MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Set view permissions to explicit roles from the parent table

This commit is contained in:
Andrew Kingston 2024-09-18 11:50:15 +01:00
parent bb0fad8c9a
commit d4db493519
No known key found for this signature in database
2 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/server/src/api/controllers/permission.ts
View File

@ -20,7 +20,7 @@ import {
import { removeFromArray } from "../../utilities" import { removeFromArray } from "../../utilities"
import sdk from "../../sdk" import sdk from "../../sdk"
const enum PermissionUpdateType { export const enum PermissionUpdateType {
REMOVE = "remove", REMOVE = "remove",
ADD = "add", ADD = "add",
} }
@ -37,7 +37,7 @@ async function getAllDBRoles(db: Database) {
return body.rows.map(row => row.doc!) return body.rows.map(row => row.doc!)
} }
async function updatePermissionOnRole( export async function updatePermissionOnRole(
{ {
roleId, roleId,
resourceId, resourceId,

33
packages/server/src/sdk/app/views/index.ts
View File

@ -1,5 +1,6 @@
import { import {
FieldType, FieldType,
PermissionLevel,
RelationSchemaField, RelationSchemaField,
RenameColumn, RenameColumn,
Table, Table,
@ -10,20 +11,22 @@ import {
ViewV2ColumnEnriched, ViewV2ColumnEnriched,
ViewV2Enriched, ViewV2Enriched,
} from "@budibase/types" } from "@budibase/types"
import { HTTPError } from "@budibase/backend-core" import { HTTPError, roles } from "@budibase/backend-core"
import { features } from "@budibase/pro" import { features } from "@budibase/pro"
import { import {
helpers, helpers,
PROTECTED_EXTERNAL_COLUMNS, PROTECTED_EXTERNAL_COLUMNS,
PROTECTED_INTERNAL_COLUMNS, PROTECTED_INTERNAL_COLUMNS,
} from "@budibase/shared-core" } from "@budibase/shared-core"
import * as utils from "../../../db/utils" import * as utils from "../../../db/utils"
import { isExternalTableID } from "../../../integrations/utils" import { isExternalTableID } from "../../../integrations/utils"
import * as internal from "./internal" import * as internal from "./internal"
import * as external from "./external" import * as external from "./external"
import sdk from "../../../sdk" import sdk from "../../../sdk"
import {
updatePermissionOnRole,
PermissionUpdateType,
} from "src/api/controllers/permission"
function pickApi(tableId: any) { function pickApi(tableId: any) {
if (isExternalTableID(tableId)) { if (isExternalTableID(tableId)) {
@ -123,8 +126,30 @@ export async function create(
viewRequest: Omit<ViewV2, "id" | "version"> viewRequest: Omit<ViewV2, "id" | "version">
): Promise<ViewV2> { ): Promise<ViewV2> {
await guardViewSchema(tableId, viewRequest) await guardViewSchema(tableId, viewRequest)
const view = await pickApi(tableId).create(tableId, viewRequest)
return pickApi(tableId).create(tableId, viewRequest) // Set permissions to be the same as the table
const tablePerms = await sdk.permissions.getResourcePerms(tableId)
const readRole = tablePerms[PermissionLevel.READ]?.role
const writeRole = tablePerms[PermissionLevel.WRITE]?.role
await updatePermissionOnRole(
{
roleId: readRole || roles.BUILTIN_ROLE_IDS.BASIC,
resourceId: view.id,
level: PermissionLevel.READ,
},
PermissionUpdateType.ADD
)
await updatePermissionOnRole(
{
roleId: writeRole || roles.BUILTIN_ROLE_IDS.BASIC,
resourceId: view.id,
level: PermissionLevel.WRITE,
},
PermissionUpdateType.ADD
)
return view
} }
export async function update(tableId: string, view: ViewV2): Promise<ViewV2> { export async function update(tableId: string, view: ViewV2): Promise<ViewV2> {