diff --git a/packages/backend-core/src/security/permissions.ts b/packages/backend-core/src/security/permissions.ts index 929ae92909..263f042a9d 100644 --- a/packages/backend-core/src/security/permissions.ts +++ b/packages/backend-core/src/security/permissions.ts @@ -2,6 +2,8 @@ import { PermissionLevel, PermissionType, BuiltinPermissionID, + Permission, + BuiltinPermissions, } from "@budibase/types" import flatten from "lodash/flatten" import cloneDeep from "lodash/fp/cloneDeep" @@ -12,7 +14,7 @@ export type RoleHierarchy = { permissionId: string }[] -export class Permission { +export class PermissionImpl implements Permission { type: PermissionType level: PermissionLevel @@ -61,68 +63,62 @@ export function getAllowedLevels(userPermLevel: PermissionLevel): string[] { } } -export const BUILTIN_PERMISSIONS: { - [key in keyof typeof BuiltinPermissionID]: { - _id: (typeof BuiltinPermissionID)[key] - name: string - permissions: Permission[] - } -} = { +export const BUILTIN_PERMISSIONS: BuiltinPermissions = { PUBLIC: { _id: BuiltinPermissionID.PUBLIC, name: "Public", permissions: [ - new Permission(PermissionType.WEBHOOK, PermissionLevel.EXECUTE), + new PermissionImpl(PermissionType.WEBHOOK, PermissionLevel.EXECUTE), ], }, READ_ONLY: { _id: BuiltinPermissionID.READ_ONLY, name: "Read only", permissions: [ - new Permission(PermissionType.QUERY, PermissionLevel.READ), - new Permission(PermissionType.TABLE, PermissionLevel.READ), - new Permission(PermissionType.APP, PermissionLevel.READ), + new PermissionImpl(PermissionType.QUERY, PermissionLevel.READ), + new PermissionImpl(PermissionType.TABLE, PermissionLevel.READ), + new PermissionImpl(PermissionType.APP, PermissionLevel.READ), ], }, WRITE: { _id: BuiltinPermissionID.WRITE, name: "Read/Write", permissions: [ - new Permission(PermissionType.QUERY, PermissionLevel.WRITE), - new Permission(PermissionType.TABLE, PermissionLevel.WRITE), - new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE), - new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ), - new Permission(PermissionType.APP, PermissionLevel.READ), + new PermissionImpl(PermissionType.QUERY, PermissionLevel.WRITE), + new PermissionImpl(PermissionType.TABLE, PermissionLevel.WRITE), + new PermissionImpl(PermissionType.AUTOMATION, PermissionLevel.EXECUTE), + new PermissionImpl(PermissionType.LEGACY_VIEW, PermissionLevel.READ), + new PermissionImpl(PermissionType.APP, PermissionLevel.READ), ], }, POWER: { _id: BuiltinPermissionID.POWER, name: "Power", permissions: [ - new Permission(PermissionType.TABLE, PermissionLevel.WRITE), - new Permission(PermissionType.USER, PermissionLevel.READ), - new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE), - new Permission(PermissionType.WEBHOOK, PermissionLevel.READ), - new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ), - new Permission(PermissionType.APP, PermissionLevel.READ), + new PermissionImpl(PermissionType.TABLE, PermissionLevel.WRITE), + new PermissionImpl(PermissionType.USER, PermissionLevel.READ), + new PermissionImpl(PermissionType.AUTOMATION, PermissionLevel.EXECUTE), + new PermissionImpl(PermissionType.WEBHOOK, PermissionLevel.READ), + new PermissionImpl(PermissionType.LEGACY_VIEW, PermissionLevel.READ), + new PermissionImpl(PermissionType.APP, PermissionLevel.READ), ], }, ADMIN: { _id: BuiltinPermissionID.ADMIN, name: "Admin", permissions: [ - new Permission(PermissionType.TABLE, PermissionLevel.ADMIN), - new Permission(PermissionType.USER, PermissionLevel.ADMIN), - new Permission(PermissionType.AUTOMATION, PermissionLevel.ADMIN), - new Permission(PermissionType.WEBHOOK, PermissionLevel.READ), - new Permission(PermissionType.QUERY, PermissionLevel.ADMIN), - new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ), - new Permission(PermissionType.APP, PermissionLevel.READ), + new PermissionImpl(PermissionType.TABLE, PermissionLevel.ADMIN), + new PermissionImpl(PermissionType.USER, PermissionLevel.ADMIN), + new PermissionImpl(PermissionType.AUTOMATION, PermissionLevel.ADMIN), + new PermissionImpl(PermissionType.WEBHOOK, PermissionLevel.READ), + new PermissionImpl(PermissionType.QUERY, PermissionLevel.ADMIN), + new PermissionImpl(PermissionType.LEGACY_VIEW, PermissionLevel.READ), + new PermissionImpl(PermissionType.APP, PermissionLevel.READ), ], }, } -export function getBuiltinPermissions() { +export function getBuiltinPermissions(): BuiltinPermissions { return cloneDeep(BUILTIN_PERMISSIONS) } diff --git a/packages/backend-core/src/security/tests/permissions.spec.ts b/packages/backend-core/src/security/tests/permissions.spec.ts index f98833c7cd..d268a56a1f 100644 --- a/packages/backend-core/src/security/tests/permissions.spec.ts +++ b/packages/backend-core/src/security/tests/permissions.spec.ts @@ -133,7 +133,7 @@ describe("getBuiltinPermissionByID", () => { _id: BuiltinPermissionID.PUBLIC, name: "Public", permissions: [ - new permissions.Permission( + new permissions.PermissionImpl( permissions.PermissionType.WEBHOOK, permissions.PermissionLevel.EXECUTE ), diff --git a/packages/server/src/api/controllers/permission.ts b/packages/server/src/api/controllers/permission.ts index ead48d3db8..2ef197dbca 100644 --- a/packages/server/src/api/controllers/permission.ts +++ b/packages/server/src/api/controllers/permission.ts @@ -9,6 +9,8 @@ import { RemovePermissionRequest, RemovePermissionResponse, FetchResourcePermissionInfoResponse, + FetchBuiltinPermissionsRequest, + FetchPermissionLevelsRequest, } from "@budibase/types" import { CURRENTLY_SUPPORTED_LEVELS, @@ -19,11 +21,13 @@ import { PermissionUpdateType } from "../../sdk/app/permissions" const SUPPORTED_LEVELS = CURRENTLY_SUPPORTED_LEVELS -export function fetchBuiltin(ctx: UserCtx) { +export function fetchBuiltin( + ctx: UserCtx +) { ctx.body = Object.values(permissions.getBuiltinPermissions()) } -export function fetchLevels(ctx: UserCtx) { +export function fetchLevels(ctx: UserCtx) { // for now only provide the read/write perms externally ctx.body = SUPPORTED_LEVELS } diff --git a/packages/types/src/api/web/app/permission.ts b/packages/types/src/api/web/app/permission.ts index b40310f21c..1a19fb0834 100644 --- a/packages/types/src/api/web/app/permission.ts +++ b/packages/types/src/api/web/app/permission.ts @@ -1,4 +1,8 @@ -import { PermissionLevel } from "../../../sdk" +import { BuiltinPermission, PermissionLevel } from "../../../sdk" + +export type FetchBuiltinPermissionsRequest = BuiltinPermission[] + +export type FetchPermissionLevelsRequest = string[] export interface FetchResourcePermissionInfoResponse { [key: string]: Record diff --git a/packages/types/src/sdk/permissions.ts b/packages/types/src/sdk/permissions.ts index bb36af4170..43336a3317 100644 --- a/packages/types/src/sdk/permissions.ts +++ b/packages/types/src/sdk/permissions.ts @@ -36,3 +36,22 @@ export enum PermissionSource { INHERITED = "INHERITED", BASE = "BASE", } + +export interface Permission { + type: PermissionType + level: PermissionLevel +} + +export interface BuiltinPermission { + _id: BuiltinPermissionID + name: string + permissions: Permission[] +} + +export type BuiltinPermissions = { + [key in keyof typeof BuiltinPermissionID]: { + _id: (typeof BuiltinPermissionID)[key] + name: string + permissions: Permission[] + } +}