MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Permission API typing.

This commit is contained in:
mike12345567 2024-12-03 16:50:13 +00:00
parent 4bf23b0163
commit d0179ed815
5 changed files with 58 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
packages/backend-core/src/security/permissions.ts
View File

@ -2,6 +2,8 @@ import {
PermissionLevel, PermissionLevel,
PermissionType, PermissionType,
BuiltinPermissionID, BuiltinPermissionID,
Permission,
BuiltinPermissions,
} from "@budibase/types" } from "@budibase/types"
import flatten from "lodash/flatten" import flatten from "lodash/flatten"
import cloneDeep from "lodash/fp/cloneDeep" import cloneDeep from "lodash/fp/cloneDeep"
@ -12,7 +14,7 @@ export type RoleHierarchy = {
permissionId: string permissionId: string
}[] }[]
export class Permission { export class PermissionImpl implements Permission {
type: PermissionType type: PermissionType
level: PermissionLevel level: PermissionLevel
@ -61,68 +63,62 @@ export function getAllowedLevels(userPermLevel: PermissionLevel): string[] {
} }
} }
export const BUILTIN_PERMISSIONS: { export const BUILTIN_PERMISSIONS: BuiltinPermissions = {
[key in keyof typeof BuiltinPermissionID]: {
_id: (typeof BuiltinPermissionID)[key]
name: string
permissions: Permission[]
}
} = {
PUBLIC: { PUBLIC: {
_id: BuiltinPermissionID.PUBLIC, _id: BuiltinPermissionID.PUBLIC,
name: "Public", name: "Public",
permissions: [ permissions: [
new Permission(PermissionType.WEBHOOK, PermissionLevel.EXECUTE), new PermissionImpl(PermissionType.WEBHOOK, PermissionLevel.EXECUTE),
], ],
}, },
READ_ONLY: { READ_ONLY: {
_id: BuiltinPermissionID.READ_ONLY, _id: BuiltinPermissionID.READ_ONLY,
name: "Read only", name: "Read only",
permissions: [ permissions: [
new Permission(PermissionType.QUERY, PermissionLevel.READ), new PermissionImpl(PermissionType.QUERY, PermissionLevel.READ),
new Permission(PermissionType.TABLE, PermissionLevel.READ), new PermissionImpl(PermissionType.TABLE, PermissionLevel.READ),
new Permission(PermissionType.APP, PermissionLevel.READ), new PermissionImpl(PermissionType.APP, PermissionLevel.READ),
], ],
}, },
WRITE: { WRITE: {
_id: BuiltinPermissionID.WRITE, _id: BuiltinPermissionID.WRITE,
name: "Read/Write", name: "Read/Write",
permissions: [ permissions: [
new Permission(PermissionType.QUERY, PermissionLevel.WRITE), new PermissionImpl(PermissionType.QUERY, PermissionLevel.WRITE),
new Permission(PermissionType.TABLE, PermissionLevel.WRITE), new PermissionImpl(PermissionType.TABLE, PermissionLevel.WRITE),
new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE), new PermissionImpl(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ), new PermissionImpl(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
new Permission(PermissionType.APP, PermissionLevel.READ), new PermissionImpl(PermissionType.APP, PermissionLevel.READ),
], ],
}, },
POWER: { POWER: {
_id: BuiltinPermissionID.POWER, _id: BuiltinPermissionID.POWER,
name: "Power", name: "Power",
permissions: [ permissions: [
new Permission(PermissionType.TABLE, PermissionLevel.WRITE), new PermissionImpl(PermissionType.TABLE, PermissionLevel.WRITE),
new Permission(PermissionType.USER, PermissionLevel.READ), new PermissionImpl(PermissionType.USER, PermissionLevel.READ),
new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE), new PermissionImpl(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
new Permission(PermissionType.WEBHOOK, PermissionLevel.READ), new PermissionImpl(PermissionType.WEBHOOK, PermissionLevel.READ),
new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ), new PermissionImpl(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
new Permission(PermissionType.APP, PermissionLevel.READ), new PermissionImpl(PermissionType.APP, PermissionLevel.READ),
], ],
}, },
ADMIN: { ADMIN: {
_id: BuiltinPermissionID.ADMIN, _id: BuiltinPermissionID.ADMIN,
name: "Admin", name: "Admin",
permissions: [ permissions: [
new Permission(PermissionType.TABLE, PermissionLevel.ADMIN), new PermissionImpl(PermissionType.TABLE, PermissionLevel.ADMIN),
new Permission(PermissionType.USER, PermissionLevel.ADMIN), new PermissionImpl(PermissionType.USER, PermissionLevel.ADMIN),
new Permission(PermissionType.AUTOMATION, PermissionLevel.ADMIN), new PermissionImpl(PermissionType.AUTOMATION, PermissionLevel.ADMIN),
new Permission(PermissionType.WEBHOOK, PermissionLevel.READ), new PermissionImpl(PermissionType.WEBHOOK, PermissionLevel.READ),
new Permission(PermissionType.QUERY, PermissionLevel.ADMIN), new PermissionImpl(PermissionType.QUERY, PermissionLevel.ADMIN),
new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ), new PermissionImpl(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
new Permission(PermissionType.APP, PermissionLevel.READ), new PermissionImpl(PermissionType.APP, PermissionLevel.READ),
], ],
}, },
} }
export function getBuiltinPermissions() { export function getBuiltinPermissions(): BuiltinPermissions {
return cloneDeep(BUILTIN_PERMISSIONS) return cloneDeep(BUILTIN_PERMISSIONS)
} }

2
packages/backend-core/src/security/tests/permissions.spec.ts
View File

@ -133,7 +133,7 @@ describe("getBuiltinPermissionByID", () => {
_id: BuiltinPermissionID.PUBLIC, _id: BuiltinPermissionID.PUBLIC,
name: "Public", name: "Public",
permissions: [ permissions: [
new permissions.Permission( new permissions.PermissionImpl(
permissions.PermissionType.WEBHOOK, permissions.PermissionType.WEBHOOK,
permissions.PermissionLevel.EXECUTE permissions.PermissionLevel.EXECUTE
), ),

8
packages/server/src/api/controllers/permission.ts
View File

@ -9,6 +9,8 @@ import {
RemovePermissionRequest, RemovePermissionRequest,
RemovePermissionResponse, RemovePermissionResponse,
FetchResourcePermissionInfoResponse, FetchResourcePermissionInfoResponse,
FetchBuiltinPermissionsRequest,
FetchPermissionLevelsRequest,
} from "@budibase/types" } from "@budibase/types"
import { import {
CURRENTLY_SUPPORTED_LEVELS, CURRENTLY_SUPPORTED_LEVELS,
@ -19,11 +21,13 @@ import { PermissionUpdateType } from "../../sdk/app/permissions"
const SUPPORTED_LEVELS = CURRENTLY_SUPPORTED_LEVELS const SUPPORTED_LEVELS = CURRENTLY_SUPPORTED_LEVELS
export function fetchBuiltin(ctx: UserCtx) { export function fetchBuiltin(
ctx: UserCtx<void, FetchBuiltinPermissionsRequest>
) {
ctx.body = Object.values(permissions.getBuiltinPermissions()) ctx.body = Object.values(permissions.getBuiltinPermissions())
} }
export function fetchLevels(ctx: UserCtx) { export function fetchLevels(ctx: UserCtx<void, FetchPermissionLevelsRequest>) {
// for now only provide the read/write perms externally // for now only provide the read/write perms externally
ctx.body = SUPPORTED_LEVELS ctx.body = SUPPORTED_LEVELS
} }

6
packages/types/src/api/web/app/permission.ts
View File

@ -1,4 +1,8 @@
import { PermissionLevel } from "../../../sdk" import { BuiltinPermission, PermissionLevel } from "../../../sdk"
export type FetchBuiltinPermissionsRequest = BuiltinPermission[]
export type FetchPermissionLevelsRequest = string[]
export interface FetchResourcePermissionInfoResponse { export interface FetchResourcePermissionInfoResponse {
[key: string]: Record<string, string> [key: string]: Record<string, string>

19
packages/types/src/sdk/permissions.ts
View File

@ -36,3 +36,22 @@ export enum PermissionSource {
INHERITED = "INHERITED", INHERITED = "INHERITED",
BASE = "BASE", BASE = "BASE",
} }
export interface Permission {
type: PermissionType
level: PermissionLevel
}
export interface BuiltinPermission {
_id: BuiltinPermissionID
name: string
permissions: Permission[]
}
export type BuiltinPermissions = {
[key in keyof typeof BuiltinPermissionID]: {
_id: (typeof BuiltinPermissionID)[key]
name: string
permissions: Permission[]
}
}