From a2ce35b2f660fea7287080e75bd8ccb4267e5bdf Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Thu, 11 Feb 2021 13:38:07 +0000 Subject: [PATCH] Fixing minor issue with switch to level -> roleID. --- .../server/src/api/controllers/permission.js | 16 +++---- .../server/src/utilities/security/roles.js | 48 +++++++++---------- 2 files changed, 30 insertions(+), 34 deletions(-) diff --git a/packages/server/src/api/controllers/permission.js b/packages/server/src/api/controllers/permission.js index 286ea5667c..2ecfe806cf 100644 --- a/packages/server/src/api/controllers/permission.js +++ b/packages/server/src/api/controllers/permission.js @@ -45,7 +45,7 @@ function getPermissionType(resourceId) { } } -async function getBasePermissions(resourceId) { +function getBasePermissions(resourceId) { const type = getPermissionType(resourceId) const permissions = {} for (let [roleId, role] of Object.entries(BUILTIN_ROLES)) { @@ -153,6 +153,7 @@ exports.fetch = async function(ctx) { if (permissions[roleId] == null) { permissions[roleId] = {} } + // TODO: need to work this out for (let [resource, level] of Object.entries(role.permissions)) { permissions[roleId][resource] = higherPermission( permissions[roleId][resource], @@ -173,16 +174,13 @@ exports.getResourcePerms = async function(ctx) { }) ) const roles = body.rows.map(row => row.doc) - const resourcePerms = {} + const resourcePerms = getBasePermissions(resourceId) for (let level of SUPPORTED_LEVELS) { - for (let role of roles) // update the various roleIds in the resource permissions - if (role.permissions && role.permissions[resourceId]) { - const roleId = getExternalRoleID(role._id) - resourcePerms[level] = higherPermission( - resourcePerms[roleId], - role.permissions[resourceId] - ) + for (let role of roles) { + if (role.permissions && role.permissions[resourceId]) { + resourcePerms[level] = getExternalRoleID(role._id) + } } } ctx.body = resourcePerms diff --git a/packages/server/src/utilities/security/roles.js b/packages/server/src/utilities/security/roles.js index 0cd9d0621e..c6336dec97 100644 --- a/packages/server/src/utilities/security/roles.js +++ b/packages/server/src/utilities/security/roles.js @@ -56,6 +56,29 @@ function isBuiltin(role) { return exports.BUILTIN_ROLE_ID_ARRAY.some(builtin => role.includes(builtin)) } +/** + * Returns whichever builtin roleID is lower. + */ +exports.lowerBuiltinRoleID = (roleId1, roleId2) => { + const MAX = Object.values(BUILTIN_IDS).length + 1 + function toNum(id) { + if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) { + return MAX + } + let role = exports.BUILTIN_ROLES[id], + count = 0 + do { + if (!role) { + break + } + role = exports.BUILTIN_ROLES[role.inherits] + count++ + } while (role !== null) + return count + } + return toNum(roleId1) > toNum(roleId2) ? roleId2 : roleId1 +} + /** * Gets the role object, this is mainly useful for two purposes, to check if the level exists and * to check if the role inherits any others. @@ -222,31 +245,6 @@ exports.getExternalRoleID = roleId => { return roleId } -/** - * Returns whichever roleID is lower. - */ -exports.lowerRoleID = async (appId, roleId1, roleId2) => { - // TODO: need to make this function work - const MAX = Object.values(BUILTIN_IDS).length + 1 - async function toNum(id) { - if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) { - return MAX - } - let role = await exports.getRole(appId, id), - count = 0 - do { - if (!role) { - break - } - role = exports.BUILTIN_ROLES[role.inherits] - count++ - } while (role !== null) - return count - } - const [num1, num2] = Promise.all([toNum(roleId1), toNum(roleId2)]) - return num1 > num2 ? roleId2 : roleId1 -} - exports.AccessController = AccessController exports.BUILTIN_ROLE_IDS = BUILTIN_IDS exports.isBuiltin = isBuiltin