WIP - storing progress on RBAC changes.

2024-06-28 11:00:55 +12:00 · 2021-02-11 10:24:37 +00:00 · 2021-02-11 10:24:37 +00:00 · fdb825d444
parent 0fc6f0de98
commit fdb825d444
2 changed files with 49 additions and 1 deletions
--- a/packages/server/src/api/controllers/permission.js
+++ b/packages/server/src/api/controllers/permission.js
@ -1,7 +1,9 @@
 const {
  BUILTIN_PERMISSIONS,
  PermissionLevels,
+  PermissionTypes,
  higherPermission,
+  getBuiltinPermissionByID,
 } = require("../../utilities/security/permissions")
 const {
  isBuiltin,
@ -9,7 +11,7 @@ const {
  getExternalRoleID,
  BUILTIN_ROLES,
 } = require("../../utilities/security/roles")
-const { getRoleParams } = require("../../db/utils")
+const { getRoleParams, DocumentTypes } = require("../../db/utils")
 const CouchDB = require("../../db")
 const { cloneDeep } = require("lodash/fp")

@ -18,6 +20,47 @@ const PermissionUpdateType = {
  ADD: "add",
 }

+function getBasePermissions(resourceId) {
+  const docType = DocumentTypes.filter(docType =>
+    resourceId.startsWith(docType)
+  )[0]
+  const levelsToFind = [PermissionLevels.WRITE, PermissionLevels.READ]
+  let type
+  switch (docType) {
+    case DocumentTypes.TABLE:
+    case DocumentTypes.ROW:
+      type = PermissionTypes.TABLE
+      break
+    case DocumentTypes.AUTOMATION:
+      type = PermissionTypes.AUTOMATION
+      break
+    case DocumentTypes.WEBHOOK:
+      type = PermissionTypes.WEBHOOK
+      break
+    case DocumentTypes.QUERY:
+    case DocumentTypes.DATASOURCE:
+      type = PermissionTypes.QUERY
+      break
+    default:
+      // views don't have an ID, will end up here
+      type = PermissionTypes.VIEW
+      break
+  }
+
+  const permissions = {}
+  for (let [roleId, role] of Object.entries(BUILTIN_ROLES)) {
+    if (!role.permissionId) {
+      continue
+    }
+    const perms = getBuiltinPermissionByID(role.permissionId)
+    const typedPermission = perms.permissions.find(perm => perm.type === type)
+    if (typedPermission) {
+      // TODO: need to get the lowest role
+      // TODO: store the read/write with the lowest role
+    }
+  }
+}
+
 // utility function to stop this repetition - permissions always stored under roles
 async function getAllDBRoles(db) {
  const body = await db.allDocs(
--- a/packages/server/src/utilities/security/permissions.js
+++ b/packages/server/src/utilities/security/permissions.js
@ -97,6 +97,11 @@ exports.BUILTIN_PERMISSIONS = {
  },
 }

+exports.getBuiltinPermissionByID = id => {
+  const perms = Object.values(exports.BUILTIN_PERMISSIONS)
+  return perms.find(perm => perm._id === id)
+}
+
 exports.doesHaveResourcePermission = (
  permissions,
  permLevel,