Merge pull request #11609 from Budibase/BUDI-7393/dont-allow-frontend

Guard frontend view permissions
2024-10-05 20:44:47 +13:00 · 2023-08-29 15:49:50 +02:00 · 2023-08-29 15:49:50 +02:00 · 8269dc98cd
commit 8269dc98cd
parent 33ed4e1cbf 0fe02c189c
6 changed files with 58 additions and 29 deletions
--- a/packages/builder/src/components/backend/DataTable/buttons/ManageAccessButton.svelte
+++ b/packages/builder/src/components/backend/DataTable/buttons/ManageAccessButton.svelte
@ -5,6 +5,7 @@

  export let resourceId
  export let disabled = false
+  export let requiresLicence

  let modal
  let resourcePermissions
@ -21,6 +22,7 @@
 <Modal bind:this={modal}>
  <ManageAccessModal
    {resourceId}
+    {requiresLicence}
    levels={$permissions}
    permissions={resourcePermissions}
  />
--- a/packages/builder/src/components/backend/DataTable/buttons/grid/GridManageAccessButton.svelte
+++ b/packages/builder/src/components/backend/DataTable/buttons/grid/GridManageAccessButton.svelte
@ -1,4 +1,5 @@
 <script>
+  import { licensing, admin } from "stores/portal"
  import ManageAccessButton from "../ManageAccessButton.svelte"
  import { getContext } from "svelte"

@ -12,6 +13,17 @@
    }
    return datasource.type === "table" ? datasource.tableId : datasource.id
  }
+
+  var requiresLicence
+  $: {
+    if ($datasource.type === "viewV2" && !$licensing.isViewPermissionsEnabled) {
+      const requiredLicense = $admin?.cloud ? "Premium" : "Business"
+      requiresLicence = {
+        tier: requiredLicense,
+        message: `A ${requiredLicense} subscription is required to specify access level roles for this view.`,
+      }
+    }
+  }
 </script>

-<ManageAccessButton {resourceId} />
+<ManageAccessButton {resourceId} {requiresLicence} />
--- a/packages/builder/src/components/backend/DataTable/modals/ManageAccessModal.svelte
+++ b/packages/builder/src/components/backend/DataTable/modals/ManageAccessModal.svelte
@ -7,11 +7,14 @@
    notifications,
    Body,
    ModalContent,
+    Tags,
+    Tag,
  } from "@budibase/bbui"
  import { capitalise } from "helpers"

  export let resourceId
  export let permissions
+  export let requiresLicence

  async function changePermission(level, role) {
    try {
@ -30,22 +33,36 @@
  }
 </script>

-<ModalContent title="Manage Access" showCancelButton={false} confirmText="Done">
-  <Body size="S">Specify the minimum access level role for this data.</Body>
-  <div class="row">
-    <Label extraSmall grey>Level</Label>
-    <Label extraSmall grey>Role</Label>
-    {#each Object.keys(permissions) as level}
-      <Input value={capitalise(level)} disabled />
-      <Select
-        value={permissions[level]}
-        on:change={e => changePermission(level, e.detail)}
-        options={$roles}
-        getOptionLabel={x => x.name}
-        getOptionValue={x => x._id}
-      />
-    {/each}
-  </div>
+<ModalContent showCancelButton={false} confirmText="Done">
+  <span slot="header">
+    Manage Access
+    {#if requiresLicence}
+      <span class="lock-tag">
+        <Tags>
+          <Tag icon="LockClosed">{requiresLicence.tier}</Tag>
+        </Tags>
+      </span>
+    {/if}
+  </span>
+  {#if requiresLicence}
+    <Body size="S">{requiresLicence.message}</Body>
+  {:else}
+    <Body size="S">Specify the minimum access level role for this data.</Body>
+    <div class="row">
+      <Label extraSmall grey>Level</Label>
+      <Label extraSmall grey>Role</Label>
+      {#each Object.keys(permissions) as level}
+        <Input value={capitalise(level)} disabled />
+        <Select
+          value={permissions[level]}
+          on:change={e => changePermission(level, e.detail)}
+          options={$roles}
+          getOptionLabel={x => x.name}
+          getOptionValue={x => x._id}
+        />
+      {/each}
+    </div>
+  {/if}
 </ModalContent>

 <style>
@ -54,4 +71,8 @@
    grid-template-columns: 1fr 1fr;
    grid-gap: var(--spacing-s);
  }
+
+  .lock-tag {
+    padding-left: var(--spacing-s);
+  }
 </style>
--- a/packages/builder/src/stores/portal/licensing.js
+++ b/packages/builder/src/stores/portal/licensing.js
@ -125,6 +125,9 @@ export const createLicensingStore = () => {
      const syncAutomationsEnabled = license.features.includes(
        Constants.Features.SYNC_AUTOMATIONS
      )
+      const isViewPermissionsEnabled = license.features.includes(
+        Constants.Features.VIEW_PERMISSIONS
+      )
      store.update(state => {
        return {
          ...state,
@ -140,6 +143,7 @@ export const createLicensingStore = () => {
          auditLogsEnabled,
          enforceableSSO,
          syncAutomationsEnabled,
+          isViewPermissionsEnabled,
        }
      })
    },
--- a/packages/frontend-core/src/constants.js
+++ b/packages/frontend-core/src/constants.js
@ -2,6 +2,7 @@
 * Operator options for lucene queries
 */
 export { OperatorOptions, SqlNumberTypeRangeMap } from "@budibase/shared-core"
+export { Feature as Features } from "@budibase/types"

 // Cookie names
 export const Cookies = {
@ -62,17 +63,6 @@ export const PlanType = {
 */
 export const ApiVersion = "1"

-export const Features = {
-  USER_GROUPS: "userGroups",
-  BACKUPS: "appBackups",
-  ENVIRONMENT_VARIABLES: "environmentVariables",
-  AUDIT_LOGS: "auditLogs",
-  ENFORCEABLE_SSO: "enforceableSSO",
-  BRANDING: "branding",
-  SCIM: "scim",
-  SYNC_AUTOMATIONS: "syncAutomations",
-}
-
 // Role IDs
 export const Roles = {
  ADMIN: "ADMIN",
--- a/packages/types/src/sdk/licensing/feature.ts
+++ b/packages/types/src/sdk/licensing/feature.ts
@ -12,7 +12,7 @@ export enum Feature {
  APP_BUILDERS = "appBuilders",
  OFFLINE = "offline",
  USER_ROLE_PUBLIC_API = "userRolePublicApi",
-  VIEW_PERMISSIONS = "viewPermission",
+  VIEW_PERMISSIONS = "viewPermissions",
 }

 export type PlanFeatures = { [key in PlanType]: Feature[] | undefined }