From dcd8c3b2896ed5da567c64d305e2b62df8357f33 Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Thu, 31 Aug 2023 10:36:17 +0200
Subject: [PATCH] Move permissions code to sdk

---
 .../server/src/api/controllers/permission.ts  | 26 +------------
 .../server/src/sdk/app/permissions/index.ts   | 38 ++++++++++++++++++-
 2 files changed, 37 insertions(+), 27 deletions(-)

diff --git a/packages/server/src/api/controllers/permission.ts b/packages/server/src/api/controllers/permission.ts
index 8314f29398..ef138ee5c2 100644
--- a/packages/server/src/api/controllers/permission.ts
+++ b/packages/server/src/api/controllers/permission.ts
@@ -147,31 +147,7 @@ export async function fetch(ctx: UserCtx) {
 
 export async function getResourcePerms(ctx: UserCtx) {
   const resourceId = ctx.params.resourceId
-  const db = context.getAppDB()
-  const body = await db.allDocs(
-    getRoleParams(null, {
-      include_docs: true,
-    })
-  )
-  const rolesList = body.rows.map(row => row.doc)
-  let permissions: Record<string, string> = {}
-  for (let level of SUPPORTED_LEVELS) {
-    // update the various roleIds in the resource permissions
-    for (let role of rolesList) {
-      const rolePerms = roles.checkForRoleResourceArray(
-        role.permissions,
-        resourceId
-      )
-      if (
-        rolePerms &&
-        rolePerms[resourceId] &&
-        rolePerms[resourceId].indexOf(level) !== -1
-      ) {
-        permissions[level] = roles.getExternalRoleID(role._id, role.version)!
-      }
-    }
-  }
-  ctx.body = Object.assign(getBasePermissions(resourceId), permissions)
+  ctx.body = await sdk.permissions.getResourcePerms(resourceId)
 }
 
 export async function addPermission(ctx: UserCtx) {
diff --git a/packages/server/src/sdk/app/permissions/index.ts b/packages/server/src/sdk/app/permissions/index.ts
index 2219120db6..144b4fab2b 100644
--- a/packages/server/src/sdk/app/permissions/index.ts
+++ b/packages/server/src/sdk/app/permissions/index.ts
@@ -1,10 +1,15 @@
+import { context, roles } from "@budibase/backend-core"
+import { features } from "@budibase/pro"
 import {
   DocumentType,
   PermissionLevel,
   VirtualDocumentType,
 } from "@budibase/types"
-import { isViewID } from "../../../db/utils"
-import { features } from "@budibase/pro"
+import { getRoleParams, isViewID } from "../../../db/utils"
+import {
+  CURRENTLY_SUPPORTED_LEVELS,
+  getBasePermissions,
+} from "../../../utilities/security"
 
 type ResourceActionAllowedResult =
   | { allowed: true }
@@ -35,3 +40,32 @@ export async function resourceActionAllowed({
     resourceType: VirtualDocumentType.VIEW,
   }
 }
+
+export async function getResourcePerms(resourceId: string) {
+  const db = context.getAppDB()
+  const body = await db.allDocs(
+    getRoleParams(null, {
+      include_docs: true,
+    })
+  )
+  const rolesList = body.rows.map(row => row.doc)
+  let permissions: Record<string, string> = {}
+  for (let level of CURRENTLY_SUPPORTED_LEVELS) {
+    // update the various roleIds in the resource permissions
+    for (let role of rolesList) {
+      const rolePerms = roles.checkForRoleResourceArray(
+        role.permissions,
+        resourceId
+      )
+      if (
+        rolePerms &&
+        rolePerms[resourceId] &&
+        rolePerms[resourceId].indexOf(level) !== -1
+      ) {
+        permissions[level] = roles.getExternalRoleID(role._id, role.version)!
+      }
+    }
+  }
+
+  return Object.assign(getBasePermissions(resourceId), permissions)
+}