissionUpdateType.ADD
+  )
+  await updatePermissionOnRole(
+    { roleId: readRole, resourceId, level: PermissionLevel.READ },
+    PermissionUpdateType.ADD
+  )
+}
+
 // utility function to stop this repetition - permissions always stored under roles
 export async function getAllDBRoles(db: Database) {
   const body = await db.allDocs<Role>(

packages/server/src/sdk/app/tables/create.ts

@@ -3,6 +3,8 @@ import { Row, Table } from "@budibase/types"
 import * as external from "./external"
 import * as internal from "./internal"
 import { isExternal } from "./utils"
+import { setPermissions } from "../permissions"
+import { roles } from "@budibase/backend-core"
 
 export async function create(
   table: Omit<Table, "_id" | "_rev">,
@@ -15,5 +17,11 @@ export async function create(
   } else {
     createdTable = await internal.create(table, rows, userId)
   }
+
+  await setPermissions(createdTable._id!, {
+    writeRole: roles.BUILTIN_ROLE_IDS.ADMIN,
+    readRole: roles.BUILTIN_ROLE_IDS.ADMIN,
+  })
+
   return createdTable
 }

packages/types/src/api/web/app/permission.ts

@@ -25,7 +25,7 @@ export interface AddedPermission {
   reason?: string
 }
 
-export type AddPermissionResponse = AddedPermission[]
+export interface AddPermissionResponse {}
 
 export interface AddPermissionRequest {
   roleId: string
@@ -34,4 +34,4 @@ export interface AddPermissionRequest {
 }
 
 export interface RemovePermissionRequest extends AddPermissionRequest {}
-export interface RemovePermissionResponse extends AddPermissionResponse {}
+export interface RemovePermissionResponse {}