From d4db493519bfe45e662ad5c3c4bdfd5e3b4be6bc Mon Sep 17 00:00:00 2001 From: Andrew Kingston Date: Wed, 18 Sep 2024 11:50:15 +0100 Subject: [PATCH] Set view permissions to explicit roles from the parent table --- .../server/src/api/controllers/permission.ts | 4 +-- packages/server/src/sdk/app/views/index.ts | 33 ++++++++++++++++--- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/packages/server/src/api/controllers/permission.ts b/packages/server/src/api/controllers/permission.ts index 66a3254348..b75af88067 100644 --- a/packages/server/src/api/controllers/permission.ts +++ b/packages/server/src/api/controllers/permission.ts @@ -20,7 +20,7 @@ import { import { removeFromArray } from "../../utilities" import sdk from "../../sdk" -const enum PermissionUpdateType { +export const enum PermissionUpdateType { REMOVE = "remove", ADD = "add", } @@ -37,7 +37,7 @@ async function getAllDBRoles(db: Database) { return body.rows.map(row => row.doc!) } -async function updatePermissionOnRole( +export async function updatePermissionOnRole( { roleId, resourceId, diff --git a/packages/server/src/sdk/app/views/index.ts b/packages/server/src/sdk/app/views/index.ts index d7e05abf2f..c580bfde50 100644 --- a/packages/server/src/sdk/app/views/index.ts +++ b/packages/server/src/sdk/app/views/index.ts @@ -1,5 +1,6 @@ import { FieldType, + PermissionLevel, RelationSchemaField, RenameColumn, Table, @@ -10,20 +11,22 @@ import { ViewV2ColumnEnriched, ViewV2Enriched, } from "@budibase/types" -import { HTTPError } from "@budibase/backend-core" +import { HTTPError, roles } from "@budibase/backend-core" import { features } from "@budibase/pro" import { helpers, PROTECTED_EXTERNAL_COLUMNS, PROTECTED_INTERNAL_COLUMNS, } from "@budibase/shared-core" - import * as utils from "../../../db/utils" import { isExternalTableID } from "../../../integrations/utils" - import * as internal from "./internal" import * as external from "./external" import sdk from "../../../sdk" +import { + updatePermissionOnRole, + PermissionUpdateType, +} from "src/api/controllers/permission" function pickApi(tableId: any) { if (isExternalTableID(tableId)) { @@ -123,8 +126,30 @@ export async function create( viewRequest: Omit ): Promise { await guardViewSchema(tableId, viewRequest) + const view = await pickApi(tableId).create(tableId, viewRequest) - return pickApi(tableId).create(tableId, viewRequest) + // Set permissions to be the same as the table + const tablePerms = await sdk.permissions.getResourcePerms(tableId) + const readRole = tablePerms[PermissionLevel.READ]?.role + const writeRole = tablePerms[PermissionLevel.WRITE]?.role + await updatePermissionOnRole( + { + roleId: readRole || roles.BUILTIN_ROLE_IDS.BASIC, + resourceId: view.id, + level: PermissionLevel.READ, + }, + PermissionUpdateType.ADD + ) + await updatePermissionOnRole( + { + roleId: writeRole || roles.BUILTIN_ROLE_IDS.BASIC, + resourceId: view.id, + level: PermissionLevel.WRITE, + }, + PermissionUpdateType.ADD + ) + + return view } export async function update(tableId: string, view: ViewV2): Promise {