From edb8cd6330c0669d5ccf481833a557244f8ae79f Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Mon, 21 Aug 2023 16:57:00 +0300 Subject: [PATCH 01/16] Refactor tests to TS --- ...ermissions.spec.js => permissions.spec.ts} | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) rename packages/server/src/api/routes/tests/{permissions.spec.js => permissions.spec.ts} (91%) diff --git a/packages/server/src/api/routes/tests/permissions.spec.js b/packages/server/src/api/routes/tests/permissions.spec.ts similarity index 91% rename from packages/server/src/api/routes/tests/permissions.spec.js rename to packages/server/src/api/routes/tests/permissions.spec.ts index ed131aed80..c5c24372fd 100644 --- a/packages/server/src/api/routes/tests/permissions.spec.js +++ b/packages/server/src/api/routes/tests/permissions.spec.ts @@ -1,5 +1,7 @@ -const { roles } = require("@budibase/backend-core") -const setup = require("./utilities") +import { roles } from "@budibase/backend-core" +import { Document, Row, Table } from "@budibase/types" +import * as setup from "./utilities" + const { basicRow } = setup.structures const { BUILTIN_ROLE_IDS } = roles @@ -9,18 +11,18 @@ const STD_ROLE_ID = BUILTIN_ROLE_IDS.PUBLIC describe("/permission", () => { let request = setup.getRequest() let config = setup.getConfig() - let table - let perms - let row + let table: Table & { _id: string } + let perms: Document[] + let row: Row afterAll(setup.afterAll) beforeAll(async () => { await config.init() }) - + beforeEach(async () => { - table = await config.createTable() + table = (await config.createTable()) as typeof table row = await config.createRow() perms = await config.addPermission(STD_ROLE_ID, table._id) }) @@ -124,7 +126,9 @@ describe("/permission", () => { .expect("Content-Type", /json/) .expect(200) expect(Array.isArray(res.body)).toEqual(true) - const publicPerm = res.body.find(perm => perm._id === "public") + const publicPerm = res.body.find( + (perm: Document) => perm._id === "public" + ) expect(publicPerm).toBeDefined() expect(publicPerm.permissions).toBeDefined() expect(publicPerm.name).toBeDefined() From 28fac622394da53422bf2d33b6e7babb5c1a8f11 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Mon, 21 Aug 2023 17:09:33 +0300 Subject: [PATCH 02/16] Remove unused param --- packages/server/src/api/controllers/permission.ts | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/packages/server/src/api/controllers/permission.ts b/packages/server/src/api/controllers/permission.ts index 20e64d2cfb..6fbc9d6209 100644 --- a/packages/server/src/api/controllers/permission.ts +++ b/packages/server/src/api/controllers/permission.ts @@ -25,7 +25,6 @@ async function getAllDBRoles(db: Database) { } async function updatePermissionOnRole( - appId: string, { roleId, resourceId, @@ -163,16 +162,11 @@ export async function getResourcePerms(ctx: UserCtx) { } export async function addPermission(ctx: UserCtx) { - ctx.body = await updatePermissionOnRole( - ctx.appId, - ctx.params, - PermissionUpdateType.ADD - ) + ctx.body = await updatePermissionOnRole(ctx.params, PermissionUpdateType.ADD) } export async function removePermission(ctx: UserCtx) { ctx.body = await updatePermissionOnRole( - ctx.appId, ctx.params, PermissionUpdateType.REMOVE ) From 62579fab4e4c7de1f08a4a2dae584d726fd3673e Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Mon, 21 Aug 2023 17:56:19 +0300 Subject: [PATCH 03/16] Check if resouce is allowed to change --- .../server/src/api/controllers/permission.ts | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/packages/server/src/api/controllers/permission.ts b/packages/server/src/api/controllers/permission.ts index 6fbc9d6209..8314f29398 100644 --- a/packages/server/src/api/controllers/permission.ts +++ b/packages/server/src/api/controllers/permission.ts @@ -1,11 +1,12 @@ -import { permissions, roles, context } from "@budibase/backend-core" +import { permissions, roles, context, HTTPError } from "@budibase/backend-core" +import { UserCtx, Database, Role, PermissionLevel } from "@budibase/types" import { getRoleParams } from "../../db/utils" import { CURRENTLY_SUPPORTED_LEVELS, getBasePermissions, } from "../../utilities/security" import { removeFromArray } from "../../utilities" -import { UserCtx, Database, Role } from "@budibase/types" +import sdk from "../../sdk" const PermissionUpdateType = { REMOVE: "remove", @@ -29,9 +30,21 @@ async function updatePermissionOnRole( roleId, resourceId, level, - }: { roleId: string; resourceId: string; level: string }, + }: { roleId: string; resourceId: string; level: PermissionLevel }, updateType: string ) { + const allowedAction = await sdk.permissions.resourceActionAllowed({ + resourceId, + level, + }) + + if (!allowedAction.allowed) { + throw new HTTPError( + `You are not allowed to '${allowedAction.level}' the resource type '${allowedAction.resourceType}'`, + 403 + ) + } + const db = context.getAppDB() const remove = updateType === PermissionUpdateType.REMOVE const isABuiltin = roles.isBuiltin(roleId) From 54c285f71c20f9e2f32f29c0b67c7097cb94095f Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Mon, 21 Aug 2023 17:56:40 +0300 Subject: [PATCH 04/16] Add basic sdk checks --- .../server/src/sdk/app/permissions/index.ts | 32 +++++++++++++++++++ packages/server/src/sdk/index.ts | 2 ++ 2 files changed, 34 insertions(+) create mode 100644 packages/server/src/sdk/app/permissions/index.ts diff --git a/packages/server/src/sdk/app/permissions/index.ts b/packages/server/src/sdk/app/permissions/index.ts new file mode 100644 index 0000000000..ad78310bb5 --- /dev/null +++ b/packages/server/src/sdk/app/permissions/index.ts @@ -0,0 +1,32 @@ +import { + DocumentType, + PermissionLevel, + VirtualDocumentType, +} from "@budibase/types" +import { isViewID } from "../../../db/utils" + +type ResourceActionAllowedResult = + | { allowed: true } + | { + allowed: false + level: PermissionLevel + resourceType: DocumentType | VirtualDocumentType + } + +export async function resourceActionAllowed({ + resourceId, + level, +}: { + resourceId: string + level: PermissionLevel +}): Promise { + if (!isViewID(resourceId)) { + return { allowed: true } + } + + return { + allowed: false, + level, + resourceType: VirtualDocumentType.VIEW, + } +} diff --git a/packages/server/src/sdk/index.ts b/packages/server/src/sdk/index.ts index 85ac483c05..24eb1ebf3c 100644 --- a/packages/server/src/sdk/index.ts +++ b/packages/server/src/sdk/index.ts @@ -8,6 +8,7 @@ import { default as rows } from "./app/rows" import { default as users } from "./users" import { default as plugins } from "./plugins" import * as views from "./app/views" +import * as permissions from "./app/permissions" const sdk = { backups, @@ -20,6 +21,7 @@ const sdk = { queries, plugins, views, + permissions, } // default export for TS From 63ffc81ffe9549819c122a74f6de2540145f68fe Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Mon, 21 Aug 2023 17:56:58 +0300 Subject: [PATCH 05/16] Tests --- .../server/src/api/routes/tests/permissions.spec.ts | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/packages/server/src/api/routes/tests/permissions.spec.ts b/packages/server/src/api/routes/tests/permissions.spec.ts index c5c24372fd..ec72118273 100644 --- a/packages/server/src/api/routes/tests/permissions.spec.ts +++ b/packages/server/src/api/routes/tests/permissions.spec.ts @@ -1,3 +1,12 @@ +import * as permissionSdk from "../../../sdk/app/permissions" +jest.mock( + "../../../sdk/app/permissions", + (): jest.Mocked => ({ + resourceActionAllowed: jest.fn(), + }) +) +const mockedSdk = permissionSdk as jest.Mocked + import { roles } from "@budibase/backend-core" import { Document, Row, Table } from "@budibase/types" import * as setup from "./utilities" @@ -22,6 +31,8 @@ describe("/permission", () => { }) beforeEach(async () => { + mockedSdk.resourceActionAllowed.mockResolvedValue({ allowed: true }) + table = (await config.createTable()) as typeof table row = await config.createRow() perms = await config.addPermission(STD_ROLE_ID, table._id) From f1232eac90fc2d8a19575c755a60962a3d8f3997 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 22 Aug 2023 10:24:43 +0300 Subject: [PATCH 06/16] Add permission api to testconfig --- .../src/tests/utilities/TestConfiguration.ts | 7 +++++- .../server/src/tests/utilities/api/index.ts | 3 +++ .../src/tests/utilities/api/permission.ts | 25 +++++++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 packages/server/src/tests/utilities/api/permission.ts diff --git a/packages/server/src/tests/utilities/TestConfiguration.ts b/packages/server/src/tests/utilities/TestConfiguration.ts index c8b917f626..5522af347e 100644 --- a/packages/server/src/tests/utilities/TestConfiguration.ts +++ b/packages/server/src/tests/utilities/TestConfiguration.ts @@ -50,6 +50,7 @@ import { SearchFilters, UserRoles, Automation, + PermissionLevel, } from "@budibase/types" import { BUILTIN_ROLE_IDS } from "@budibase/backend-core/src/security/roles" @@ -620,7 +621,11 @@ class TestConfiguration { return this._req(config, null, controllers.role.save) } - async addPermission(roleId: string, resourceId: string, level = "read") { + async addPermission( + roleId: string, + resourceId: string, + level = PermissionLevel.READ + ) { return this._req( null, { diff --git a/packages/server/src/tests/utilities/api/index.ts b/packages/server/src/tests/utilities/api/index.ts index a6002a72d8..40995b62f2 100644 --- a/packages/server/src/tests/utilities/api/index.ts +++ b/packages/server/src/tests/utilities/api/index.ts @@ -1,4 +1,5 @@ import TestConfiguration from "../TestConfiguration" +import { PermissionAPI } from "./permission" import { RowAPI } from "./row" import { TableAPI } from "./table" import { ViewV2API } from "./viewV2" @@ -7,10 +8,12 @@ export default class API { table: TableAPI viewV2: ViewV2API row: RowAPI + permission: PermissionAPI constructor(config: TestConfiguration) { this.table = new TableAPI(config) this.viewV2 = new ViewV2API(config) this.row = new RowAPI(config) + this.permission = new PermissionAPI(config) } } diff --git a/packages/server/src/tests/utilities/api/permission.ts b/packages/server/src/tests/utilities/api/permission.ts new file mode 100644 index 0000000000..b06df11df8 --- /dev/null +++ b/packages/server/src/tests/utilities/api/permission.ts @@ -0,0 +1,25 @@ +import { AnyDocument, PermissionLevel } from "@budibase/types" +import TestConfiguration from "../TestConfiguration" +import { TestAPI } from "./base" + +export class PermissionAPI extends TestAPI { + constructor(config: TestConfiguration) { + super(config) + } + + create = async ( + { + roleId, + resourceId, + level, + }: { roleId: string; resourceId: string; level: PermissionLevel }, + { expectStatus } = { expectStatus: 200 } + ): Promise => { + const res = await this.request + .post(`/api/permission/${roleId}/${resourceId}/${level}`) + .set(this.config.defaultHeaders()) + .expect("Content-Type", /json/) + .expect(expectStatus) + return res.body + } +} From 96f9a34136fcf9f236a607f46fbaabc0a519ef30 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 22 Aug 2023 10:26:46 +0300 Subject: [PATCH 07/16] Test adding when forbidden --- .../src/api/routes/tests/permissions.spec.ts | 48 +++++++++++++++---- .../src/tests/utilities/api/permission.ts | 2 +- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/packages/server/src/api/routes/tests/permissions.spec.ts b/packages/server/src/api/routes/tests/permissions.spec.ts index ec72118273..4809244e0f 100644 --- a/packages/server/src/api/routes/tests/permissions.spec.ts +++ b/packages/server/src/api/routes/tests/permissions.spec.ts @@ -1,14 +1,18 @@ -import * as permissionSdk from "../../../sdk/app/permissions" -jest.mock( - "../../../sdk/app/permissions", - (): jest.Mocked => ({ - resourceActionAllowed: jest.fn(), - }) -) -const mockedSdk = permissionSdk as jest.Mocked +const mockedSdk = sdk.permissions as jest.Mocked +jest.mock("../../../sdk/app/permissions", () => ({ + resourceActionAllowed: jest.fn(), +})) + +import sdk from "../../../sdk" import { roles } from "@budibase/backend-core" -import { Document, Row, Table } from "@budibase/types" +import { + Document, + DocumentType, + PermissionLevel, + Row, + Table, +} from "@budibase/types" import * as setup from "./utilities" const { basicRow } = setup.structures @@ -78,7 +82,11 @@ describe("/permission", () => { }) it("should get resource permissions with multiple roles", async () => { - perms = await config.addPermission(HIGHER_ROLE_ID, table._id, "write") + perms = await config.addPermission( + HIGHER_ROLE_ID, + table._id, + PermissionLevel.WRITE + ) const res = await getTablePermissions() expect(res.body["read"]).toEqual(STD_ROLE_ID) expect(res.body["write"]).toEqual(HIGHER_ROLE_ID) @@ -90,6 +98,26 @@ describe("/permission", () => { expect(allRes.body[table._id]["write"]).toEqual(HIGHER_ROLE_ID) expect(allRes.body[table._id]["read"]).toEqual(STD_ROLE_ID) }) + + it("throw forbidden if the action is not allowed for the resource", async () => { + mockedSdk.resourceActionAllowed.mockResolvedValue({ + allowed: false, + resourceType: DocumentType.DATASOURCE, + level: PermissionLevel.READ, + }) + + const response = await config.api.permission.create( + { + roleId: STD_ROLE_ID, + resourceId: table._id, + level: PermissionLevel.EXECUTE, + }, + { expectStatus: 403 } + ) + expect(response.message).toEqual( + "You are not allowed to 'read' the resource type 'datasource'" + ) + }) }) describe("remove", () => { diff --git a/packages/server/src/tests/utilities/api/permission.ts b/packages/server/src/tests/utilities/api/permission.ts index b06df11df8..650cccacd2 100644 --- a/packages/server/src/tests/utilities/api/permission.ts +++ b/packages/server/src/tests/utilities/api/permission.ts @@ -14,7 +14,7 @@ export class PermissionAPI extends TestAPI { level, }: { roleId: string; resourceId: string; level: PermissionLevel }, { expectStatus } = { expectStatus: 200 } - ): Promise => { + ): Promise => { const res = await this.request .post(`/api/permission/${roleId}/${resourceId}/${level}`) .set(this.config.defaultHeaders()) From 10e0abec3ee948b314aa3a1392f47da7f48751f2 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 22 Aug 2023 10:30:12 +0300 Subject: [PATCH 08/16] Test deleting when forbidden --- .../src/api/routes/tests/permissions.spec.ts | 30 +++++++++++++++---- .../src/tests/utilities/api/permission.ts | 16 ++++++++++ 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/packages/server/src/api/routes/tests/permissions.spec.ts b/packages/server/src/api/routes/tests/permissions.spec.ts index 4809244e0f..757abdc15a 100644 --- a/packages/server/src/api/routes/tests/permissions.spec.ts +++ b/packages/server/src/api/routes/tests/permissions.spec.ts @@ -122,15 +122,35 @@ describe("/permission", () => { describe("remove", () => { it("should be able to remove the permission", async () => { - const res = await request - .delete(`/api/permission/${STD_ROLE_ID}/${table._id}/read`) - .set(config.defaultHeaders()) - .expect("Content-Type", /json/) - .expect(200) + const res = await config.api.permission.remove({ + roleId: STD_ROLE_ID, + resourceId: table._id, + level: PermissionLevel.READ, + }) expect(res.body[0]._id).toEqual(STD_ROLE_ID) const permsRes = await getTablePermissions() expect(permsRes.body[STD_ROLE_ID]).toBeUndefined() }) + + it("throw forbidden if the action is not allowed for the resource", async () => { + mockedSdk.resourceActionAllowed.mockResolvedValue({ + allowed: false, + resourceType: DocumentType.DATASOURCE, + level: PermissionLevel.READ, + }) + + const response = await config.api.permission.remove( + { + roleId: STD_ROLE_ID, + resourceId: table._id, + level: PermissionLevel.EXECUTE, + }, + { expectStatus: 403 } + ) + expect(response.body.message).toEqual( + "You are not allowed to 'read' the resource type 'datasource'" + ) + }) }) describe("check public user allowed", () => { diff --git a/packages/server/src/tests/utilities/api/permission.ts b/packages/server/src/tests/utilities/api/permission.ts index 650cccacd2..d5fa6d50c6 100644 --- a/packages/server/src/tests/utilities/api/permission.ts +++ b/packages/server/src/tests/utilities/api/permission.ts @@ -22,4 +22,20 @@ export class PermissionAPI extends TestAPI { .expect(expectStatus) return res.body } + + remove = async ( + { + roleId, + resourceId, + level, + }: { roleId: string; resourceId: string; level: PermissionLevel }, + { expectStatus } = { expectStatus: 200 } + ) => { + const res = await this.request + .delete(`/api/permission/${roleId}/${resourceId}/${level}`) + .set(this.config.defaultHeaders()) + .expect("Content-Type", /json/) + .expect(expectStatus) + return res + } } From c792e5567551ffad3e5c02b8067aa825ef709146 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 22 Aug 2023 10:54:08 +0300 Subject: [PATCH 09/16] Update pro ref --- packages/pro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/pro b/packages/pro index 06a28b18a4..af75209144 160000 --- a/packages/pro +++ b/packages/pro @@ -1 +1 @@ -Subproject commit 06a28b18a409cc12e9e8a5b69a094adcc6babd5a +Subproject commit af75209144cd55df688c7eab15367b599daa608e From 664f257239e28ef52c6ad99e441b2d195ff57f44 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 22 Aug 2023 11:27:06 +0300 Subject: [PATCH 10/16] Implemment checks --- .../tests/core/utilities/mocks/licenses.ts | 4 ++ .../server/src/sdk/app/permissions/index.ts | 5 ++ .../app/permissions/tests/permissions.spec.ts | 52 +++++++++++++++++++ packages/types/src/sdk/licensing/feature.ts | 1 + 4 files changed, 62 insertions(+) create mode 100644 packages/server/src/sdk/app/permissions/tests/permissions.spec.ts diff --git a/packages/backend-core/tests/core/utilities/mocks/licenses.ts b/packages/backend-core/tests/core/utilities/mocks/licenses.ts index 14a1f1f4d3..309f0fd159 100644 --- a/packages/backend-core/tests/core/utilities/mocks/licenses.ts +++ b/packages/backend-core/tests/core/utilities/mocks/licenses.ts @@ -102,6 +102,10 @@ export const useAppBuilders = () => { return useFeature(Feature.APP_BUILDERS) } +export const useViewPermissions = () => { + return useFeature(Feature.VIEW_PERMISSIONS) +} + // QUOTAS export const setAutomationLogsQuota = (value: number) => { diff --git a/packages/server/src/sdk/app/permissions/index.ts b/packages/server/src/sdk/app/permissions/index.ts index ad78310bb5..2219120db6 100644 --- a/packages/server/src/sdk/app/permissions/index.ts +++ b/packages/server/src/sdk/app/permissions/index.ts @@ -4,6 +4,7 @@ import { VirtualDocumentType, } from "@budibase/types" import { isViewID } from "../../../db/utils" +import { features } from "@budibase/pro" type ResourceActionAllowedResult = | { allowed: true } @@ -24,6 +25,10 @@ export async function resourceActionAllowed({ return { allowed: true } } + if (await features.isViewPermissionEnabled()) { + return { allowed: true } + } + return { allowed: false, level, diff --git a/packages/server/src/sdk/app/permissions/tests/permissions.spec.ts b/packages/server/src/sdk/app/permissions/tests/permissions.spec.ts new file mode 100644 index 0000000000..4c2768dde4 --- /dev/null +++ b/packages/server/src/sdk/app/permissions/tests/permissions.spec.ts @@ -0,0 +1,52 @@ +import TestConfiguration from "../../../../tests/utilities/TestConfiguration" +import { PermissionLevel } from "@budibase/types" +import { mocks, structures } from "@budibase/backend-core/tests" +import { resourceActionAllowed } from ".." +import { generateViewID } from "../../../../db/utils" + +describe("permissions sdk", () => { + beforeEach(() => { + new TestConfiguration() + mocks.licenses.useCloudFree() + }) + + describe("resourceActionAllowed", () => { + it("non view resources actions are always allowed", async () => { + const resourceId = structures.users.user()._id! + + const result = await resourceActionAllowed({ + resourceId, + level: PermissionLevel.READ, + }) + + expect(result).toEqual({ allowed: true }) + }) + + it("view resources actions allowed if the feature flag is enabled", async () => { + mocks.licenses.useViewPermissions() + const resourceId = generateViewID(structures.generator.guid()) + + const result = await resourceActionAllowed({ + resourceId, + level: PermissionLevel.READ, + }) + + expect(result).toEqual({ allowed: true }) + }) + + it("view resources actions allowed if the feature flag is disabled", async () => { + const resourceId = generateViewID(structures.generator.guid()) + + const result = await resourceActionAllowed({ + resourceId, + level: PermissionLevel.READ, + }) + + expect(result).toEqual({ + allowed: false, + level: "read", + resourceType: "view", + }) + }) + }) +}) diff --git a/packages/types/src/sdk/licensing/feature.ts b/packages/types/src/sdk/licensing/feature.ts index a1ace01e48..218c2c5429 100644 --- a/packages/types/src/sdk/licensing/feature.ts +++ b/packages/types/src/sdk/licensing/feature.ts @@ -12,6 +12,7 @@ export enum Feature { APP_BUILDERS = "appBuilders", OFFLINE = "offline", USER_ROLE_PUBLIC_API = "userRolePublicApi", + VIEW_PERMISSIONS = "viewPermission", } export type PlanFeatures = { [key in PlanType]: Feature[] | undefined } From 1283431b32cb188d3cd7d9a621fd8e24ee75c224 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 22 Aug 2023 12:06:44 +0300 Subject: [PATCH 11/16] Move permissions get into the config api --- .../server/src/api/routes/tests/permissions.spec.ts | 12 ++---------- .../server/src/tests/utilities/api/permission.ts | 11 +++++++++++ 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/packages/server/src/api/routes/tests/permissions.spec.ts b/packages/server/src/api/routes/tests/permissions.spec.ts index 757abdc15a..d951577078 100644 --- a/packages/server/src/api/routes/tests/permissions.spec.ts +++ b/packages/server/src/api/routes/tests/permissions.spec.ts @@ -42,14 +42,6 @@ describe("/permission", () => { perms = await config.addPermission(STD_ROLE_ID, table._id) }) - async function getTablePermissions() { - return request - .get(`/api/permission/${table._id}`) - .set(config.defaultHeaders()) - .expect("Content-Type", /json/) - .expect(200) - } - describe("levels", () => { it("should be able to get levels", async () => { const res = await request @@ -87,7 +79,7 @@ describe("/permission", () => { table._id, PermissionLevel.WRITE ) - const res = await getTablePermissions() + const res = await config.api.permission.get(table._id) expect(res.body["read"]).toEqual(STD_ROLE_ID) expect(res.body["write"]).toEqual(HIGHER_ROLE_ID) const allRes = await request @@ -128,7 +120,7 @@ describe("/permission", () => { level: PermissionLevel.READ, }) expect(res.body[0]._id).toEqual(STD_ROLE_ID) - const permsRes = await getTablePermissions() + const permsRes = await config.api.permission.get(table._id) expect(permsRes.body[STD_ROLE_ID]).toBeUndefined() }) diff --git a/packages/server/src/tests/utilities/api/permission.ts b/packages/server/src/tests/utilities/api/permission.ts index d5fa6d50c6..31dc7c2c2a 100644 --- a/packages/server/src/tests/utilities/api/permission.ts +++ b/packages/server/src/tests/utilities/api/permission.ts @@ -7,6 +7,17 @@ export class PermissionAPI extends TestAPI { super(config) } + get = async ( + resourceId: string, + { expectStatus } = { expectStatus: 200 } + ) => { + return this.request + .get(`/api/permission/${resourceId}`) + .set(this.config.defaultHeaders()) + .expect("Content-Type", /json/) + .expect(expectStatus) + } + create = async ( { roleId, From d8473b4a23fee3e316fc79ff12faae5d79fb7c7b Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 22 Aug 2023 12:09:21 +0300 Subject: [PATCH 12/16] Renames --- packages/server/src/api/routes/tests/permissions.spec.ts | 6 +++--- packages/server/src/tests/utilities/api/permission.ts | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/server/src/api/routes/tests/permissions.spec.ts b/packages/server/src/api/routes/tests/permissions.spec.ts index d951577078..b3fbd46799 100644 --- a/packages/server/src/api/routes/tests/permissions.spec.ts +++ b/packages/server/src/api/routes/tests/permissions.spec.ts @@ -98,7 +98,7 @@ describe("/permission", () => { level: PermissionLevel.READ, }) - const response = await config.api.permission.create( + const response = await config.api.permission.set( { roleId: STD_ROLE_ID, resourceId: table._id, @@ -114,7 +114,7 @@ describe("/permission", () => { describe("remove", () => { it("should be able to remove the permission", async () => { - const res = await config.api.permission.remove({ + const res = await config.api.permission.revoke({ roleId: STD_ROLE_ID, resourceId: table._id, level: PermissionLevel.READ, @@ -131,7 +131,7 @@ describe("/permission", () => { level: PermissionLevel.READ, }) - const response = await config.api.permission.remove( + const response = await config.api.permission.revoke( { roleId: STD_ROLE_ID, resourceId: table._id, diff --git a/packages/server/src/tests/utilities/api/permission.ts b/packages/server/src/tests/utilities/api/permission.ts index 31dc7c2c2a..ffa89e88f9 100644 --- a/packages/server/src/tests/utilities/api/permission.ts +++ b/packages/server/src/tests/utilities/api/permission.ts @@ -18,7 +18,7 @@ export class PermissionAPI extends TestAPI { .expect(expectStatus) } - create = async ( + set = async ( { roleId, resourceId, @@ -34,7 +34,7 @@ export class PermissionAPI extends TestAPI { return res.body } - remove = async ( + revoke = async ( { roleId, resourceId, From e4feb64fe5d15a372781225ea2ade2e3150c85f0 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 22 Aug 2023 12:19:20 +0300 Subject: [PATCH 13/16] Use extracted functions --- .../src/api/routes/tests/permissions.spec.ts | 16 ++++++++++------ .../src/tests/utilities/TestConfiguration.ts | 17 ----------------- 2 files changed, 10 insertions(+), 23 deletions(-) diff --git a/packages/server/src/api/routes/tests/permissions.spec.ts b/packages/server/src/api/routes/tests/permissions.spec.ts index b3fbd46799..118d35f8fd 100644 --- a/packages/server/src/api/routes/tests/permissions.spec.ts +++ b/packages/server/src/api/routes/tests/permissions.spec.ts @@ -39,7 +39,11 @@ describe("/permission", () => { table = (await config.createTable()) as typeof table row = await config.createRow() - perms = await config.addPermission(STD_ROLE_ID, table._id) + perms = await config.api.permission.set({ + roleId: STD_ROLE_ID, + resourceId: table._id, + level: PermissionLevel.READ, + }) }) describe("levels", () => { @@ -74,11 +78,11 @@ describe("/permission", () => { }) it("should get resource permissions with multiple roles", async () => { - perms = await config.addPermission( - HIGHER_ROLE_ID, - table._id, - PermissionLevel.WRITE - ) + perms = await config.api.permission.set({ + roleId: HIGHER_ROLE_ID, + resourceId: table._id, + level: PermissionLevel.WRITE, + }) const res = await config.api.permission.get(table._id) expect(res.body["read"]).toEqual(STD_ROLE_ID) expect(res.body["write"]).toEqual(HIGHER_ROLE_ID) diff --git a/packages/server/src/tests/utilities/TestConfiguration.ts b/packages/server/src/tests/utilities/TestConfiguration.ts index 5522af347e..c1db54fe60 100644 --- a/packages/server/src/tests/utilities/TestConfiguration.ts +++ b/packages/server/src/tests/utilities/TestConfiguration.ts @@ -50,7 +50,6 @@ import { SearchFilters, UserRoles, Automation, - PermissionLevel, } from "@budibase/types" import { BUILTIN_ROLE_IDS } from "@budibase/backend-core/src/security/roles" @@ -621,22 +620,6 @@ class TestConfiguration { return this._req(config, null, controllers.role.save) } - async addPermission( - roleId: string, - resourceId: string, - level = PermissionLevel.READ - ) { - return this._req( - null, - { - roleId, - resourceId, - level, - }, - controllers.perms.addPermission - ) - } - // VIEW async createView(config?: any) { From 27a512385517fe42d3eb3bb82190a62b5ec83d23 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 22 Aug 2023 12:42:59 +0300 Subject: [PATCH 14/16] Fix build --- packages/server/src/api/routes/tests/role.spec.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/server/src/api/routes/tests/role.spec.js b/packages/server/src/api/routes/tests/role.spec.js index 5282597897..a6418c2277 100644 --- a/packages/server/src/api/routes/tests/role.spec.js +++ b/packages/server/src/api/routes/tests/role.spec.js @@ -1,5 +1,6 @@ const { roles, events, permissions } = require("@budibase/backend-core") const setup = require("./utilities") +const { PermissionLevel } = require("@budibase/types") const { basicRole } = setup.structures const { BUILTIN_ROLE_IDS } = roles const { BuiltinPermissionID } = permissions @@ -16,7 +17,7 @@ describe("/roles", () => { const createRole = async (role) => { if (!role) { - role = basicRole() + role = basicRole() } return request @@ -98,7 +99,7 @@ describe("/roles", () => { it("should be able to get the role with a permission added", async () => { const table = await config.createTable() - await config.addPermission(BUILTIN_ROLE_IDS.POWER, table._id) + await config.api.permission.set({ roleId: BUILTIN_ROLE_IDS.POWER, resourceId: table._id, level: PermissionLevel.READ }) const res = await request .get(`/api/roles`) .set(config.defaultHeaders()) From b4a824a8437c542df84d58406152043fbc1feb75 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Thu, 24 Aug 2023 09:06:42 +0200 Subject: [PATCH 15/16] Update pro ref --- packages/pro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/pro b/packages/pro index fa56c820d6..b7815e099b 160000 --- a/packages/pro +++ b/packages/pro @@ -1 +1 @@ -Subproject commit fa56c820d666ea4397a68b19175b893259fd56cf +Subproject commit b7815e099bbd5e1410185c464dbd54f7287e732f From e9bf17a68f1f0f29948fb2bdfaff83c841e14130 Mon Sep 17 00:00:00 2001 From: Budibase Staging Release Bot <> Date: Thu, 24 Aug 2023 07:17:31 +0000 Subject: [PATCH 16/16] Bump version to 2.9.30-alpha.12 --- lerna.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lerna.json b/lerna.json index e1e95f2ab7..5107e7ca64 100644 --- a/lerna.json +++ b/lerna.json @@ -1,5 +1,5 @@ { - "version": "2.9.30-alpha.11", + "version": "2.9.30-alpha.12", "npmClient": "yarn", "packages": [ "packages/*"