CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-05-04 12:33:42 +12:00
Code Issues Projects Releases Wiki Activity

Updating some enums, plural to single.

Browse source
This commit is contained in:
mike12345567 2022-11-17 14:59:18 +00:00
parent 6e659f873c
commit fcb6f985a6
18 changed files with 150 additions and 150 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

98
packages/backend-core/src/security/permissions.ts
View file

@ -5,7 +5,7 @@ export type RoleHierarchy = {
permissionId: string
}[]
export enum PermissionLevels {
export enum PermissionLevel {
READ = "read",
WRITE = "write",
EXECUTE = "execute",
@ -13,7 +13,7 @@ export enum PermissionLevels {
}
// these are the global types, that govern the underlying default behaviour
export enum PermissionTypes {
export enum PermissionType {
APP = "app",
TABLE = "table",
USER = "user",
@ -25,25 +25,25 @@ export enum PermissionTypes {
}
class Permission {
type: PermissionTypes
level: PermissionLevels
type: PermissionType
level: PermissionLevel
constructor(type: PermissionTypes, level: PermissionLevels) {
constructor(type: PermissionType, level: PermissionLevel) {
this.type = type
this.level = level
}
}
function levelToNumber(perm: PermissionLevels) {
function levelToNumber(perm: PermissionLevel) {
switch (perm) {
// not everything has execute privileges
case PermissionLevels.EXECUTE:
case PermissionLevel.EXECUTE:
return 0
case PermissionLevels.READ:
case PermissionLevel.READ:
return 1
case PermissionLevels.WRITE:
case PermissionLevel.WRITE:
return 2
case PermissionLevels.ADMIN:
case PermissionLevel.ADMIN:
return 3
default:
return -1
@ -55,25 +55,25 @@ function levelToNumber(perm: PermissionLevels) {
* @param {string} userPermLevel The permission level of the user.
* @return {string[]} All the permission levels this user is allowed to carry out.
*/
function getAllowedLevels(userPermLevel: PermissionLevels) {
function getAllowedLevels(userPermLevel: PermissionLevel) {
switch (userPermLevel) {
case PermissionLevels.EXECUTE:
return [PermissionLevels.EXECUTE]
case PermissionLevels.READ:
return [PermissionLevels.EXECUTE, PermissionLevels.READ]
case PermissionLevels.WRITE:
case PermissionLevels.ADMIN:
case PermissionLevel.EXECUTE:
return [PermissionLevel.EXECUTE]
case PermissionLevel.READ:
return [PermissionLevel.EXECUTE, PermissionLevel.READ]
case PermissionLevel.WRITE:
case PermissionLevel.ADMIN:
return [
PermissionLevels.READ,
PermissionLevels.WRITE,
PermissionLevels.EXECUTE,
PermissionLevel.READ,
PermissionLevel.WRITE,
PermissionLevel.EXECUTE,
]
default:
return []
}
}
export enum BUILTIN_PERMISSION_IDS {
export enum BuiltinPermissionID {
PUBLIC = "public",
READ_ONLY = "read_only",
WRITE = "write",
@ -83,52 +83,52 @@ export enum BUILTIN_PERMISSION_IDS {
const BUILTIN_PERMISSIONS = {
PUBLIC: {
_id: BUILTIN_PERMISSION_IDS.PUBLIC,
_id: BuiltinPermissionID.PUBLIC,
name: "Public",
permissions: [
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.EXECUTE),
new Permission(PermissionType.WEBHOOK, PermissionLevel.EXECUTE),
],
},
READ_ONLY: {
_id: BUILTIN_PERMISSION_IDS.READ_ONLY,
_id: BuiltinPermissionID.READ_ONLY,
name: "Read only",
permissions: [
new Permission(PermissionTypes.QUERY, PermissionLevels.READ),
new Permission(PermissionTypes.TABLE, PermissionLevels.READ),
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
new Permission(PermissionType.QUERY, PermissionLevel.READ),
new Permission(PermissionType.TABLE, PermissionLevel.READ),
new Permission(PermissionType.VIEW, PermissionLevel.READ),
],
},
WRITE: {
_id: BUILTIN_PERMISSION_IDS.WRITE,
_id: BuiltinPermissionID.WRITE,
name: "Read/Write",
permissions: [
new Permission(PermissionTypes.QUERY, PermissionLevels.WRITE),
new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE),
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
new Permission(PermissionType.QUERY, PermissionLevel.WRITE),
new Permission(PermissionType.TABLE, PermissionLevel.WRITE),
new Permission(PermissionType.VIEW, PermissionLevel.READ),
new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
],
},
POWER: {
_id: BUILTIN_PERMISSION_IDS.POWER,
_id: BuiltinPermissionID.POWER,
name: "Power",
permissions: [
new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE),
new Permission(PermissionTypes.USER, PermissionLevels.READ),
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
new Permission(PermissionType.TABLE, PermissionLevel.WRITE),
new Permission(PermissionType.USER, PermissionLevel.READ),
new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
new Permission(PermissionType.VIEW, PermissionLevel.READ),
new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
],
},
ADMIN: {
_id: BUILTIN_PERMISSION_IDS.ADMIN,
_id: BuiltinPermissionID.ADMIN,
name: "Admin",
permissions: [
new Permission(PermissionTypes.TABLE, PermissionLevels.ADMIN),
new Permission(PermissionTypes.USER, PermissionLevels.ADMIN),
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.ADMIN),
new Permission(PermissionTypes.VIEW, PermissionLevels.ADMIN),
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
new Permission(PermissionTypes.QUERY, PermissionLevels.ADMIN),
new Permission(PermissionType.TABLE, PermissionLevel.ADMIN),
new Permission(PermissionType.USER, PermissionLevel.ADMIN),
new Permission(PermissionType.AUTOMATION, PermissionLevel.ADMIN),
new Permission(PermissionType.VIEW, PermissionLevel.ADMIN),
new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
new Permission(PermissionType.QUERY, PermissionLevel.ADMIN),
],
},
}
@ -143,8 +143,8 @@ export function getBuiltinPermissionByID(id: string) {
}
export function doesHaveBasePermission(
permType: PermissionTypes,
permLevel: PermissionLevels,
permType: PermissionType,
permLevel: PermissionLevel,
rolesHierarchy: RoleHierarchy
) {
const basePermissions = [
@ -167,9 +167,9 @@ export function doesHaveBasePermission(
return false
}
export function isPermissionLevelHigherThanRead(level: PermissionLevels) {
export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
return levelToNumber(level) > 1
}
// utility as a lot of things need simply the builder permission
export const BUILDER = PermissionTypes.BUILDER
export const BUILDER = PermissionType.BUILDER

16
packages/backend-core/src/security/roles.ts
View file

@ -1,4 +1,4 @@
import { BUILTIN_PERMISSION_IDS, PermissionLevels } from "./permissions"
import { BuiltinPermissionID, PermissionLevel } from "./permissions"
import {
generateRoleID,
getRoleParams,
@ -54,19 +54,19 @@ export class Role {
const BUILTIN_ROLES = {
ADMIN: new Role(BUILTIN_IDS.ADMIN, "Admin")
.addPermission(BUILTIN_PERMISSION_IDS.ADMIN)
.addPermission(BuiltinPermissionID.ADMIN)
.addInheritance(BUILTIN_IDS.POWER),
POWER: new Role(BUILTIN_IDS.POWER, "Power")
.addPermission(BUILTIN_PERMISSION_IDS.POWER)
.addPermission(BuiltinPermissionID.POWER)
.addInheritance(BUILTIN_IDS.BASIC),
BASIC: new Role(BUILTIN_IDS.BASIC, "Basic")
.addPermission(BUILTIN_PERMISSION_IDS.WRITE)
.addPermission(BuiltinPermissionID.WRITE)
.addInheritance(BUILTIN_IDS.PUBLIC),
PUBLIC: new Role(BUILTIN_IDS.PUBLIC, "Public").addPermission(
BUILTIN_PERMISSION_IDS.PUBLIC
BuiltinPermissionID.PUBLIC
),
BUILDER: new Role(BUILTIN_IDS.BUILDER, "Builder").addPermission(
BUILTIN_PERMISSION_IDS.ADMIN
BuiltinPermissionID.ADMIN
),
}
@ -227,8 +227,8 @@ export function checkForRoleResourceArray(
if (rolePerms && !Array.isArray(rolePerms[resourceId])) {
const permLevel = rolePerms[resourceId] as any
rolePerms[resourceId] = [permLevel]
if (permLevel === PermissionLevels.WRITE) {
rolePerms[resourceId].push(PermissionLevels.READ)
if (permLevel === PermissionLevel.WRITE) {
rolePerms[resourceId].push(PermissionLevel.READ)
}
}
return rolePerms

8
packages/server/src/api/routes/automation.js
View file

@ -3,8 +3,8 @@ const controller = require("../controllers/automation")
const authorized = require("../../middleware/authorized")
const {
BUILDER,
PermissionLevels,
PermissionTypes,
PermissionLevel,
PermissionType,
} = require("@budibase/backend-core/permissions")
const { bodyResource, paramResource } = require("../../middleware/resourceId")
const {
@ -71,14 +71,14 @@ router
"/api/automations/:id/trigger",
appInfoMiddleware({ appType: AppType.PROD }),
paramResource("id"),
authorized(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
authorized(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
controller.trigger
)
.post(
"/api/automations/:id/test",
appInfoMiddleware({ appType: AppType.DEV }),
paramResource("id"),
authorized(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
authorized(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
controller.test
)

10
packages/server/src/api/routes/datasource.js
View file

@ -3,8 +3,8 @@ const datasourceController = require("../controllers/datasource")
const authorized = require("../../middleware/authorized")
const {
BUILDER,
PermissionLevels,
PermissionTypes,
PermissionLevel,
PermissionType,
} = require("@budibase/backend-core/permissions")
const {
datasourceValidator,
@ -17,17 +17,17 @@ router
.get("/api/datasources", authorized(BUILDER), datasourceController.fetch)
.get(
"/api/datasources/:datasourceId",
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
authorized(PermissionType.TABLE, PermissionLevel.READ),
datasourceController.find
)
.put(
"/api/datasources/:datasourceId",
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
authorized(PermissionType.TABLE, PermissionLevel.READ),
datasourceController.update
)
.post(
"/api/datasources/query",
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
authorized(PermissionType.TABLE, PermissionLevel.READ),
datasourceQueryValidator(),
datasourceController.query
)

20
packages/server/src/api/routes/public/index.ts
View file

@ -13,8 +13,8 @@ import env from "../../../environment"
const Router = require("@koa/router")
const { RateLimit, Stores } = require("koa2-ratelimit")
const {
PermissionLevels,
PermissionTypes,
PermissionLevel,
PermissionType,
} = require("@budibase/backend-core/permissions")
const { getRedisOptions } = require("@budibase/backend-core/redis").utils
@ -105,7 +105,7 @@ function applyRoutes(
: paramResource(resource)
const publicApiMiddleware = publicApi({
requiresAppId:
permType !== PermissionTypes.APP && permType !== PermissionTypes.USER,
permType !== PermissionType.APP && permType !== PermissionType.USER,
})
addMiddleware(endpoints.read, publicApiMiddleware)
addMiddleware(endpoints.write, publicApiMiddleware)
@ -113,8 +113,8 @@ function applyRoutes(
addMiddleware(endpoints.read, paramMiddleware)
addMiddleware(endpoints.write, paramMiddleware)
// add the authorization middleware, using the correct perm type
addMiddleware(endpoints.read, authorized(permType, PermissionLevels.READ))
addMiddleware(endpoints.write, authorized(permType, PermissionLevels.WRITE))
addMiddleware(endpoints.read, authorized(permType, PermissionLevel.READ))
addMiddleware(endpoints.write, authorized(permType, PermissionLevel.WRITE))
// add the output mapper middleware
addMiddleware(endpoints.read, mapperMiddleware, { output: true })
addMiddleware(endpoints.write, mapperMiddleware, { output: true })
@ -122,12 +122,12 @@ function applyRoutes(
addToRouter(endpoints.write)
}
applyRoutes(appEndpoints, PermissionTypes.APP, "appId")
applyRoutes(tableEndpoints, PermissionTypes.TABLE, "tableId")
applyRoutes(userEndpoints, PermissionTypes.USER, "userId")
applyRoutes(queryEndpoints, PermissionTypes.QUERY, "queryId")
applyRoutes(appEndpoints, PermissionType.APP, "appId")
applyRoutes(tableEndpoints, PermissionType.TABLE, "tableId")
applyRoutes(userEndpoints, PermissionType.USER, "userId")
applyRoutes(queryEndpoints, PermissionType.QUERY, "queryId")
// needs to be applied last for routing purposes, don't override other endpoints
applyRoutes(rowEndpoints, PermissionTypes.TABLE, "tableId", "rowId")
applyRoutes(rowEndpoints, PermissionType.TABLE, "tableId", "rowId")
export default publicRouter

10
packages/server/src/api/routes/query.js
View file

@ -2,8 +2,8 @@ const Router = require("@koa/router")
const queryController = require("../controllers/query")
const authorized = require("../../middleware/authorized")
const {
PermissionLevels,
PermissionTypes,
PermissionLevel,
PermissionType,
BUILDER,
} = require("@budibase/backend-core/permissions")
const {
@ -38,20 +38,20 @@ router
.get(
"/api/queries/:queryId",
paramResource("queryId"),
authorized(PermissionTypes.QUERY, PermissionLevels.READ),
authorized(PermissionType.QUERY, PermissionLevel.READ),
queryController.find
)
// DEPRECATED - use new query endpoint for future work
.post(
"/api/queries/:queryId",
paramResource("queryId"),
authorized(PermissionTypes.QUERY, PermissionLevels.WRITE),
authorized(PermissionType.QUERY, PermissionLevel.WRITE),
queryController.executeV1
)
.post(
"/api/v2/queries/:queryId",
paramResource("queryId"),
authorized(PermissionTypes.QUERY, PermissionLevels.WRITE),
authorized(PermissionType.QUERY, PermissionLevel.WRITE),
queryController.executeV2
)
.delete(

24
packages/server/src/api/routes/row.ts
View file

@ -3,8 +3,8 @@ import * as rowController from "../controllers/row"
import authorized from "../../middleware/authorized"
import { paramResource, paramSubResource } from "../../middleware/resourceId"
const {
PermissionLevels,
PermissionTypes,
PermissionLevel,
PermissionType,
} = require("@budibase/backend-core/permissions")
const { internalSearchValidator } = require("./utils/validators")
@ -28,7 +28,7 @@ router
.get(
"/api/:tableId/:rowId/enrich",
paramSubResource("tableId", "rowId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
authorized(PermissionType.TABLE, PermissionLevel.READ),
rowController.fetchEnrichedRow
)
/**
@ -48,7 +48,7 @@ router
.get(
"/api/:tableId/rows",
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
authorized(PermissionType.TABLE, PermissionLevel.READ),
rowController.fetch
)
/**
@ -67,7 +67,7 @@ router
.get(
"/api/:tableId/rows/:rowId",
paramSubResource("tableId", "rowId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
authorized(PermissionType.TABLE, PermissionLevel.READ),
rowController.find
)
/**
@ -137,7 +137,7 @@ router
"/api/:tableId/search",
internalSearchValidator(),
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
authorized(PermissionType.TABLE, PermissionLevel.READ),
rowController.search
)
// DEPRECATED - this is an old API, but for backwards compat it needs to be
@ -145,7 +145,7 @@ router
.post(
"/api/search/:tableId/rows",
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
authorized(PermissionType.TABLE, PermissionLevel.READ),
rowController.search
)
/**
@ -175,7 +175,7 @@ router
.post(
"/api/:tableId/rows",
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
rowController.save
)
/**
@ -189,7 +189,7 @@ router
.patch(
"/api/:tableId/rows",
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
rowController.patch
)
/**
@ -215,7 +215,7 @@ router
.post(
"/api/:tableId/rows/validate",
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
rowController.validate
)
/**
@ -241,7 +241,7 @@ router
.delete(
"/api/:tableId/rows",
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
rowController.destroy
)
@ -261,7 +261,7 @@ router
.post(
"/api/:tableId/rows/exportRows",
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
rowController.exportRows
)

10
packages/server/src/api/routes/static.ts
View file

@ -4,8 +4,8 @@ import { budibaseTempDir } from "../../utilities/budibaseDir"
import authorized from "../../middleware/authorized"
import {
BUILDER,
PermissionTypes,
PermissionLevels,
PermissionType,
PermissionLevel,
} from "@budibase/backend-core/permissions"
import * as env from "../../environment"
import { paramResource } from "../../middleware/resourceId"
@ -47,13 +47,13 @@ router
.post(
"/api/attachments/:tableId/upload",
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
controller.uploadFile
)
.post(
"/api/attachments/:tableId/delete",
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
controller.deleteObjects
)
.get("/app/preview", authorized(BUILDER), controller.serveBuilderPreview)
@ -61,7 +61,7 @@ router
.get("/app/:appUrl/:path*", controller.serveApp)
.post(
"/api/attachments/:datasourceId/url",
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
authorized(PermissionType.TABLE, PermissionLevel.READ),
controller.getSignedUploadURL
)

6
packages/server/src/api/routes/table.js
View file

@ -4,8 +4,8 @@ const authorized = require("../../middleware/authorized")
const { paramResource, bodyResource } = require("../../middleware/resourceId")
const {
BUILDER,
PermissionLevels,
PermissionTypes,
PermissionLevel,
PermissionType,
} = require("@budibase/backend-core/permissions")
const { tableValidator } = require("./utils/validators")
@ -40,7 +40,7 @@ router
.get(
"/api/tables/:tableId",
paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ, { schema: true }),
authorized(PermissionType.TABLE, PermissionLevel.READ, { schema: true }),
tableController.find
)
/**

10
packages/server/src/api/routes/tests/role.spec.js
View file

@ -1,6 +1,6 @@
const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
const {
BUILTIN_PERMISSION_IDS,
BuiltinPermissionID,
} = require("@budibase/backend-core/permissions")
const setup = require("./utilities")
const { basicRole } = setup.structures
@ -76,18 +76,18 @@ describe("/roles", () => {
const adminRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.ADMIN)
expect(adminRole).toBeDefined()
expect(adminRole.inherits).toEqual(BUILTIN_ROLE_IDS.POWER)
expect(adminRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.ADMIN)
expect(adminRole.permissionId).toEqual(BuiltinPermissionID.ADMIN)
const powerUserRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.POWER)
expect(powerUserRole).toBeDefined()
expect(powerUserRole.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC)
expect(powerUserRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.POWER)
expect(powerUserRole.permissionId).toEqual(BuiltinPermissionID.POWER)
const customRoleFetched = res.body.find(r => r._id === customRole._id)
expect(customRoleFetched).toBeDefined()
expect(customRoleFetched.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC)
expect(customRoleFetched.permissionId).toEqual(
BUILTIN_PERMISSION_IDS.READ_ONLY
BuiltinPermissionID.READ_ONLY
)
})
@ -109,7 +109,7 @@ describe("/roles", () => {
it("should delete custom roles", async () => {
const customRole = await config.createRole({
name: "user",
permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY,
permissionId: BuiltinPermissionID.READ_ONLY,
inherits: BUILTIN_ROLE_IDS.BASIC,
})
delete customRole._rev_tree

20
packages/server/src/api/routes/user.js
View file

@ -2,8 +2,8 @@ const Router = require("@koa/router")
const controller = require("../controllers/user")
const authorized = require("../../middleware/authorized")
const {
PermissionLevels,
PermissionTypes,
PermissionLevel,
PermissionType,
} = require("@budibase/backend-core/permissions")
const router = new Router()
@ -11,42 +11,42 @@ const router = new Router()
router
.get(
"/api/users/metadata",
authorized(PermissionTypes.USER, PermissionLevels.READ),
authorized(PermissionType.USER, PermissionLevel.READ),
controller.fetchMetadata
)
.get(
"/api/users/metadata/:id",
authorized(PermissionTypes.USER, PermissionLevels.READ),
authorized(PermissionType.USER, PermissionLevel.READ),
controller.findMetadata
)
.put(
"/api/users/metadata",
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
authorized(PermissionType.USER, PermissionLevel.WRITE),
controller.updateMetadata
)
.post(
"/api/users/metadata/self",
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
authorized(PermissionType.USER, PermissionLevel.WRITE),
controller.updateSelfMetadata
)
.delete(
"/api/users/metadata/:id",
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
authorized(PermissionType.USER, PermissionLevel.WRITE),
controller.destroyMetadata
)
.post(
"/api/users/metadata/sync/:id",
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
authorized(PermissionType.USER, PermissionLevel.WRITE),
controller.syncUser
)
.post(
"/api/users/flags",
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
authorized(PermissionType.USER, PermissionLevel.WRITE),
controller.setFlag
)
.get(
"/api/users/flags",
authorized(PermissionTypes.USER, PermissionLevels.READ),
authorized(PermissionType.USER, PermissionLevel.READ),
controller.getFlags
)

10
packages/server/src/api/routes/utils/validators.js
View file

@ -1,8 +1,8 @@
const { joiValidator } = require("@budibase/backend-core/auth")
const { DataSourceOperation } = require("../../../constants")
const {
BUILTIN_PERMISSION_IDS,
PermissionLevels,
BuiltinPermissionID,
PermissionLevel,
} = require("@budibase/backend-core/permissions")
const { WebhookActionType } = require("@budibase/types")
const Joi = require("joi")
@ -133,14 +133,14 @@ exports.webhookValidator = () => {
}
exports.roleValidator = () => {
const permLevelArray = Object.values(PermissionLevels)
const permLevelArray = Object.values(PermissionLevel)
// prettier-ignore
return joiValidator.body(Joi.object({
_id: OPTIONAL_STRING,
_rev: OPTIONAL_STRING,
name: Joi.string().required(),
// this is the base permission ID (for now a built in)
permissionId: Joi.string().valid(...Object.values(BUILTIN_PERMISSION_IDS)).required(),
permissionId: Joi.string().valid(...Object.values(BuiltinPermissionID)).required(),
permissions: Joi.object()
.pattern(/.*/, [Joi.string().valid(...permLevelArray)])
.optional(),
@ -149,7 +149,7 @@ exports.roleValidator = () => {
}
exports.permissionValidator = () => {
const permLevelArray = Object.values(PermissionLevels)
const permLevelArray = Object.values(PermissionLevel)
// prettier-ignore
return joiValidator.params(Joi.object({
level: Joi.string().valid(...permLevelArray).required(),

6
packages/server/src/api/routes/view.js
View file

@ -5,8 +5,8 @@ const authorized = require("../../middleware/authorized")
const { paramResource } = require("../../middleware/resourceId")
const {
BUILDER,
PermissionTypes,
PermissionLevels,
PermissionType,
PermissionLevel,
} = require("@budibase/backend-core/permissions")
const router = new Router()
@ -16,7 +16,7 @@ router
.get(
"/api/views/:viewName",
paramResource("viewName"),
authorized(PermissionTypes.VIEW, PermissionLevels.READ),
authorized(PermissionType.VIEW, PermissionLevel.READ),
rowController.fetchView
)
.get("/api/views", authorized(BUILDER), viewController.fetch)

12
packages/server/src/middleware/authorized.ts
View file

@ -4,8 +4,8 @@ import {
BUILTIN_ROLE_IDS,
} from "@budibase/backend-core/roles"
const {
PermissionTypes,
PermissionLevels,
PermissionType,
PermissionLevel,
doesHaveBasePermission,
} = require("@budibase/backend-core/permissions")
const builderMiddleware = require("./builder")
@ -33,7 +33,7 @@ const checkAuthorized = async (
) => {
// check if this is a builder api and the user is not a builder
const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global
const isBuilderApi = permType === PermissionTypes.BUILDER
const isBuilderApi = permType === PermissionType.BUILDER
if (isBuilderApi && !isBuilder) {
return ctx.throw(403, "Not Authorized")
}
@ -91,9 +91,9 @@ export = (permType: any, permLevel: any = null, opts = { schema: false }) =>
let resourceRoles: any = []
let otherLevelRoles: any = []
const otherLevel =
permLevel === PermissionLevels.READ
? PermissionLevels.WRITE
: PermissionLevels.READ
permLevel === PermissionLevel.READ
? PermissionLevel.WRITE
: PermissionLevel.READ
const appId = getAppId()
if (appId && hasResource(ctx)) {
resourceRoles = await getRequiredResourceRole(permLevel, ctx)

2
packages/server/src/middleware/builder.ts
View file

@ -70,7 +70,7 @@ export = async function builder(ctx: BBContext, permType: string) {
if (!appId) {
return
}
const isBuilderApi = permType === permissions.PermissionTypes.BUILDER
const isBuilderApi = permType === permissions.PermissionType.BUILDER
const referer = ctx.headers["referer"]
const overviewPath = "/builder/portal/overview/"

10
packages/server/src/middleware/tests/authorized.spec.js
View file

@ -9,7 +9,7 @@ jest.mock("../../environment", () => ({
)
const authorizedMiddleware = require("../authorized")
const env = require("../../environment")
const { PermissionTypes, PermissionLevels } = require("@budibase/backend-core/permissions")
const { PermissionType, PermissionLevel } = require("@budibase/backend-core/permissions")
const { doInAppContext } = require("@budibase/backend-core/context")
const APP_ID = ""
@ -113,7 +113,7 @@ describe("Authorization middleware", () => {
it("throws if the user does not have builder permissions", async () => {
config.setEnvironment(false)
config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER)
config.setMiddlewareRequiredPermission(PermissionType.BUILDER)
config.setUser({
role: {
_id: ""
@ -125,13 +125,13 @@ describe("Authorization middleware", () => {
})
it("passes on to next() middleware if the user has resource permission", async () => {
config.setResourceId(PermissionTypes.QUERY)
config.setResourceId(PermissionType.QUERY)
config.setUser({
role: {
_id: ""
}
})
config.setMiddlewareRequiredPermission(PermissionTypes.QUERY)
config.setMiddlewareRequiredPermission(PermissionType.QUERY)
await config.executeMiddleware()
expect(config.next).toHaveBeenCalled()
@ -155,7 +155,7 @@ describe("Authorization middleware", () => {
_id: ""
},
})
config.setMiddlewareRequiredPermission(PermissionTypes.ADMIN, PermissionLevels.BASIC)
config.setMiddlewareRequiredPermission(PermissionType.ADMIN, PermissionLevel.BASIC)
await config.executeMiddleware()
expect(config.throw).toHaveBeenCalledWith(403, "User does not have permission")

4
packages/server/src/tests/utilities/structures.js
View file

@ -1,5 +1,5 @@
const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
const { BUILTIN_PERMISSION_IDS } = require("@budibase/backend-core/permissions")
const { BuiltinPermissionID } = require("@budibase/backend-core/permissions")
const { createHomeScreen } = require("../../constants/screens")
const { EMPTY_LAYOUT } = require("../../constants/layouts")
const { cloneDeep } = require("lodash/fp")
@ -135,7 +135,7 @@ exports.basicRole = () => {
return {
name: "NewRole",
inherits: BUILTIN_ROLE_IDS.BASIC,
permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY,
permissionId: BuiltinPermissionID.READ_ONLY,
}
}

24
packages/server/src/utilities/security.js
View file

@ -1,6 +1,6 @@
const {
PermissionLevels,
PermissionTypes,
PermissionLevel,
PermissionType,
getBuiltinPermissionByID,
isPermissionLevelHigherThanRead,
} = require("@budibase/backend-core/permissions")
@ -11,9 +11,9 @@ const {
const { DocumentType } = require("../db/utils")
const CURRENTLY_SUPPORTED_LEVELS = [
PermissionLevels.WRITE,
PermissionLevels.READ,
PermissionLevels.EXECUTE,
PermissionLevel.WRITE,
PermissionLevel.READ,
PermissionLevel.EXECUTE,
]
exports.getPermissionType = resourceId => {
@ -23,17 +23,17 @@ exports.getPermissionType = resourceId => {
switch (docType) {
case DocumentType.TABLE:
case DocumentType.ROW:
return PermissionTypes.TABLE
return PermissionType.TABLE
case DocumentType.AUTOMATION:
return PermissionTypes.AUTOMATION
return PermissionType.AUTOMATION
case DocumentType.WEBHOOK:
return PermissionTypes.WEBHOOK
return PermissionType.WEBHOOK
case DocumentType.QUERY:
case DocumentType.DATASOURCE:
return PermissionTypes.QUERY
return PermissionType.QUERY
default:
// views don't have an ID, will end up here
return PermissionTypes.VIEW
return PermissionType.VIEW
}
}
@ -58,8 +58,8 @@ exports.getBasePermissions = resourceId => {
const level = typedPermission.level
permissions[level] = lowerBuiltinRoleID(permissions[level], roleId)
if (isPermissionLevelHigherThanRead(level)) {
permissions[PermissionLevels.READ] = lowerBuiltinRoleID(
permissions[PermissionLevels.READ],
permissions[PermissionLevel.READ] = lowerBuiltinRoleID(
permissions[PermissionLevel.READ],
roleId
)
}