budibase/packages/server/src/api/routes/row.js

const Router = require("@koa/router")
const rowController = require("../controllers/row")
const authorized = require("../../middleware/authorized")
const usage = require("../../middleware/usageQuota")
const {
  paramResource,
  paramSubResource,
} = require("../../middleware/resourceId")
const {
  PermissionLevels,
  PermissionTypes,
} = require("@budibase/auth/permissions")

const router = Router()

router
  /**
   * @api {get} /api/:tableId/:rowId/enrich Get an enriched row
   * @apiName /api/:tableId/:rowId/enrich
   * @apiGroup rows
   * @apiPermission table read access
   * @apiDescription This API is only useful when dealing with rows that have relationships.
   * Normally when a row is a returned from the API relationships will only have the structure
   * `{ primaryDisplay: "name", _id: ... }` but this call will return the full related rows
   * for each relationship instead.
   *
   * @apiParam {string} rowId The ID of the row which is to be retrieved and enriched.
   *
   * @apiSuccess {object} row The response body will be the enriched row.
   * @apiError {string} message If the table or row could not be found then an error will be thrown.
   */
  .get(
    "/api/:tableId/:rowId/enrich",
    paramSubResource("tableId", "rowId"),
    authorized(PermissionTypes.TABLE, PermissionLevels.READ),
    rowController.fetchEnrichedRow
  )
  /**
   * @api {get} /api/:tableId/rows Get all rows in a table
   * @apiName /api/:tableId/rows
   * @apiGroup rows
   * @apiPermission table read access
   * @apiDescription This is a deprecated endpoint that should not be used anymore, instead use the search endpoint.
   * This endpoint gets all of the rows within the specified table - it is not heavily used
   * due to its lack of support for pagination. With SQL tables this will retrieve up to a limit and then
   * will simply stop.
   *
   * @apiParam {string} tableId The ID of the table to retrieve all rows within.
   *
   * @apiSuccess {object[]} rows The response body will be an array of all rows found.
   * @apiError {string} message If the table could not be found then an error will be thrown.
   */
  .get(
    "/api/:tableId/rows",
    paramResource("tableId"),
    authorized(PermissionTypes.TABLE, PermissionLevels.READ),
    rowController.fetch
  )
  /**
   * @api {get} /api/:tableId/rows/:rowId Retrieve a single row
   * @apiName /api/:tableId/rows/:rowId
   * @apiGroup rows
   * @apiPermission table read access
   * @apiDescription This endpoint retrieves only the specified row. If you wish to retrieve
   * a row by anything other than its _id field, use the search endpoint.
   *
   * @apiParam {string} tableId The ID of the table to retrieve a row from.
   * @apiParam {string} rowId The ID of the row to retrieve.
   *
   * @apiSuccess {object} row The response body will be the row that was found.
   * @apiError {string} message If the table or row could not be found then an error will be thrown.
   */
  .get(
    "/api/:tableId/rows/:rowId",
    paramSubResource("tableId", "rowId"),
    authorized(PermissionTypes.TABLE, PermissionLevels.READ),
    rowController.find
  )
  /**
   * @api {post} /api/:tableId/search Search for rows in a table
   * @apiName /api/:tableId/search
   * @apiGroup rows
   * @apiPermission table read access
   * @apiDescription This is the primary method of accessing rows in Budibase, the data provider
   * and data UI in the builder are built atop this. All filtering, sorting and pagination is
   * handled through this, for internal and external (datasource plus, e.g. SQL) tables.
   *
   * @apiBody
   *
   */
  .post(
    "/api/:tableId/search",
    paramResource("tableId"),
    authorized(PermissionTypes.TABLE, PermissionLevels.READ),
    rowController.search
  )
  // DEPRECATED - this is an old API, but for backwards compat it needs to be
  // supported still
  .post(
    "/api/search/:tableId/rows",
    paramResource("tableId"),
    authorized(PermissionTypes.TABLE, PermissionLevels.READ),
    rowController.search
  )
  .post(
    "/api/:tableId/rows",
    paramResource("tableId"),
    authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
    usage,
    rowController.save
  )
  .patch(
    "/api/:tableId/rows",
    paramResource("tableId"),
    authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
    rowController.patch
  )
  .post(
    "/api/:tableId/rows/validate",
    paramResource("tableId"),
    authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
    rowController.validate
  )
  .delete(
    "/api/:tableId/rows",
    paramResource("tableId"),
    authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
    usage,
    rowController.destroy
  )

module.exports = router
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`const Router = require("@koa/router")`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`const rowController = require("../controllers/row")`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`const authorized = require("../../middleware/authorized")`
First work towards implementing Dynamo usage in the server when running in the cloud; this is for tracking usage against API keys. 2020-10-07 07:13:41 +13:00			`const usage = require("../../middleware/usageQuota")`
Adding in resource IDs everywhere they should be accessible. 2021-02-09 06:22:07 +13:00			`const {`
			`paramResource,`
			`paramSubResource,`
			`} = require("../../middleware/resourceId")`
WIP - this is working towards the permissions system but stopping here for the night, this is currently not functional. 2020-11-12 06:34:15 +13:00			`const {`
			`PermissionLevels,`
			`PermissionTypes,`
A general re-work of some parts of the auth lib, as well as moving roles/permissions around to make it possible to build an admin API which has role knowledge. 2021-05-15 02:43:41 +12:00			`} = require("@budibase/auth/permissions")`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00
			`const router = Router()`

			`router`
Basic work for generating. 2021-11-26 05:13:19 +13:00			`/**`
			`* @api {get} /api/:tableId/:rowId/enrich Get an enriched row`
			`* @apiName /api/:tableId/:rowId/enrich`
			`* @apiGroup rows`
			`* @apiPermission table read access`
			`* @apiDescription This API is only useful when dealing with rows that have relationships.`
			`* Normally when a row is a returned from the API relationships will only have the structure`
			* `{ primaryDisplay: "name", _id: ... }` but this call will return the full related rows
			`* for each relationship instead.`
			`*`
			`* @apiParam {string} rowId The ID of the row which is to be retrieved and enriched.`
			`*`
			`* @apiSuccess {object} row The response body will be the enriched row.`
			`* @apiError {string} message If the table or row could not be found then an error will be thrown.`
			`*/`
Adding routes for getting link records based on a record Id. 2020-09-30 00:02:06 +13:00			`.get(`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`"/api/:tableId/:rowId/enrich",`
Adding in resource IDs everywhere they should be accessible. 2021-02-09 06:22:07 +13:00			`paramSubResource("tableId", "rowId"),`
WIP - this is working towards the permissions system but stopping here for the night, this is currently not functional. 2020-11-12 06:34:15 +13:00			`authorized(PermissionTypes.TABLE, PermissionLevels.READ),`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`rowController.fetchEnrichedRow`
Adding routes for getting link records based on a record Id. 2020-09-30 00:02:06 +13:00			`)`
Basic work for generating. 2021-11-26 05:13:19 +13:00			`/**`
			`* @api {get} /api/:tableId/rows Get all rows in a table`
			`* @apiName /api/:tableId/rows`
			`* @apiGroup rows`
			`* @apiPermission table read access`
			`* @apiDescription This is a deprecated endpoint that should not be used anymore, instead use the search endpoint.`
			`* This endpoint gets all of the rows within the specified table - it is not heavily used`
			`* due to its lack of support for pagination. With SQL tables this will retrieve up to a limit and then`
			`* will simply stop.`
			`*`
			`* @apiParam {string} tableId The ID of the table to retrieve all rows within.`
			`*`
			`* @apiSuccess {object[]} rows The response body will be an array of all rows found.`
			`* @apiError {string} message If the table could not be found then an error will be thrown.`
			`*/`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`.get(`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`"/api/:tableId/rows",`
Adding in resource IDs everywhere they should be accessible. 2021-02-09 06:22:07 +13:00			`paramResource("tableId"),`
WIP - this is working towards the permissions system but stopping here for the night, this is currently not functional. 2020-11-12 06:34:15 +13:00			`authorized(PermissionTypes.TABLE, PermissionLevels.READ),`
Adding some work towards supporting full data source integration. 2021-06-16 00:03:55 +12:00			`rowController.fetch`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`)`
Basic work for generating. 2021-11-26 05:13:19 +13:00			`/**`
			`* @api {get} /api/:tableId/rows/:rowId Retrieve a single row`
			`* @apiName /api/:tableId/rows/:rowId`
			`* @apiGroup rows`
			`* @apiPermission table read access`
			`* @apiDescription This endpoint retrieves only the specified row. If you wish to retrieve`
			`* a row by anything other than its _id field, use the search endpoint.`
			`*`
			`* @apiParam {string} tableId The ID of the table to retrieve a row from.`
			`* @apiParam {string} rowId The ID of the row to retrieve.`
			`*`
			`* @apiSuccess {object} row The response body will be the row that was found.`
			`* @apiError {string} message If the table or row could not be found then an error will be thrown.`
			`*/`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`.get(`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`"/api/:tableId/rows/:rowId",`
Adding in resource IDs everywhere they should be accessible. 2021-02-09 06:22:07 +13:00			`paramSubResource("tableId", "rowId"),`
WIP - this is working towards the permissions system but stopping here for the night, this is currently not functional. 2020-11-12 06:34:15 +13:00			`authorized(PermissionTypes.TABLE, PermissionLevels.READ),`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`rowController.find`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`)`
Basic work for generating. 2021-11-26 05:13:19 +13:00			`/**`
			`* @api {post} /api/:tableId/search Search for rows in a table`
			`* @apiName /api/:tableId/search`
			`* @apiGroup rows`
			`* @apiPermission table read access`
			`* @apiDescription This is the primary method of accessing rows in Budibase, the data provider`
			`* and data UI in the builder are built atop this. All filtering, sorting and pagination is`
			`* handled through this, for internal and external (datasource plus, e.g. SQL) tables.`
			`*`
			`* @apiBody`
			`*`
			`*/`
Some of the functionality required for external SQL rows API. 2021-06-15 06:05:39 +12:00			`.post(`
			`"/api/:tableId/search",`
			`paramResource("tableId"),`
			`authorized(PermissionTypes.TABLE, PermissionLevels.READ),`
			`rowController.search`
			`)`
Fixing issue with app import, supporting old search API. 2021-06-22 09:29:32 +12:00			`// DEPRECATED - this is an old API, but for backwards compat it needs to be`
			`// supported still`
Linting. 2021-06-22 09:42:57 +12:00			`.post(`
			`"/api/search/:tableId/rows",`
Fixing issue with app import, supporting old search API. 2021-06-22 09:29:32 +12:00			`paramResource("tableId"),`
			`authorized(PermissionTypes.TABLE, PermissionLevels.READ),`
Linting. 2021-06-22 09:42:57 +12:00			`rowController.search`
			`)`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`.post(`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`"/api/:tableId/rows",`
Adding in resource IDs everywhere they should be accessible. 2021-02-09 06:22:07 +13:00			`paramResource("tableId"),`
WIP - this is working towards the permissions system but stopping here for the night, this is currently not functional. 2020-11-12 06:34:15 +13:00			`authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),`
First work towards implementing Dynamo usage in the server when running in the cloud; this is for tracking usage against API keys. 2020-10-07 07:13:41 +13:00			`usage,`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`rowController.save`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`)`
added PATCH record route 2020-09-10 20:36:14 +12:00			`.patch(`
Some of the functionality required for external SQL rows API. 2021-06-15 06:05:39 +12:00			`"/api/:tableId/rows",`
			`paramResource("tableId"),`
WIP - this is working towards the permissions system but stopping here for the night, this is currently not functional. 2020-11-12 06:34:15 +13:00			`authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`rowController.patch`
added PATCH record route 2020-09-10 20:36:14 +12:00			`)`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`.post(`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`"/api/:tableId/rows/validate",`
Adding in resource IDs everywhere they should be accessible. 2021-02-09 06:22:07 +13:00			`paramResource("tableId"),`
WIP - this is working towards the permissions system but stopping here for the night, this is currently not functional. 2020-11-12 06:34:15 +13:00			`authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`rowController.validate`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`)`
			`.delete(`
Fixing bulk deletion. 2021-06-12 06:54:47 +12:00			`"/api/:tableId/rows",`
			`paramResource("tableId"),`
WIP - this is working towards the permissions system but stopping here for the night, this is currently not functional. 2020-11-12 06:34:15 +13:00			`authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),`
First work towards implementing Dynamo usage in the server when running in the cloud; this is for tracking usage against API keys. 2020-10-07 07:13:41 +13:00			`usage,`
Changing record -> row in this update, completing the update of renaming in the builder, this release needs further testing. 2020-10-10 07:10:28 +13:00			`rowController.destroy`
removal of appRoot - appId comes in cookie 2020-06-13 07:42:55 +12:00			`)`

			`module.exports = router`