github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

fix: acl issue

pull/7202/head
mertmit 12 months ago
parent
718f93ec59
commit
026fcff153
5 changed files with 31 additions and 41 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      packages/nc-gui/components/project/AccessSettings.vue
  2. 13
      packages/nocodb/src/controllers/base-users.controller.ts
  3. 12
      packages/nocodb/src/models/BaseUser.ts
  4. 5
      packages/nocodb/src/services/base-users/base-users.service.ts
  5. 2
      packages/nocodb/src/utils/acl.ts

30
packages/nc-gui/components/project/AccessSettings.vue
Unescape View File

@ -92,28 +92,6 @@ const updateCollaborator = async (collab: any, roles: ProjectRoles) => {
} }
} }
watchDebounced(
userSearchText,
async () => {
isSearching.value = true
totalCollaborators.value = 0
collaborators.value = []
try {
await loadCollaborators()
} catch (e: any) {
message.error(await extractSdkResponseErrorMsg(e))
} finally {
isSearching.value = false
}
},
{
debounce: 300,
maxWait: 600,
},
)
onMounted(async () => { onMounted(async () => {
isLoading.value = true isLoading.value = true
try { try {
@ -132,6 +110,10 @@ onMounted(async () => {
isLoading.value = false isLoading.value = false
} }
}) })
const filteredCollaborators = computed(() =>
collaborators.value.filter((collab) => collab.email.toLowerCase().includes(userSearchText.value.toLowerCase())),
)
</script> </script>
<template> <template>
@ -153,7 +135,7 @@ onMounted(async () => {
</div> </div>
<div <div
v-else-if="!collaborators?.length" v-else-if="!filteredCollaborators?.length"
class="nc-collaborators-list w-full h-full flex flex-col items-center justify-center mt-36" class="nc-collaborators-list w-full h-full flex flex-col items-center justify-center mt-36"
> >
<Empty description="$t('title.noMembersFound')" /> <Empty description="$t('title.noMembersFound')" />
@ -168,7 +150,7 @@ onMounted(async () => {
<div class="flex flex-col nc-scrollbar-md"> <div class="flex flex-col nc-scrollbar-md">
<div <div
v-for="(collab, i) of collaborators" v-for="(collab, i) of filteredCollaborators"
:key="i" :key="i"
class="user-row flex flex-row border-b-1 py-1 min-h-14 items-center" class="user-row flex flex-row border-b-1 py-1 min-h-14 items-center"
> >

13
packages/nocodb/src/controllers/base-users.controller.ts
Unescape View File

@ -11,7 +11,7 @@ import {
UseGuards, UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { Request } from 'express'; import { Request } from 'express';
import { ProjectUserReqType } from 'nocodb-sdk'; import { ProjectRoles, ProjectUserReqType } from 'nocodb-sdk';
import { GlobalGuard } from '~/guards/global/global.guard'; import { GlobalGuard } from '~/guards/global/global.guard';
import { BaseUsersService } from '~/services/base-users/base-users.service'; import { BaseUsersService } from '~/services/base-users/base-users.service';
import { NcError } from '~/helpers/catchError'; import { NcError } from '~/helpers/catchError';
@ -27,12 +27,19 @@ export class BaseUsersController {
'/api/v1/db/meta/projects/:baseId/users', '/api/v1/db/meta/projects/:baseId/users',
'/api/v2/meta/bases/:baseId/users', '/api/v2/meta/bases/:baseId/users',
]) ])
@Acl('userList') @Acl('baseUserList')
async userList(@Param('baseId') baseId: string, @Req() req: Request) { async userList(@Param('baseId') baseId: string, @Req() req: Request) {
const baseRoles = Object.keys(req.user?.base_roles ?? {});
const mode =
baseRoles.includes(ProjectRoles.OWNER) ||
baseRoles.includes(ProjectRoles.CREATOR)
? 'full'
: 'viewer';
return { return {
users: await this.baseUsersService.userList({ users: await this.baseUsersService.userList({
baseId, baseId,
query: req.query, mode,
}), }),
}; };
} }

12
packages/nocodb/src/models/BaseUser.ts
Unescape View File

@ -109,10 +109,10 @@ export default class BaseUser {
public static async getUsersList( public static async getUsersList(
{ {
base_id, base_id,
query, mode = 'full',
}: { }: {
base_id: string; base_id: string;
query?: string; mode?: 'full' | 'viewer';
}, },
ncMeta = Noco.ncMeta, ncMeta = Noco.ncMeta,
): Promise<(Partial<User> & BaseUser)[]> { ): Promise<(Partial<User> & BaseUser)[]> {
@ -126,17 +126,17 @@ export default class BaseUser {
`${MetaTable.USERS}.id`, `${MetaTable.USERS}.id`,
`${MetaTable.USERS}.email`, `${MetaTable.USERS}.email`,
`${MetaTable.USERS}.display_name`, `${MetaTable.USERS}.display_name`,
...(mode === 'full'
? [
`${MetaTable.USERS}.invite_token`, `${MetaTable.USERS}.invite_token`,
`${MetaTable.USERS}.roles as main_roles`, `${MetaTable.USERS}.roles as main_roles`,
`${MetaTable.USERS}.created_at as created_at`, `${MetaTable.USERS}.created_at as created_at`,
`${MetaTable.PROJECT_USERS}.base_id`, `${MetaTable.PROJECT_USERS}.base_id`,
`${MetaTable.PROJECT_USERS}.roles as roles`, `${MetaTable.PROJECT_USERS}.roles as roles`,
]
: []),
); );
if (query) {
queryBuilder.where('email', 'like', `%${query.toLowerCase?.()}%`);
}
queryBuilder.leftJoin(MetaTable.PROJECT_USERS, function () { queryBuilder.leftJoin(MetaTable.PROJECT_USERS, function () {
this.on( this.on(
`${MetaTable.PROJECT_USERS}.fk_user_id`, `${MetaTable.PROJECT_USERS}.fk_user_id`,

5
packages/nocodb/src/services/base-users/base-users.service.ts
Unescape View File

@ -27,14 +27,13 @@ import { getProjectRolePower } from '~/utils/roleHelper';
export class BaseUsersService { export class BaseUsersService {
constructor(protected appHooksService: AppHooksService) {} constructor(protected appHooksService: AppHooksService) {}
async userList(param: { baseId: string; query: any }) { async userList(param: { baseId: string; mode?: 'full' | 'viewer' }) {
const baseUsers = await BaseUser.getUsersList({ const baseUsers = await BaseUser.getUsersList({
...param.query,
base_id: param.baseId, base_id: param.baseId,
mode: param.mode,
}); });
return new PagedResponseImpl(baseUsers, { return new PagedResponseImpl(baseUsers, {
...param.query,
count: baseUsers.length, count: baseUsers.length,
}); });
} }

2
packages/nocodb/src/utils/acl.ts
Unescape View File

@ -120,6 +120,7 @@ const permissionScopes = {
'nestedDataList', 'nestedDataList',
'nestedDataLink', 'nestedDataLink',
'nestedDataUnlink', 'nestedDataUnlink',
'baseUserList',
// Base API Tokens // Base API Tokens
'baseApiTokenList', 'baseApiTokenList',
@ -184,6 +185,7 @@ const rolePermissions:
swaggerJson: true, swaggerJson: true,
nestedDataList: true, nestedDataList: true,
baseUserList: true,
}, },
}, },
[ProjectRoles.COMMENTER]: { [ProjectRoles.COMMENTER]: {

Write Preview
Loading…
Cancel
Save