CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-05-18 11:23:28 +12:00
Code Issues Projects Releases Wiki Activity

Updating some enums, plural to single.

Browse source
This commit is contained in:
mike12345567 2022-11-17 14:59:18 +00:00
parent 6e659f873c
commit fcb6f985a6
18 changed files with 150 additions and 150 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

98
packages/backend-core/src/security/permissions.ts
View file

@ -5,7 +5,7 @@ export type RoleHierarchy = {
permissionId: string permissionId: string
}[] }[]
export enum PermissionLevels { export enum PermissionLevel {
READ = "read", READ = "read",
WRITE = "write", WRITE = "write",
EXECUTE = "execute", EXECUTE = "execute",
@ -13,7 +13,7 @@ export enum PermissionLevels {
} }
// these are the global types, that govern the underlying default behaviour // these are the global types, that govern the underlying default behaviour
export enum PermissionTypes { export enum PermissionType {
APP = "app", APP = "app",
TABLE = "table", TABLE = "table",
USER = "user", USER = "user",
@ -25,25 +25,25 @@ export enum PermissionTypes {
} }
class Permission { class Permission {
type: PermissionTypes type: PermissionType
level: PermissionLevels level: PermissionLevel
constructor(type: PermissionTypes, level: PermissionLevels) { constructor(type: PermissionType, level: PermissionLevel) {
this.type = type this.type = type
this.level = level this.level = level
} }
} }
function levelToNumber(perm: PermissionLevels) { function levelToNumber(perm: PermissionLevel) {
switch (perm) { switch (perm) {
// not everything has execute privileges // not everything has execute privileges
case PermissionLevels.EXECUTE: case PermissionLevel.EXECUTE:
return 0 return 0
case PermissionLevels.READ: case PermissionLevel.READ:
return 1 return 1
case PermissionLevels.WRITE: case PermissionLevel.WRITE:
return 2 return 2
case PermissionLevels.ADMIN: case PermissionLevel.ADMIN:
return 3 return 3
default: default:
return -1 return -1
@ -55,25 +55,25 @@ function levelToNumber(perm: PermissionLevels) {
* @param {string} userPermLevel The permission level of the user. * @param {string} userPermLevel The permission level of the user.
* @return {string[]} All the permission levels this user is allowed to carry out. * @return {string[]} All the permission levels this user is allowed to carry out.
*/ */
function getAllowedLevels(userPermLevel: PermissionLevels) { function getAllowedLevels(userPermLevel: PermissionLevel) {
switch (userPermLevel) { switch (userPermLevel) {
case PermissionLevels.EXECUTE: case PermissionLevel.EXECUTE:
return [PermissionLevels.EXECUTE] return [PermissionLevel.EXECUTE]
case PermissionLevels.READ: case PermissionLevel.READ:
return [PermissionLevels.EXECUTE, PermissionLevels.READ] return [PermissionLevel.EXECUTE, PermissionLevel.READ]
case PermissionLevels.WRITE: case PermissionLevel.WRITE:
case PermissionLevels.ADMIN: case PermissionLevel.ADMIN:
return [ return [
PermissionLevels.READ, PermissionLevel.READ,
PermissionLevels.WRITE, PermissionLevel.WRITE,
PermissionLevels.EXECUTE, PermissionLevel.EXECUTE,
] ]
default: default:
return [] return []
} }
} }
export enum BUILTIN_PERMISSION_IDS { export enum BuiltinPermissionID {
PUBLIC = "public", PUBLIC = "public",
READ_ONLY = "read_only", READ_ONLY = "read_only",
WRITE = "write", WRITE = "write",
@ -83,52 +83,52 @@ export enum BUILTIN_PERMISSION_IDS {
const BUILTIN_PERMISSIONS = { const BUILTIN_PERMISSIONS = {
PUBLIC: { PUBLIC: {
_id: BUILTIN_PERMISSION_IDS.PUBLIC, _id: BuiltinPermissionID.PUBLIC,
name: "Public", name: "Public",
permissions: [ permissions: [
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.EXECUTE), new Permission(PermissionType.WEBHOOK, PermissionLevel.EXECUTE),
], ],
}, },
READ_ONLY: { READ_ONLY: {
_id: BUILTIN_PERMISSION_IDS.READ_ONLY, _id: BuiltinPermissionID.READ_ONLY,
name: "Read only", name: "Read only",
permissions: [ permissions: [
new Permission(PermissionTypes.QUERY, PermissionLevels.READ), new Permission(PermissionType.QUERY, PermissionLevel.READ),
new Permission(PermissionTypes.TABLE, PermissionLevels.READ), new Permission(PermissionType.TABLE, PermissionLevel.READ),
new Permission(PermissionTypes.VIEW, PermissionLevels.READ), new Permission(PermissionType.VIEW, PermissionLevel.READ),
], ],
}, },
WRITE: { WRITE: {
_id: BUILTIN_PERMISSION_IDS.WRITE, _id: BuiltinPermissionID.WRITE,
name: "Read/Write", name: "Read/Write",
permissions: [ permissions: [
new Permission(PermissionTypes.QUERY, PermissionLevels.WRITE), new Permission(PermissionType.QUERY, PermissionLevel.WRITE),
new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE), new Permission(PermissionType.TABLE, PermissionLevel.WRITE),
new Permission(PermissionTypes.VIEW, PermissionLevels.READ), new Permission(PermissionType.VIEW, PermissionLevel.READ),
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE), new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
], ],
}, },
POWER: { POWER: {
_id: BUILTIN_PERMISSION_IDS.POWER, _id: BuiltinPermissionID.POWER,
name: "Power", name: "Power",
permissions: [ permissions: [
new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE), new Permission(PermissionType.TABLE, PermissionLevel.WRITE),
new Permission(PermissionTypes.USER, PermissionLevels.READ), new Permission(PermissionType.USER, PermissionLevel.READ),
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE), new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
new Permission(PermissionTypes.VIEW, PermissionLevels.READ), new Permission(PermissionType.VIEW, PermissionLevel.READ),
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ), new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
], ],
}, },
ADMIN: { ADMIN: {
_id: BUILTIN_PERMISSION_IDS.ADMIN, _id: BuiltinPermissionID.ADMIN,
name: "Admin", name: "Admin",
permissions: [ permissions: [
new Permission(PermissionTypes.TABLE, PermissionLevels.ADMIN), new Permission(PermissionType.TABLE, PermissionLevel.ADMIN),
new Permission(PermissionTypes.USER, PermissionLevels.ADMIN), new Permission(PermissionType.USER, PermissionLevel.ADMIN),
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.ADMIN), new Permission(PermissionType.AUTOMATION, PermissionLevel.ADMIN),
new Permission(PermissionTypes.VIEW, PermissionLevels.ADMIN), new Permission(PermissionType.VIEW, PermissionLevel.ADMIN),
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ), new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
new Permission(PermissionTypes.QUERY, PermissionLevels.ADMIN), new Permission(PermissionType.QUERY, PermissionLevel.ADMIN),
], ],
}, },
} }
@ -143,8 +143,8 @@ export function getBuiltinPermissionByID(id: string) {
} }
export function doesHaveBasePermission( export function doesHaveBasePermission(
permType: PermissionTypes, permType: PermissionType,
permLevel: PermissionLevels, permLevel: PermissionLevel,
rolesHierarchy: RoleHierarchy rolesHierarchy: RoleHierarchy
) { ) {
const basePermissions = [ const basePermissions = [
@ -167,9 +167,9 @@ export function doesHaveBasePermission(
return false return false
} }
export function isPermissionLevelHigherThanRead(level: PermissionLevels) { export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
return levelToNumber(level) > 1 return levelToNumber(level) > 1
} }
// utility as a lot of things need simply the builder permission // utility as a lot of things need simply the builder permission
export const BUILDER = PermissionTypes.BUILDER export const BUILDER = PermissionType.BUILDER

16
packages/backend-core/src/security/roles.ts
View file

@ -1,4 +1,4 @@
import { BUILTIN_PERMISSION_IDS, PermissionLevels } from "./permissions" import { BuiltinPermissionID, PermissionLevel } from "./permissions"
import { import {
generateRoleID, generateRoleID,
getRoleParams, getRoleParams,
@ -54,19 +54,19 @@ export class Role {
const BUILTIN_ROLES = { const BUILTIN_ROLES = {
ADMIN: new Role(BUILTIN_IDS.ADMIN, "Admin") ADMIN: new Role(BUILTIN_IDS.ADMIN, "Admin")
.addPermission(BUILTIN_PERMISSION_IDS.ADMIN) .addPermission(BuiltinPermissionID.ADMIN)
.addInheritance(BUILTIN_IDS.POWER), .addInheritance(BUILTIN_IDS.POWER),
POWER: new Role(BUILTIN_IDS.POWER, "Power") POWER: new Role(BUILTIN_IDS.POWER, "Power")
.addPermission(BUILTIN_PERMISSION_IDS.POWER) .addPermission(BuiltinPermissionID.POWER)
.addInheritance(BUILTIN_IDS.BASIC), .addInheritance(BUILTIN_IDS.BASIC),
BASIC: new Role(BUILTIN_IDS.BASIC, "Basic") BASIC: new Role(BUILTIN_IDS.BASIC, "Basic")
.addPermission(BUILTIN_PERMISSION_IDS.WRITE) .addPermission(BuiltinPermissionID.WRITE)
.addInheritance(BUILTIN_IDS.PUBLIC), .addInheritance(BUILTIN_IDS.PUBLIC),
PUBLIC: new Role(BUILTIN_IDS.PUBLIC, "Public").addPermission( PUBLIC: new Role(BUILTIN_IDS.PUBLIC, "Public").addPermission(
BUILTIN_PERMISSION_IDS.PUBLIC BuiltinPermissionID.PUBLIC
), ),
BUILDER: new Role(BUILTIN_IDS.BUILDER, "Builder").addPermission( BUILDER: new Role(BUILTIN_IDS.BUILDER, "Builder").addPermission(
BUILTIN_PERMISSION_IDS.ADMIN BuiltinPermissionID.ADMIN
), ),
} }
@ -227,8 +227,8 @@ export function checkForRoleResourceArray(
if (rolePerms && !Array.isArray(rolePerms[resourceId])) { if (rolePerms && !Array.isArray(rolePerms[resourceId])) {
const permLevel = rolePerms[resourceId] as any const permLevel = rolePerms[resourceId] as any
rolePerms[resourceId] = [permLevel] rolePerms[resourceId] = [permLevel]
if (permLevel === PermissionLevels.WRITE) { if (permLevel === PermissionLevel.WRITE) {
rolePerms[resourceId].push(PermissionLevels.READ) rolePerms[resourceId].push(PermissionLevel.READ)
} }
} }
return rolePerms return rolePerms

8
packages/server/src/api/routes/automation.js
View file

@ -3,8 +3,8 @@ const controller = require("../controllers/automation")
const authorized = require("../../middleware/authorized") const authorized = require("../../middleware/authorized")
const { const {
BUILDER, BUILDER,
PermissionLevels, PermissionLevel,
PermissionTypes, PermissionType,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const { bodyResource, paramResource } = require("../../middleware/resourceId") const { bodyResource, paramResource } = require("../../middleware/resourceId")
const { const {
@ -71,14 +71,14 @@ router
"/api/automations/:id/trigger", "/api/automations/:id/trigger",
appInfoMiddleware({ appType: AppType.PROD }), appInfoMiddleware({ appType: AppType.PROD }),
paramResource("id"), paramResource("id"),
authorized(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE), authorized(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
controller.trigger controller.trigger
) )
.post( .post(
"/api/automations/:id/test", "/api/automations/:id/test",
appInfoMiddleware({ appType: AppType.DEV }), appInfoMiddleware({ appType: AppType.DEV }),
paramResource("id"), paramResource("id"),
authorized(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE), authorized(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
controller.test controller.test
) )

10
packages/server/src/api/routes/datasource.js
View file

@ -3,8 +3,8 @@ const datasourceController = require("../controllers/datasource")
const authorized = require("../../middleware/authorized") const authorized = require("../../middleware/authorized")
const { const {
BUILDER, BUILDER,
PermissionLevels, PermissionLevel,
PermissionTypes, PermissionType,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const { const {
datasourceValidator, datasourceValidator,
@ -17,17 +17,17 @@ router
.get("/api/datasources", authorized(BUILDER), datasourceController.fetch) .get("/api/datasources", authorized(BUILDER), datasourceController.fetch)
.get( .get(
"/api/datasources/:datasourceId", "/api/datasources/:datasourceId",
authorized(PermissionTypes.TABLE, PermissionLevels.READ), authorized(PermissionType.TABLE, PermissionLevel.READ),
datasourceController.find datasourceController.find
) )
.put( .put(
"/api/datasources/:datasourceId", "/api/datasources/:datasourceId",
authorized(PermissionTypes.TABLE, PermissionLevels.READ), authorized(PermissionType.TABLE, PermissionLevel.READ),
datasourceController.update datasourceController.update
) )
.post( .post(
"/api/datasources/query", "/api/datasources/query",
authorized(PermissionTypes.TABLE, PermissionLevels.READ), authorized(PermissionType.TABLE, PermissionLevel.READ),
datasourceQueryValidator(), datasourceQueryValidator(),
datasourceController.query datasourceController.query
) )

20
packages/server/src/api/routes/public/index.ts
View file

@ -13,8 +13,8 @@ import env from "../../../environment"
const Router = require("@koa/router") const Router = require("@koa/router")
const { RateLimit, Stores } = require("koa2-ratelimit") const { RateLimit, Stores } = require("koa2-ratelimit")
const { const {
PermissionLevels, PermissionLevel,
PermissionTypes, PermissionType,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const { getRedisOptions } = require("@budibase/backend-core/redis").utils const { getRedisOptions } = require("@budibase/backend-core/redis").utils
@ -105,7 +105,7 @@ function applyRoutes(
: paramResource(resource) : paramResource(resource)
const publicApiMiddleware = publicApi({ const publicApiMiddleware = publicApi({
requiresAppId: requiresAppId:
permType !== PermissionTypes.APP && permType !== PermissionTypes.USER, permType !== PermissionType.APP && permType !== PermissionType.USER,
}) })
addMiddleware(endpoints.read, publicApiMiddleware) addMiddleware(endpoints.read, publicApiMiddleware)
addMiddleware(endpoints.write, publicApiMiddleware) addMiddleware(endpoints.write, publicApiMiddleware)
@ -113,8 +113,8 @@ function applyRoutes(
addMiddleware(endpoints.read, paramMiddleware) addMiddleware(endpoints.read, paramMiddleware)
addMiddleware(endpoints.write, paramMiddleware) addMiddleware(endpoints.write, paramMiddleware)
// add the authorization middleware, using the correct perm type // add the authorization middleware, using the correct perm type
addMiddleware(endpoints.read, authorized(permType, PermissionLevels.READ)) addMiddleware(endpoints.read, authorized(permType, PermissionLevel.READ))
addMiddleware(endpoints.write, authorized(permType, PermissionLevels.WRITE)) addMiddleware(endpoints.write, authorized(permType, PermissionLevel.WRITE))
// add the output mapper middleware // add the output mapper middleware
addMiddleware(endpoints.read, mapperMiddleware, { output: true }) addMiddleware(endpoints.read, mapperMiddleware, { output: true })
addMiddleware(endpoints.write, mapperMiddleware, { output: true }) addMiddleware(endpoints.write, mapperMiddleware, { output: true })
@ -122,12 +122,12 @@ function applyRoutes(
addToRouter(endpoints.write) addToRouter(endpoints.write)
} }
applyRoutes(appEndpoints, PermissionTypes.APP, "appId") applyRoutes(appEndpoints, PermissionType.APP, "appId")
applyRoutes(tableEndpoints, PermissionTypes.TABLE, "tableId") applyRoutes(tableEndpoints, PermissionType.TABLE, "tableId")
applyRoutes(userEndpoints, PermissionTypes.USER, "userId") applyRoutes(userEndpoints, PermissionType.USER, "userId")
applyRoutes(queryEndpoints, PermissionTypes.QUERY, "queryId") applyRoutes(queryEndpoints, PermissionType.QUERY, "queryId")
// needs to be applied last for routing purposes, don't override other endpoints // needs to be applied last for routing purposes, don't override other endpoints
applyRoutes(rowEndpoints, PermissionTypes.TABLE, "tableId", "rowId") applyRoutes(rowEndpoints, PermissionType.TABLE, "tableId", "rowId")
export default publicRouter export default publicRouter

10
packages/server/src/api/routes/query.js
View file

@ -2,8 +2,8 @@ const Router = require("@koa/router")
const queryController = require("../controllers/query") const queryController = require("../controllers/query")
const authorized = require("../../middleware/authorized") const authorized = require("../../middleware/authorized")
const { const {
PermissionLevels, PermissionLevel,
PermissionTypes, PermissionType,
BUILDER, BUILDER,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const { const {
@ -38,20 +38,20 @@ router
.get( .get(
"/api/queries/:queryId", "/api/queries/:queryId",
paramResource("queryId"), paramResource("queryId"),
authorized(PermissionTypes.QUERY, PermissionLevels.READ), authorized(PermissionType.QUERY, PermissionLevel.READ),
queryController.find queryController.find
) )
// DEPRECATED - use new query endpoint for future work // DEPRECATED - use new query endpoint for future work
.post( .post(
"/api/queries/:queryId", "/api/queries/:queryId",
paramResource("queryId"), paramResource("queryId"),
authorized(PermissionTypes.QUERY, PermissionLevels.WRITE), authorized(PermissionType.QUERY, PermissionLevel.WRITE),
queryController.executeV1 queryController.executeV1
) )
.post( .post(
"/api/v2/queries/:queryId", "/api/v2/queries/:queryId",
paramResource("queryId"), paramResource("queryId"),
authorized(PermissionTypes.QUERY, PermissionLevels.WRITE), authorized(PermissionType.QUERY, PermissionLevel.WRITE),
queryController.executeV2 queryController.executeV2
) )
.delete( .delete(

24
packages/server/src/api/routes/row.ts
View file

@ -3,8 +3,8 @@ import * as rowController from "../controllers/row"
import authorized from "../../middleware/authorized" import authorized from "../../middleware/authorized"
import { paramResource, paramSubResource } from "../../middleware/resourceId" import { paramResource, paramSubResource } from "../../middleware/resourceId"
const { const {
PermissionLevels, PermissionLevel,
PermissionTypes, PermissionType,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const { internalSearchValidator } = require("./utils/validators") const { internalSearchValidator } = require("./utils/validators")
@ -28,7 +28,7 @@ router
.get( .get(
"/api/:tableId/:rowId/enrich", "/api/:tableId/:rowId/enrich",
paramSubResource("tableId", "rowId"), paramSubResource("tableId", "rowId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ), authorized(PermissionType.TABLE, PermissionLevel.READ),
rowController.fetchEnrichedRow rowController.fetchEnrichedRow
) )
/** /**
@ -48,7 +48,7 @@ router
.get( .get(
"/api/:tableId/rows", "/api/:tableId/rows",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ), authorized(PermissionType.TABLE, PermissionLevel.READ),
rowController.fetch rowController.fetch
) )
/** /**
@ -67,7 +67,7 @@ router
.get( .get(
"/api/:tableId/rows/:rowId", "/api/:tableId/rows/:rowId",
paramSubResource("tableId", "rowId"), paramSubResource("tableId", "rowId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ), authorized(PermissionType.TABLE, PermissionLevel.READ),
rowController.find rowController.find
) )
/** /**
@ -137,7 +137,7 @@ router
"/api/:tableId/search", "/api/:tableId/search",
internalSearchValidator(), internalSearchValidator(),
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ), authorized(PermissionType.TABLE, PermissionLevel.READ),
rowController.search rowController.search
) )
// DEPRECATED - this is an old API, but for backwards compat it needs to be // DEPRECATED - this is an old API, but for backwards compat it needs to be
@ -145,7 +145,7 @@ router
.post( .post(
"/api/search/:tableId/rows", "/api/search/:tableId/rows",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ), authorized(PermissionType.TABLE, PermissionLevel.READ),
rowController.search rowController.search
) )
/** /**
@ -175,7 +175,7 @@ router
.post( .post(
"/api/:tableId/rows", "/api/:tableId/rows",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), authorized(PermissionType.TABLE, PermissionLevel.WRITE),
rowController.save rowController.save
) )
/** /**
@ -189,7 +189,7 @@ router
.patch( .patch(
"/api/:tableId/rows", "/api/:tableId/rows",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), authorized(PermissionType.TABLE, PermissionLevel.WRITE),
rowController.patch rowController.patch
) )
/** /**
@ -215,7 +215,7 @@ router
.post( .post(
"/api/:tableId/rows/validate", "/api/:tableId/rows/validate",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), authorized(PermissionType.TABLE, PermissionLevel.WRITE),
rowController.validate rowController.validate
) )
/** /**
@ -241,7 +241,7 @@ router
.delete( .delete(
"/api/:tableId/rows", "/api/:tableId/rows",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), authorized(PermissionType.TABLE, PermissionLevel.WRITE),
rowController.destroy rowController.destroy
) )
@ -261,7 +261,7 @@ router
.post( .post(
"/api/:tableId/rows/exportRows", "/api/:tableId/rows/exportRows",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), authorized(PermissionType.TABLE, PermissionLevel.WRITE),
rowController.exportRows rowController.exportRows
) )

10
packages/server/src/api/routes/static.ts
View file

@ -4,8 +4,8 @@ import { budibaseTempDir } from "../../utilities/budibaseDir"
import authorized from "../../middleware/authorized" import authorized from "../../middleware/authorized"
import { import {
BUILDER, BUILDER,
PermissionTypes, PermissionType,
PermissionLevels, PermissionLevel,
} from "@budibase/backend-core/permissions" } from "@budibase/backend-core/permissions"
import * as env from "../../environment" import * as env from "../../environment"
import { paramResource } from "../../middleware/resourceId" import { paramResource } from "../../middleware/resourceId"
@ -47,13 +47,13 @@ router
.post( .post(
"/api/attachments/:tableId/upload", "/api/attachments/:tableId/upload",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), authorized(PermissionType.TABLE, PermissionLevel.WRITE),
controller.uploadFile controller.uploadFile
) )
.post( .post(
"/api/attachments/:tableId/delete", "/api/attachments/:tableId/delete",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE), authorized(PermissionType.TABLE, PermissionLevel.WRITE),
controller.deleteObjects controller.deleteObjects
) )
.get("/app/preview", authorized(BUILDER), controller.serveBuilderPreview) .get("/app/preview", authorized(BUILDER), controller.serveBuilderPreview)
@ -61,7 +61,7 @@ router
.get("/app/:appUrl/:path*", controller.serveApp) .get("/app/:appUrl/:path*", controller.serveApp)
.post( .post(
"/api/attachments/:datasourceId/url", "/api/attachments/:datasourceId/url",
authorized(PermissionTypes.TABLE, PermissionLevels.READ), authorized(PermissionType.TABLE, PermissionLevel.READ),
controller.getSignedUploadURL controller.getSignedUploadURL
) )

6
packages/server/src/api/routes/table.js
View file

@ -4,8 +4,8 @@ const authorized = require("../../middleware/authorized")
const { paramResource, bodyResource } = require("../../middleware/resourceId") const { paramResource, bodyResource } = require("../../middleware/resourceId")
const { const {
BUILDER, BUILDER,
PermissionLevels, PermissionLevel,
PermissionTypes, PermissionType,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const { tableValidator } = require("./utils/validators") const { tableValidator } = require("./utils/validators")
@ -40,7 +40,7 @@ router
.get( .get(
"/api/tables/:tableId", "/api/tables/:tableId",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionTypes.TABLE, PermissionLevels.READ, { schema: true }), authorized(PermissionType.TABLE, PermissionLevel.READ, { schema: true }),
tableController.find tableController.find
) )
/** /**

10
packages/server/src/api/routes/tests/role.spec.js
View file

@ -1,6 +1,6 @@
const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles") const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
const { const {
BUILTIN_PERMISSION_IDS, BuiltinPermissionID,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const setup = require("./utilities") const setup = require("./utilities")
const { basicRole } = setup.structures const { basicRole } = setup.structures
@ -76,18 +76,18 @@ describe("/roles", () => {
const adminRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.ADMIN) const adminRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.ADMIN)
expect(adminRole).toBeDefined() expect(adminRole).toBeDefined()
expect(adminRole.inherits).toEqual(BUILTIN_ROLE_IDS.POWER) expect(adminRole.inherits).toEqual(BUILTIN_ROLE_IDS.POWER)
expect(adminRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.ADMIN) expect(adminRole.permissionId).toEqual(BuiltinPermissionID.ADMIN)
const powerUserRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.POWER) const powerUserRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.POWER)
expect(powerUserRole).toBeDefined() expect(powerUserRole).toBeDefined()
expect(powerUserRole.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC) expect(powerUserRole.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC)
expect(powerUserRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.POWER) expect(powerUserRole.permissionId).toEqual(BuiltinPermissionID.POWER)
const customRoleFetched = res.body.find(r => r._id === customRole._id) const customRoleFetched = res.body.find(r => r._id === customRole._id)
expect(customRoleFetched).toBeDefined() expect(customRoleFetched).toBeDefined()
expect(customRoleFetched.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC) expect(customRoleFetched.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC)
expect(customRoleFetched.permissionId).toEqual( expect(customRoleFetched.permissionId).toEqual(
BUILTIN_PERMISSION_IDS.READ_ONLY BuiltinPermissionID.READ_ONLY
) )
}) })
@ -109,7 +109,7 @@ describe("/roles", () => {
it("should delete custom roles", async () => { it("should delete custom roles", async () => {
const customRole = await config.createRole({ const customRole = await config.createRole({
name: "user", name: "user",
permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY, permissionId: BuiltinPermissionID.READ_ONLY,
inherits: BUILTIN_ROLE_IDS.BASIC, inherits: BUILTIN_ROLE_IDS.BASIC,
}) })
delete customRole._rev_tree delete customRole._rev_tree

20
packages/server/src/api/routes/user.js
View file

@ -2,8 +2,8 @@ const Router = require("@koa/router")
const controller = require("../controllers/user") const controller = require("../controllers/user")
const authorized = require("../../middleware/authorized") const authorized = require("../../middleware/authorized")
const { const {
PermissionLevels, PermissionLevel,
PermissionTypes, PermissionType,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const router = new Router() const router = new Router()
@ -11,42 +11,42 @@ const router = new Router()
router router
.get( .get(
"/api/users/metadata", "/api/users/metadata",
authorized(PermissionTypes.USER, PermissionLevels.READ), authorized(PermissionType.USER, PermissionLevel.READ),
controller.fetchMetadata controller.fetchMetadata
) )
.get( .get(
"/api/users/metadata/:id", "/api/users/metadata/:id",
authorized(PermissionTypes.USER, PermissionLevels.READ), authorized(PermissionType.USER, PermissionLevel.READ),
controller.findMetadata controller.findMetadata
) )
.put( .put(
"/api/users/metadata", "/api/users/metadata",
authorized(PermissionTypes.USER, PermissionLevels.WRITE), authorized(PermissionType.USER, PermissionLevel.WRITE),
controller.updateMetadata controller.updateMetadata
) )
.post( .post(
"/api/users/metadata/self", "/api/users/metadata/self",
authorized(PermissionTypes.USER, PermissionLevels.WRITE), authorized(PermissionType.USER, PermissionLevel.WRITE),
controller.updateSelfMetadata controller.updateSelfMetadata
) )
.delete( .delete(
"/api/users/metadata/:id", "/api/users/metadata/:id",
authorized(PermissionTypes.USER, PermissionLevels.WRITE), authorized(PermissionType.USER, PermissionLevel.WRITE),
controller.destroyMetadata controller.destroyMetadata
) )
.post( .post(
"/api/users/metadata/sync/:id", "/api/users/metadata/sync/:id",
authorized(PermissionTypes.USER, PermissionLevels.WRITE), authorized(PermissionType.USER, PermissionLevel.WRITE),
controller.syncUser controller.syncUser
) )
.post( .post(
"/api/users/flags", "/api/users/flags",
authorized(PermissionTypes.USER, PermissionLevels.WRITE), authorized(PermissionType.USER, PermissionLevel.WRITE),
controller.setFlag controller.setFlag
) )
.get( .get(
"/api/users/flags", "/api/users/flags",
authorized(PermissionTypes.USER, PermissionLevels.READ), authorized(PermissionType.USER, PermissionLevel.READ),
controller.getFlags controller.getFlags
) )

10
packages/server/src/api/routes/utils/validators.js
View file

@ -1,8 +1,8 @@
const { joiValidator } = require("@budibase/backend-core/auth") const { joiValidator } = require("@budibase/backend-core/auth")
const { DataSourceOperation } = require("../../../constants") const { DataSourceOperation } = require("../../../constants")
const { const {
BUILTIN_PERMISSION_IDS, BuiltinPermissionID,
PermissionLevels, PermissionLevel,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const { WebhookActionType } = require("@budibase/types") const { WebhookActionType } = require("@budibase/types")
const Joi = require("joi") const Joi = require("joi")
@ -133,14 +133,14 @@ exports.webhookValidator = () => {
} }
exports.roleValidator = () => { exports.roleValidator = () => {
const permLevelArray = Object.values(PermissionLevels) const permLevelArray = Object.values(PermissionLevel)
// prettier-ignore // prettier-ignore
return joiValidator.body(Joi.object({ return joiValidator.body(Joi.object({
_id: OPTIONAL_STRING, _id: OPTIONAL_STRING,
_rev: OPTIONAL_STRING, _rev: OPTIONAL_STRING,
name: Joi.string().required(), name: Joi.string().required(),
// this is the base permission ID (for now a built in) // this is the base permission ID (for now a built in)
permissionId: Joi.string().valid(...Object.values(BUILTIN_PERMISSION_IDS)).required(), permissionId: Joi.string().valid(...Object.values(BuiltinPermissionID)).required(),
permissions: Joi.object() permissions: Joi.object()
.pattern(/.*/, [Joi.string().valid(...permLevelArray)]) .pattern(/.*/, [Joi.string().valid(...permLevelArray)])
.optional(), .optional(),
@ -149,7 +149,7 @@ exports.roleValidator = () => {
} }
exports.permissionValidator = () => { exports.permissionValidator = () => {
const permLevelArray = Object.values(PermissionLevels) const permLevelArray = Object.values(PermissionLevel)
// prettier-ignore // prettier-ignore
return joiValidator.params(Joi.object({ return joiValidator.params(Joi.object({
level: Joi.string().valid(...permLevelArray).required(), level: Joi.string().valid(...permLevelArray).required(),

6
packages/server/src/api/routes/view.js
View file

@ -5,8 +5,8 @@ const authorized = require("../../middleware/authorized")
const { paramResource } = require("../../middleware/resourceId") const { paramResource } = require("../../middleware/resourceId")
const { const {
BUILDER, BUILDER,
PermissionTypes, PermissionType,
PermissionLevels, PermissionLevel,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const router = new Router() const router = new Router()
@ -16,7 +16,7 @@ router
.get( .get(
"/api/views/:viewName", "/api/views/:viewName",
paramResource("viewName"), paramResource("viewName"),
authorized(PermissionTypes.VIEW, PermissionLevels.READ), authorized(PermissionType.VIEW, PermissionLevel.READ),
rowController.fetchView rowController.fetchView
) )
.get("/api/views", authorized(BUILDER), viewController.fetch) .get("/api/views", authorized(BUILDER), viewController.fetch)

12
packages/server/src/middleware/authorized.ts
View file

@ -4,8 +4,8 @@ import {
BUILTIN_ROLE_IDS, BUILTIN_ROLE_IDS,
} from "@budibase/backend-core/roles" } from "@budibase/backend-core/roles"
const { const {
PermissionTypes, PermissionType,
PermissionLevels, PermissionLevel,
doesHaveBasePermission, doesHaveBasePermission,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
const builderMiddleware = require("./builder") const builderMiddleware = require("./builder")
@ -33,7 +33,7 @@ const checkAuthorized = async (
) => { ) => {
// check if this is a builder api and the user is not a builder // check if this is a builder api and the user is not a builder
const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global
const isBuilderApi = permType === PermissionTypes.BUILDER const isBuilderApi = permType === PermissionType.BUILDER
if (isBuilderApi && !isBuilder) { if (isBuilderApi && !isBuilder) {
return ctx.throw(403, "Not Authorized") return ctx.throw(403, "Not Authorized")
} }
@ -91,9 +91,9 @@ export = (permType: any, permLevel: any = null, opts = { schema: false }) =>
let resourceRoles: any = [] let resourceRoles: any = []
let otherLevelRoles: any = [] let otherLevelRoles: any = []
const otherLevel = const otherLevel =
permLevel === PermissionLevels.READ permLevel === PermissionLevel.READ
? PermissionLevels.WRITE ? PermissionLevel.WRITE
: PermissionLevels.READ : PermissionLevel.READ
const appId = getAppId() const appId = getAppId()
if (appId && hasResource(ctx)) { if (appId && hasResource(ctx)) {
resourceRoles = await getRequiredResourceRole(permLevel, ctx) resourceRoles = await getRequiredResourceRole(permLevel, ctx)

2
packages/server/src/middleware/builder.ts
View file

@ -70,7 +70,7 @@ export = async function builder(ctx: BBContext, permType: string) {
if (!appId) { if (!appId) {
return return
} }
const isBuilderApi = permType === permissions.PermissionTypes.BUILDER const isBuilderApi = permType === permissions.PermissionType.BUILDER
const referer = ctx.headers["referer"] const referer = ctx.headers["referer"]
const overviewPath = "/builder/portal/overview/" const overviewPath = "/builder/portal/overview/"

10
packages/server/src/middleware/tests/authorized.spec.js
View file

@ -9,7 +9,7 @@ jest.mock("../../environment", () => ({
) )
const authorizedMiddleware = require("../authorized") const authorizedMiddleware = require("../authorized")
const env = require("../../environment") const env = require("../../environment")
const { PermissionTypes, PermissionLevels } = require("@budibase/backend-core/permissions") const { PermissionType, PermissionLevel } = require("@budibase/backend-core/permissions")
const { doInAppContext } = require("@budibase/backend-core/context") const { doInAppContext } = require("@budibase/backend-core/context")
const APP_ID = "" const APP_ID = ""
@ -113,7 +113,7 @@ describe("Authorization middleware", () => {
it("throws if the user does not have builder permissions", async () => { it("throws if the user does not have builder permissions", async () => {
config.setEnvironment(false) config.setEnvironment(false)
config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER) config.setMiddlewareRequiredPermission(PermissionType.BUILDER)
config.setUser({ config.setUser({
role: { role: {
_id: "" _id: ""
@ -125,13 +125,13 @@ describe("Authorization middleware", () => {
}) })
it("passes on to next() middleware if the user has resource permission", async () => { it("passes on to next() middleware if the user has resource permission", async () => {
config.setResourceId(PermissionTypes.QUERY) config.setResourceId(PermissionType.QUERY)
config.setUser({ config.setUser({
role: { role: {
_id: "" _id: ""
} }
}) })
config.setMiddlewareRequiredPermission(PermissionTypes.QUERY) config.setMiddlewareRequiredPermission(PermissionType.QUERY)
await config.executeMiddleware() await config.executeMiddleware()
expect(config.next).toHaveBeenCalled() expect(config.next).toHaveBeenCalled()
@ -155,7 +155,7 @@ describe("Authorization middleware", () => {
_id: "" _id: ""
}, },
}) })
config.setMiddlewareRequiredPermission(PermissionTypes.ADMIN, PermissionLevels.BASIC) config.setMiddlewareRequiredPermission(PermissionType.ADMIN, PermissionLevel.BASIC)
await config.executeMiddleware() await config.executeMiddleware()
expect(config.throw).toHaveBeenCalledWith(403, "User does not have permission") expect(config.throw).toHaveBeenCalledWith(403, "User does not have permission")

4
packages/server/src/tests/utilities/structures.js
View file

@ -1,5 +1,5 @@
const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles") const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
const { BUILTIN_PERMISSION_IDS } = require("@budibase/backend-core/permissions") const { BuiltinPermissionID } = require("@budibase/backend-core/permissions")
const { createHomeScreen } = require("../../constants/screens") const { createHomeScreen } = require("../../constants/screens")
const { EMPTY_LAYOUT } = require("../../constants/layouts") const { EMPTY_LAYOUT } = require("../../constants/layouts")
const { cloneDeep } = require("lodash/fp") const { cloneDeep } = require("lodash/fp")
@ -135,7 +135,7 @@ exports.basicRole = () => {
return { return {
name: "NewRole", name: "NewRole",
inherits: BUILTIN_ROLE_IDS.BASIC, inherits: BUILTIN_ROLE_IDS.BASIC,
permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY, permissionId: BuiltinPermissionID.READ_ONLY,
} }
} }

24
packages/server/src/utilities/security.js
View file

@ -1,6 +1,6 @@
const { const {
PermissionLevels, PermissionLevel,
PermissionTypes, PermissionType,
getBuiltinPermissionByID, getBuiltinPermissionByID,
isPermissionLevelHigherThanRead, isPermissionLevelHigherThanRead,
} = require("@budibase/backend-core/permissions") } = require("@budibase/backend-core/permissions")
@ -11,9 +11,9 @@ const {
const { DocumentType } = require("../db/utils") const { DocumentType } = require("../db/utils")
const CURRENTLY_SUPPORTED_LEVELS = [ const CURRENTLY_SUPPORTED_LEVELS = [
PermissionLevels.WRITE, PermissionLevel.WRITE,
PermissionLevels.READ, PermissionLevel.READ,
PermissionLevels.EXECUTE, PermissionLevel.EXECUTE,
] ]
exports.getPermissionType = resourceId => { exports.getPermissionType = resourceId => {
@ -23,17 +23,17 @@ exports.getPermissionType = resourceId => {
switch (docType) { switch (docType) {
case DocumentType.TABLE: case DocumentType.TABLE:
case DocumentType.ROW: case DocumentType.ROW:
return PermissionTypes.TABLE return PermissionType.TABLE
case DocumentType.AUTOMATION: case DocumentType.AUTOMATION:
return PermissionTypes.AUTOMATION return PermissionType.AUTOMATION
case DocumentType.WEBHOOK: case DocumentType.WEBHOOK:
return PermissionTypes.WEBHOOK return PermissionType.WEBHOOK
case DocumentType.QUERY: case DocumentType.QUERY:
case DocumentType.DATASOURCE: case DocumentType.DATASOURCE:
return PermissionTypes.QUERY return PermissionType.QUERY
default: default:
// views don't have an ID, will end up here // views don't have an ID, will end up here
return PermissionTypes.VIEW return PermissionType.VIEW
} }
} }
@ -58,8 +58,8 @@ exports.getBasePermissions = resourceId => {
const level = typedPermission.level const level = typedPermission.level
permissions[level] = lowerBuiltinRoleID(permissions[level], roleId) permissions[level] = lowerBuiltinRoleID(permissions[level], roleId)
if (isPermissionLevelHigherThanRead(level)) { if (isPermissionLevelHigherThanRead(level)) {
permissions[PermissionLevels.READ] = lowerBuiltinRoleID( permissions[PermissionLevel.READ] = lowerBuiltinRoleID(
permissions[PermissionLevels.READ], permissions[PermissionLevel.READ],
roleId roleId
) )
} }