CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-06-02 02:25:17 +12:00
Code Issues Projects Releases Wiki Activity

Fixing permission types.

Browse source
This commit is contained in:
mike12345567 2022-11-17 14:47:52 +00:00
parent 1d7e9d2b62
commit 6e659f873c
1 changed files with 48 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
packages/backend-core/src/security/permissions.js → packages/backend-core/src/security/permissions.ts
View file

@ -1,31 +1,40 @@
const { flatten } = require("lodash") const { flatten } = require("lodash")
const { cloneDeep } = require("lodash/fp") const { cloneDeep } = require("lodash/fp")
const PermissionLevels = { export type RoleHierarchy = {
READ: "read", permissionId: string
WRITE: "write", }[]
EXECUTE: "execute",
ADMIN: "admin", export enum PermissionLevels {
READ = "read",
WRITE = "write",
EXECUTE = "execute",
ADMIN = "admin",
} }
// these are the global types, that govern the underlying default behaviour // these are the global types, that govern the underlying default behaviour
const PermissionTypes = { export enum PermissionTypes {
APP: "app", APP = "app",
TABLE: "table", TABLE = "table",
USER: "user", USER = "user",
AUTOMATION: "automation", AUTOMATION = "automation",
WEBHOOK: "webhook", WEBHOOK = "webhook",
BUILDER: "builder", BUILDER = "builder",
VIEW: "view", VIEW = "view",
QUERY: "query", QUERY = "query",
} }
function Permission(type, level) { class Permission {
this.level = level type: PermissionTypes
this.type = type level: PermissionLevels
constructor(type: PermissionTypes, level: PermissionLevels) {
this.type = type
this.level = level
}
} }
function levelToNumber(perm) { function levelToNumber(perm: PermissionLevels) {
switch (perm) { switch (perm) {
// not everything has execute privileges // not everything has execute privileges
case PermissionLevels.EXECUTE: case PermissionLevels.EXECUTE:
@ -46,7 +55,7 @@ function levelToNumber(perm) {
* @param {string} userPermLevel The permission level of the user. * @param {string} userPermLevel The permission level of the user.
* @return {string[]} All the permission levels this user is allowed to carry out. * @return {string[]} All the permission levels this user is allowed to carry out.
*/ */
function getAllowedLevels(userPermLevel) { function getAllowedLevels(userPermLevel: PermissionLevels) {
switch (userPermLevel) { switch (userPermLevel) {
case PermissionLevels.EXECUTE: case PermissionLevels.EXECUTE:
return [PermissionLevels.EXECUTE] return [PermissionLevels.EXECUTE]
@ -64,24 +73,24 @@ function getAllowedLevels(userPermLevel) {
} }
} }
exports.BUILTIN_PERMISSION_IDS = { export enum BUILTIN_PERMISSION_IDS {
PUBLIC: "public", PUBLIC = "public",
READ_ONLY: "read_only", READ_ONLY = "read_only",
WRITE: "write", WRITE = "write",
ADMIN: "admin", ADMIN = "admin",
POWER: "power", POWER = "power",
} }
const BUILTIN_PERMISSIONS = { const BUILTIN_PERMISSIONS = {
PUBLIC: { PUBLIC: {
_id: exports.BUILTIN_PERMISSION_IDS.PUBLIC, _id: BUILTIN_PERMISSION_IDS.PUBLIC,
name: "Public", name: "Public",
permissions: [ permissions: [
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.EXECUTE), new Permission(PermissionTypes.WEBHOOK, PermissionLevels.EXECUTE),
], ],
}, },
READ_ONLY: { READ_ONLY: {
_id: exports.BUILTIN_PERMISSION_IDS.READ_ONLY, _id: BUILTIN_PERMISSION_IDS.READ_ONLY,
name: "Read only", name: "Read only",
permissions: [ permissions: [
new Permission(PermissionTypes.QUERY, PermissionLevels.READ), new Permission(PermissionTypes.QUERY, PermissionLevels.READ),
@ -90,7 +99,7 @@ const BUILTIN_PERMISSIONS = {
], ],
}, },
WRITE: { WRITE: {
_id: exports.BUILTIN_PERMISSION_IDS.WRITE, _id: BUILTIN_PERMISSION_IDS.WRITE,
name: "Read/Write", name: "Read/Write",
permissions: [ permissions: [
new Permission(PermissionTypes.QUERY, PermissionLevels.WRITE), new Permission(PermissionTypes.QUERY, PermissionLevels.WRITE),
@ -100,7 +109,7 @@ const BUILTIN_PERMISSIONS = {
], ],
}, },
POWER: { POWER: {
_id: exports.BUILTIN_PERMISSION_IDS.POWER, _id: BUILTIN_PERMISSION_IDS.POWER,
name: "Power", name: "Power",
permissions: [ permissions: [
new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE), new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE),
@ -111,7 +120,7 @@ const BUILTIN_PERMISSIONS = {
], ],
}, },
ADMIN: { ADMIN: {
_id: exports.BUILTIN_PERMISSION_IDS.ADMIN, _id: BUILTIN_PERMISSION_IDS.ADMIN,
name: "Admin", name: "Admin",
permissions: [ permissions: [
new Permission(PermissionTypes.TABLE, PermissionLevels.ADMIN), new Permission(PermissionTypes.TABLE, PermissionLevels.ADMIN),
@ -124,16 +133,20 @@ const BUILTIN_PERMISSIONS = {
}, },
} }
exports.getBuiltinPermissions = () => { export function getBuiltinPermissions() {
return cloneDeep(BUILTIN_PERMISSIONS) return cloneDeep(BUILTIN_PERMISSIONS)
} }
exports.getBuiltinPermissionByID = id => { export function getBuiltinPermissionByID(id: string) {
const perms = Object.values(BUILTIN_PERMISSIONS) const perms = Object.values(BUILTIN_PERMISSIONS)
return perms.find(perm => perm._id === id) return perms.find(perm => perm._id === id)
} }
exports.doesHaveBasePermission = (permType, permLevel, rolesHierarchy) => { export function doesHaveBasePermission(
permType: PermissionTypes,
permLevel: PermissionLevels,
rolesHierarchy: RoleHierarchy
) {
const basePermissions = [ const basePermissions = [
...new Set(rolesHierarchy.map(role => role.permissionId)), ...new Set(rolesHierarchy.map(role => role.permissionId)),
] ]
@ -154,11 +167,9 @@ exports.doesHaveBasePermission = (permType, permLevel, rolesHierarchy) => {
return false return false
} }
exports.isPermissionLevelHigherThanRead = level => { export function isPermissionLevelHigherThanRead(level: PermissionLevels) {
return levelToNumber(level) > 1 return levelToNumber(level) > 1
} }
// utility as a lot of things need simply the builder permission // utility as a lot of things need simply the builder permission
exports.BUILDER = PermissionTypes.BUILDER export const BUILDER = PermissionTypes.BUILDER
exports.PermissionTypes = PermissionTypes
exports.PermissionLevels = PermissionLevels