多维表格
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

209 lines
5.4 KiB

import { OrgUserRoles, ProjectRoles, SourceRestriction } from 'nocodb-sdk'
const roleScopes = {
org: [OrgUserRoles.VIEWER, OrgUserRoles.CREATOR],
9 months ago
base: [
ProjectRoles.NO_ACCESS,
ProjectRoles.VIEWER,
ProjectRoles.COMMENTER,
ProjectRoles.EDITOR,
ProjectRoles.CREATOR,
ProjectRoles.OWNER,
],
}
interface Perm {
include?: Record<string, boolean>
}
/**
* Each permission value means the following
* `*` - which is wildcard, means all permissions are allowed
* `include` - which is an object, means only the permissions listed in the object are allowed
* `undefined` or `{}` - which is the default value, means no permissions are allowed
* */
const rolePermissions = {
// org level role permissions
[OrgUserRoles.SUPER_ADMIN]: '*',
[OrgUserRoles.CREATOR]: {
include: {
workspaceSettings: true,
superAdminUserManagement: true,
baseCreate: true,
baseMove: true,
baseDelete: true,
baseDuplicate: true,
newUser: true,
tableRename: true,
tableDelete: true,
viewCreateOrEdit: true,
baseReorder: true,
Nc feat/user management (#8369) * fix: source filter Signed-off-by: mertmit <mertmit99@gmail.com> * feat: sso cloud apis - WIP * feat: admin panel menu option * feat: UI integration - WIP * feat: UI integration - SSO * feat: domain verification * feat: workspace upgrade and sso page - WIP * feat: domain adding and verification - WIP * feat: domain adding and verification * fix: domain validation corrections * chore: lint * feat(nc-gui): organization settings page * feat(nc-gui): organization members page * fix(nc-gui): some more changes * fix(nc-gui): refactor collaborators ui * feat(nc-gui): dashboard ui * feat(nc-gui): bases page * feat(nocodb): wired up ui and apis. wip * fix(nc-gui): some more fixes * fix(nc-gui): move ws to org immediately after creation * fix(nc-gui): some more bug fixes * feat(nocodb): transfer workspace ownership * fix(nc-gui): load roles if baseId is provided in prop * fix(nc-gui): show only org workspaces * fix(nc-gui): some more fixes * fix(nc-gui): rename base * fix(nc-gui): invite fixes * feat: restrict access to org level user(SSO login) * fix: include org and client info in token * fix: include org and client info in refresh token * refactor: minor ui corrections * refactor: add a generic component for copying * refactor: ui correction and cleanup * fix: refresh token update * fix: ui corrections * fix: if user signin using unverified domain show error in sso page rather than showing the json with error * fix: for all sso related exceptions redirect to sso ui page with error * chore: lint * fix: show admin panel option only for user who have permission * fix: redirect to sso login page on logout based on current user info * test: sso - playwright test * fix: duplicate attribute * test: playwright * fix: missing import * test: playwright - WIP * test: playwright - Cloud sso login flow * fix: error handling * test: playwright - sso auth flow tests * fix: show upgrade option only for workspace owner * test: user invite tests corrections * test: user invite tests corrections * test: user management correction * test: playwright - use regex for path match * fix: delete existing provider if any * test: combine sso tests to run serially * test: playwright - title name correction * test: playwright - reset sso client from sso tests only * test: playwright - page navigation correction * refactor: by default navigate to org settings page on org creation and disable org image upload * refactor: reverify domain after 7 days and update role names to avoid confusion between org and cloud org roles * fix: corrections * fix: show org level roles in members section * refactor: disable org update by default * test: unit tests for org admin apis * chore: lint * fix: review comments * chore: lint and cleanup --------- Signed-off-by: mertmit <mertmit99@gmail.com> Co-authored-by: mertmit <mertmit99@gmail.com> Co-authored-by: DarkPhoenix2704 <anbarasun123@gmail.com>
7 months ago
orgAdminPanel: true,
workspaceAuditList: true,
Nc feat/integrations (#8903) * feat: integrations backend (WIP) * feat: migration - source table * feat: updated migration * feat: integration APIs - WIP * feat: integration - crud, acl, api tests * feat: integration - crud, acl, api tests * feat: integration - GUI integration * feat: private integration config * feat: integration GUI * feat: delete api and source creation * feat: add hint for input fields * fix: source creation bugs * refactor: placeholder text correction * refactor: include context * feat: integration delete with transaction * refactor: permission scope correction and move ee logic * refactor: migration correction and improvements * feat: confirm dialog * refactor: review comments * refactor: meta service changes * feat: add oss support - WIP * feat: add oss support * refactor: coderabbt suggestions * refactor: exclude config from api response * refactor: coderabbit review comments * refactor: rename migration names * fix: method name correction * fix(nc-gui): integration ui changes * fix(nc-gui): add edit integration ui changes * fix(nc-gui): add shared badge in integrations list * feat(nc-gui): duplicate integration * fix(nocodb): add copy from id integration support in create integration api * fix(nc-gui): update useIntegration store * fix(nc-gui): test connection btn style update * fix(nc-gui): update new integration modal * feat(nc-gui): add sort integration list support * fix(nc-gui): integration table to be center aligned * fix(nc-gui): move form item required mark to right side * fix: remove divider * fix(nc-gui): add input shadow * fix(nc-gui): base name validator error message * fix(nc-gui): add border if search connection input has some value * fix(nc-gui): add close btn in integration modal * chore(nc-gui): lint * fix(nc-gui): pr review changes * chore(nc-gui): cleanup unused code * chore(nc-gui): lint * fix(nc-gui): integrationsType not found issue * fix(nc-gui): update data source table * fix(nc-gui): populate integration name only on input value change * fix(nc-gui): create data source form update * fix: type correction * fix: label correction * fix: font corrections * fix: remove help text * fix: grammar in help text * fix(nc-gui): edit source ui changes * fix(nc-gui): base settings modal changes & datasource search feat * fix(nc-gui): update data source table * fix(nc-gui): move integrations outside team & settings * fix(nc-gui): make connections table full width * fix(nc-gui): modal height issue in small screen * fix(nc-gui): disable editing selected connection in edit data source * fix(nc-gui): add data sources in base settings tab * fix(nc-gui): ant design multiple warnings issue * fix(nc-gui): create source page scrollbar issue * feat(nc-gui): create connection from create source page * chore(nc-gui): lint * fix(nc-gui): update project members tab content margin * chore: label text change * fix: font changes * chore: font corrections * chore: integration => connection * fix(nc-gui): disable auto editing database name on changing connection name * fix(nc-gui): table header overflow issue * fix(nc-gui): show connection crud operation messages in toast * feat(nc-gui): request new integration ui * fix(nc-gui): text area height adjust issue * fix(nc-gui): add connection from source create issue * fix(nc-gui): show data source details in modal * fix(nc-gui): hide private connection option * fix(nc-gui): user should able to edit & save connection without test connection if only title updated * fix(nc-gui): add integration page in oss * fix(nc-gui): typo currection * fix(nc-gui): oss create base ui changes * misc: minor formatting changes * misc: formatting corrections * fix(nc-gui): overlay close btn issue * fix(nc-gui): some review changes * fix(nc-gui): remove link beetween connection name & database name * fix(nc-gui): update edit base/source modal oss * fix(nc-gui): add db type icon in select connection * chore(nc-gui): lint * fix: integration list - allow access based on base level role * fix(nc-gui): load integrations on creating integration from source create issue * fix(nc-gui): add connection count in tab * fix: correction in soft delete logic * fix(nc-gui): reset use ssl on panel collapse * fix(nc-gui): reduce select input font weight * fix(nc-gui): update connection edit access control * fix: integration read api correction * fix(nc-gui): some review changes * fix(nc-gui): labels update * fix(nc-gui): udpate text in delete modal integration -> connection * fix: remove permission from wrong scope * refactor: swagger description correction * fix(nc-gui): remove connection between source name & database name * fix(nc-gui): test connection is not needed form source name. inflection field changes * refactor: include integration title with source * feat: integration pagination * fix: remove unused prop * fix(nc-gui): update all tables tab btns tooltip * feat: new integration request * refactor: replace delete statement and use assigning undefined for better performance * feat(nc-gui): sync data support in project page * fix(nc-gui): all sync data type list * fix(nc-gui): close sync data modal issue * fix(nc-gui): add bg gray color on db icon of tooltip * fix(nc-gui): make connection as required field * fix(nc-gui): show connection name if not found and reload page * fix(nc-gui): show connection name in ds list * fix(nc-gui): ssl related changes * fix: oss permission * fix(nc-gui): active tab issue on clicking source * feat: include source count and sources in api response * fix(nc-gui): add getIntegration fun in useIntegrationStore * fix(nc-gui): source list udpate issue on updating source details * fix(nc-gui): fix external source icon alignment * feat: include base name and source count * fix: query correction * fix(nc-gui): show liked sources list in delete connection modal * fix(nc-gui): display connection usage information in list * fix(nc-gui): add sync data types icons * fix(nc-gui): add pagination support in connection list * fix(nc-gui): connection pagination issue * fix(nc-gui): connection tab count update issue * test(nc-gui): some of test cases updated * fix(nc-gui): some minor review changes * fix(nc-gui): minor ui changes * fix(nc-gui): Cannot read properties of undefined (reading 'sub_type') * fix(nc-gui): udpate all tables btn text * fix(nc-gui): ui changes * fix(nc-gui): overflow issue * fix(nc-gui): add connection icon & back btn in modal * fix(nc-gui): some minor ui changes * test(nc-gui): update source restriction test cases * chore(test): remove only from test * fix(nc-gui): update style of delete connection modal * test(nc-gui): update acl pw test cases * fix(test): ws collaboration role accss test fail issue * fix(nc-gui): add connection successfully added modal * fix(nc-gui): update connection added modal * fix(nc-gui): trigger sync request event on upvote * chore(nc-gui): lint * fix(nc-gui): add learn more btn in connection successfull modal * fix(nc-gui): add integration docs link support * fix(nc-gui): integration table name field text truncate issue * fix: misc corrections * misc: button width change * fix(nc-gui): update icons * fix(nc-gui): update test connection btn icons * fix(nc-gui): all tables btn gap issue * feat(nc-gui): search option in sync data modal * feat(nc-gui): search connection through api * fix(nc-gui): add base and source icon in delete connection modal * fix: update sync request event * fix(nc-gui): rebase conflict issue * fix: connections text length * fix(nc-gui): enable integration/create source supported docs option * fix(nc-gui): update advanced option header style --------- Co-authored-by: mertmit <mertmit99@gmail.com> Co-authored-by: Ramesh Mane <101566080+rameshmane7218@users.noreply.github.com> Co-authored-by: Raju Udava <86527202+dstala@users.noreply.github.com>
4 months ago
workspaceIntegrations: true,
},
},
[OrgUserRoles.VIEWER]: {
include: {
importRequest: true,
},
},
// Base role permissions
[ProjectRoles.OWNER]: {
include: {
baseDelete: true,
},
},
[ProjectRoles.CREATOR]: {
include: {
baseCreate: true,
fieldUpdate: true,
hookList: true,
feat: button field (#9144) * feat: static button type * fix: swagger * fix: style corrections * feat: webhook trigger * fix: disables * feat: Button icons fix: row Delete failing * fix: expanded-form ux fix: disable buttons in forms fix: update PlainCell button handling fix: webhook delete, active change handling * fix: disable case * fix: disable case * fix: update Button styles * fix: refactor min/max with limit for columns fix: disable filter, groupby for Button Field fix: disable aggregation for Buttons * fix: hide button field in Filters * fix: fields menu corrections fix: update menu corrections * fix: rebase * feat: support webhook creation from ButtonOptions * fix: sort related tests * fix: keep webhook modal open * fix: ui fixes * fix: icon duplicate * fix: syntax highlighing for handlebar fix: disable mascot fix: truncate selected webhook * fix: sort disable tooltip * test: button playwright test * fix: button column duplication * fix: add error fix: column options * fix: EditOrAddProvider.vue * fix: add invalid configuration * fix: ux corrections * fix: ux corrections * fix: error handling fix: clear single query cache on hook delete * fix: include button type in api * fix: update overlay styles fix: webhook update * fix: formula placeholder * fix: playwright tests * fix: playwright tests * feat: refactor formula input * fix: added more spacing * fix: no icon text * fix: lint * fix: handle invalid url * fix: handle sort by for button causes issue when button used as lookup * fix: button field position * docs: button field * fix: tooltip correction * fix: link * fix: add btn href * fix: handle some edge cases * fix: handle some edge cases * fix: update font color * fix: add manual trigger docs * fix: sqlite BaseModel fix * docs: button share view info * fix: rebase * fix: reduce height and added resize support fix: added tooltip if label overflow * fix: manual hook disable state * docs: manual trigger details in webhook page * fix: chevron grey shade to 500 * docs: sample payload for manual trigger * fix: style update * fix: pr review comments * fix: pr review changes * fix: reactivity issue * fix: reactivity issue * fix: filter enabled on button * fix: reload meta on webhook change * fix: error handling in formula filter * fix: handle url error --------- Co-authored-by: Raju Udava <86527202+dstala@users.noreply.github.com>
4 months ago
hookCreate: true,
tableCreate: true,
tableRename: true,
tableDelete: true,
tableDuplicate: true,
tableSort: true,
layoutRename: true,
layoutDelete: true,
airtableImport: true,
jsonImport: true,
excelImport: true,
settingsPage: true,
webhook: true,
fieldEdit: true,
fieldAlter: true,
fieldDelete: true,
fieldAdd: true,
tableIconEdit: true,
viewCreateOrEdit: true,
viewShare: true,
baseShare: true,
baseMiscSettings: true,
csvImport: true,
baseRename: true,
baseDuplicate: true,
sourceCreate: true,
baseAuditList: true,
},
},
[ProjectRoles.EDITOR]: {
include: {
dataInsert: true,
dataEdit: true,
sortSync: true,
filterSync: true,
filterChildrenRead: true,
viewFieldEdit: true,
csvTableImport: true,
excelTableImport: true,
feat: button field (#9144) * feat: static button type * fix: swagger * fix: style corrections * feat: webhook trigger * fix: disables * feat: Button icons fix: row Delete failing * fix: expanded-form ux fix: disable buttons in forms fix: update PlainCell button handling fix: webhook delete, active change handling * fix: disable case * fix: disable case * fix: update Button styles * fix: refactor min/max with limit for columns fix: disable filter, groupby for Button Field fix: disable aggregation for Buttons * fix: hide button field in Filters * fix: fields menu corrections fix: update menu corrections * fix: rebase * feat: support webhook creation from ButtonOptions * fix: sort related tests * fix: keep webhook modal open * fix: ui fixes * fix: icon duplicate * fix: syntax highlighing for handlebar fix: disable mascot fix: truncate selected webhook * fix: sort disable tooltip * test: button playwright test * fix: button column duplication * fix: add error fix: column options * fix: EditOrAddProvider.vue * fix: add invalid configuration * fix: ux corrections * fix: ux corrections * fix: error handling fix: clear single query cache on hook delete * fix: include button type in api * fix: update overlay styles fix: webhook update * fix: formula placeholder * fix: playwright tests * fix: playwright tests * feat: refactor formula input * fix: added more spacing * fix: no icon text * fix: lint * fix: handle invalid url * fix: handle sort by for button causes issue when button used as lookup * fix: button field position * docs: button field * fix: tooltip correction * fix: link * fix: add btn href * fix: handle some edge cases * fix: handle some edge cases * fix: update font color * fix: add manual trigger docs * fix: sqlite BaseModel fix * docs: button share view info * fix: rebase * fix: reduce height and added resize support fix: added tooltip if label overflow * fix: manual hook disable state * docs: manual trigger details in webhook page * fix: chevron grey shade to 500 * docs: sample payload for manual trigger * fix: style update * fix: pr review comments * fix: pr review changes * fix: reactivity issue * fix: reactivity issue * fix: filter enabled on button * fix: reload meta on webhook change * fix: error handling in formula filter * fix: handle url error --------- Co-authored-by: Raju Udava <86527202+dstala@users.noreply.github.com>
4 months ago
hookTrigger: true,
},
},
[ProjectRoles.COMMENTER]: {
include: {
commentDelete: true,
commentResolve: true,
commentEdit: true,
},
},
[ProjectRoles.VIEWER]: {
include: {
baseSettings: true,
expandedForm: true,
apiDocs: true,
commentList: true,
commentCount: true,
auditListRow: true,
newUser: true,
},
},
[ProjectRoles.NO_ACCESS]: {
include: {},
},
} as Record<OrgUserRoles | ProjectRoles, Perm | '*'>
// excluded/restricted permissions at source level based on source restriction
// `true` means permission is restricted and `false`/missing means permission is allowed
export const sourceRestrictions = {
[SourceRestriction.DATA_READONLY]: {
dataInsert: true,
dataEdit: true,
dataDelete: true,
airtableImport: true,
csvImport: true,
jsonImport: true,
excelImport: true,
duplicateColumn: true,
duplicateModel: true,
tableDuplicate: true,
},
[SourceRestriction.SCHEMA_READONLY]: {
tableCreate: true,
tableRename: true,
tableDelete: true,
tableDuplicate: true,
airtableImport: true,
csvImport: true,
jsonImport: true,
excelImport: true,
duplicateColumn: true,
duplicateModel: true,
},
}
/*
We inherit include permissions from previous roles in the same scope (role order)
To determine role order, we use `roleScopes` object
So for example ProjectRoles.COMMENTER has `commentEdit` permission,
which means ProjectRoles.EDITOR, ProjectRoles.CREATOR, ProjectRoles.OWNER will also have `commentEdit` permission
where as ProjectRoles.VIEWER, ProjectRoles.NO_ACCESS will not have `commentEdit` permission.
This is why we are validating that there are no duplicate permissions within the same scope
even though it is not required for the code to work. It is to keep the code clean and easy to understand.
*/
// validate no duplicate permissions within same scope
Object.values(roleScopes).forEach((roles) => {
const scopePermissions: Record<string, boolean> = {}
const duplicates: string[] = []
roles.forEach((role) => {
const perms = (rolePermissions[role] as Perm).include || {}
Object.keys(perms).forEach((perm) => {
if (scopePermissions[perm]) {
duplicates.push(perm)
}
scopePermissions[perm] = true
})
})
if (duplicates.length) {
throw new Error(
`Duplicate permissions found in roles ${roles.join(', ')}. Please remove duplicate permissions: ${duplicates.join(', ')}`,
)
}
})
// inherit include permissions within scope (role order)
Object.values(roleScopes).forEach((roles) => {
let roleIndex = 0
for (const role of roles) {
if (roleIndex === 0) {
roleIndex++
continue
}
if (rolePermissions[role] === '*') continue
if ((rolePermissions[role] as Perm).include && (rolePermissions[roles[roleIndex - 1]] as Perm).include) {
Object.assign((rolePermissions[role] as Perm).include!, (rolePermissions[roles[roleIndex - 1]] as Perm).include)
}
roleIndex++
}
})
export { rolePermissions }