From ff402c54e0ad79dde56eb568ee87573197bb56ff Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 8 Oct 2024 17:48:39 +0200 Subject: [PATCH] Add view tests --- .../src/api/routes/tests/permissions.spec.ts | 81 ++++++++++++++++--- packages/server/src/sdk/app/views/index.ts | 25 +----- 2 files changed, 69 insertions(+), 37 deletions(-) diff --git a/packages/server/src/api/routes/tests/permissions.spec.ts b/packages/server/src/api/routes/tests/permissions.spec.ts index c8b7597c9d..5dfece3126 100644 --- a/packages/server/src/api/routes/tests/permissions.spec.ts +++ b/packages/server/src/api/routes/tests/permissions.spec.ts @@ -1,5 +1,5 @@ import { roles } from "@budibase/backend-core" -import { Document, PermissionLevel, Row, ViewV2 } from "@budibase/types" +import { Document, PermissionLevel, Row } from "@budibase/types" import * as setup from "./utilities" import { generator, mocks } from "@budibase/backend-core/tests" @@ -9,6 +9,8 @@ const { BUILTIN_ROLE_IDS } = roles const HIGHER_ROLE_ID = BUILTIN_ROLE_IDS.BASIC const STD_ROLE_ID = BUILTIN_ROLE_IDS.PUBLIC +const DEFAULT_TABLE_ROLE_ID = BUILTIN_ROLE_IDS.ADMIN + describe("/permission", () => { let request = setup.getRequest() let config = setup.getConfig() @@ -39,16 +41,12 @@ describe("/permission", () => { }) describe("table permissions", () => { - const DEFAULT_TABLE_ROLE_ID = BUILTIN_ROLE_IDS.ADMIN - let tableId: string - let row: Row let perms: Document[] beforeEach(async () => { const table = await config.createTable() tableId = table._id! - row = await config.createRow() perms = await config.api.permission.add({ roleId: STD_ROLE_ID, resourceId: tableId, @@ -129,13 +127,16 @@ describe("/permission", () => { }) describe("check public user allowed", () => { - let view: ViewV2 + let viewId: string + let row: Row beforeEach(async () => { - view = await config.api.viewV2.create({ + const view = await config.api.viewV2.create({ tableId, name: generator.guid(), }) + viewId = view.id + row = await config.createRow() }) it("should be able to read the row", async () => { @@ -154,14 +155,14 @@ describe("/permission", () => { // Make view inherit table permissions. Needed for backwards compatibility with existing views. await config.api.permission.revoke({ roleId: STD_ROLE_ID, - resourceId: view.id, + resourceId: viewId, level: PermissionLevel.READ, }) // replicate changes before checking permissions await config.publish() - const res = await config.api.viewV2.publicSearch(view.id) + const res = await config.api.viewV2.publicSearch(viewId) expect(res.rows[0]._id).toEqual(row._id) }) @@ -175,14 +176,14 @@ describe("/permission", () => { // Make view inherit table permissions. Needed for backwards compatibility with existing views. await config.api.permission.revoke({ roleId: STD_ROLE_ID, - resourceId: view.id, + resourceId: viewId, level: PermissionLevel.READ, }) // replicate changes before checking permissions await config.publish() - await config.api.viewV2.publicSearch(view.id, undefined, { + await config.api.viewV2.publicSearch(viewId, undefined, { status: 401, }) }) @@ -190,7 +191,7 @@ describe("/permission", () => { it("should use the view permissions", async () => { await config.api.permission.add({ roleId: STD_ROLE_ID, - resourceId: view.id, + resourceId: viewId, level: PermissionLevel.READ, }) await config.api.permission.revoke({ @@ -201,7 +202,7 @@ describe("/permission", () => { // replicate changes before checking permissions await config.publish() - const res = await config.api.viewV2.publicSearch(view.id) + const res = await config.api.viewV2.publicSearch(viewId) expect(res.rows[0]._id).toEqual(row._id) }) @@ -217,6 +218,60 @@ describe("/permission", () => { }) }) + describe("view permissions", () => { + let tableId: string + let viewId: string + + beforeEach(async () => { + const table = await config.createTable() + tableId = table._id! + + const view = await config.api.viewV2.create({ + tableId, + name: generator.guid(), + }) + viewId = view.id + }) + + it("default permissions inherits the table default value", async () => { + const { permissions } = await config.api.permission.get(viewId) + expect(permissions).toEqual({ + read: { + permissionType: "INHERITED", + role: DEFAULT_TABLE_ROLE_ID, + inheritablePermission: DEFAULT_TABLE_ROLE_ID, + }, + write: { + permissionType: "INHERITED", + role: DEFAULT_TABLE_ROLE_ID, + inheritablePermission: DEFAULT_TABLE_ROLE_ID, + }, + }) + }) + + it("default permissions inherits explicit table permissions", async () => { + await config.api.permission.add({ + roleId: STD_ROLE_ID, + resourceId: tableId, + level: PermissionLevel.READ, + }) + + const { permissions } = await config.api.permission.get(viewId) + expect(permissions).toEqual({ + read: { + permissionType: "INHERITED", + role: STD_ROLE_ID, + inheritablePermission: STD_ROLE_ID, + }, + write: { + permissionType: "INHERITED", + role: DEFAULT_TABLE_ROLE_ID, + inheritablePermission: DEFAULT_TABLE_ROLE_ID, + }, + }) + }) + }) + describe("fetch builtins", () => { it("should be able to fetch builtin definitions", async () => { const res = await request diff --git a/packages/server/src/sdk/app/views/index.ts b/packages/server/src/sdk/app/views/index.ts index 44f6beedb1..36d6dd6f85 100644 --- a/packages/server/src/sdk/app/views/index.ts +++ b/packages/server/src/sdk/app/views/index.ts @@ -3,7 +3,6 @@ import { canGroupBy, FieldType, isNumeric, - PermissionLevel, RelationSchemaField, RenameColumn, Table, @@ -13,7 +12,7 @@ import { ViewV2ColumnEnriched, ViewV2Enriched, } from "@budibase/types" -import { context, docIds, HTTPError, roles } from "@budibase/backend-core" +import { context, docIds, HTTPError } from "@budibase/backend-core" import { helpers, PROTECTED_EXTERNAL_COLUMNS, @@ -26,7 +25,6 @@ import { isExternalTableID } from "../../../integrations/utils" import * as internal from "./internal" import * as external from "./external" import sdk from "../../../sdk" -import { PermissionUpdateType, updatePermissionOnRole } from "../permissions" function pickApi(tableId: any) { if (isExternalTableID(tableId)) { @@ -245,27 +243,6 @@ export async function create( const view = await pickApi(tableId).create(tableId, viewRequest) - // Set permissions to be the same as the table - const tablePerms = await sdk.permissions.getResourcePerms(tableId) - const readRole = tablePerms[PermissionLevel.READ]?.role - const writeRole = tablePerms[PermissionLevel.WRITE]?.role - await updatePermissionOnRole( - { - roleId: readRole || roles.BUILTIN_ROLE_IDS.BASIC, - resourceId: view.id, - level: PermissionLevel.READ, - }, - PermissionUpdateType.ADD - ) - await updatePermissionOnRole( - { - roleId: writeRole || roles.BUILTIN_ROLE_IDS.BASIC, - resourceId: view.id, - level: PermissionLevel.WRITE, - }, - PermissionUpdateType.ADD - ) - return view }