feat(api): update backend api permissions

Signed-off-by: Pranav C <pranavxc@gmail.com>
2 years ago · 260945e4f8
3 changed files with 41 additions and 8 deletions
--- a/packages/nc-gui/composables/useUIPermission/rolePermissions.ts
+++ b/packages/nc-gui/composables/useUIPermission/rolePermissions.ts
@ -17,10 +17,14 @@ const rolePermissions = {

  // Project role permissions
  [ProjectRole.Creator]: {
-    exclude: ['appStore'],
+    exclude: {
+      appStore: true,
+    },
  },
  [ProjectRole.Owner]: {
-    exclude: ['appStore'],
+    exclude: {
+      appStore: true,
+    },
  },
  [ProjectRole.Editor]: {
    include: {
--- a/packages/nocodb/src/lib/meta/helpers/ncMetaAclMw.ts
+++ b/packages/nocodb/src/lib/meta/helpers/ncMetaAclMw.ts
@ -57,7 +57,11 @@ export default function (handlerFn, permissionName) {
          return (
            hasRole &&
            projectAcl[name] &&
-            (projectAcl[name] === '*' || projectAcl[name][permissionName])
+            (projectAcl[name] === '*' ||
+              (projectAcl[name].exclude &&
+                !projectAcl[name].exclude[permissionName]) ||
+              (projectAcl[name].include &&
+                projectAcl[name].include[permissionName]))
          );
        });
      if (!isAllowed) {
--- a/packages/nocodb/src/lib/utils/projectAcl.ts
+++ b/packages/nocodb/src/lib/utils/projectAcl.ts
@ -1,8 +1,24 @@
 export default {
-  owner: '*',
-  creator: '*',
+  owner: {
+    exclude: {
+      pluginList:true,
+      pluginTest:true,
+      pluginRead:true,
+      pluginUpdate:true,
+      isPluginActive:true,
+    },
+  },
+  creator: {
+    exclude: {
+      pluginList:true,
+      pluginTest:true,
+      pluginRead:true,
+      pluginUpdate:true,
+      isPluginActive:true,
+    },
+  },
  guest: {},
-  editor: {
+  editor:{ include: {
    hideAllColumns: true,
    showAllColumns: true,
    auditRowUpdate: true,
@ -137,7 +153,9 @@ export default {
    upload: true,
    uploadViaURL: true,
  },
+  },
  commenter: {
+    include: {
    formViewGet: true,
    passwordChange: true,
    // project
@ -192,7 +210,9 @@ export default {
    xcExportAsCsv: true,
    dataCount: true,
  },
+  },
  viewer: {
+    include: {
    formViewGet: true,
    passwordChange: true,
    // project
@ -243,12 +263,16 @@ export default {
    xcExportAsCsv: true,
    dataCount: true
  },
+  },
  user_new: {
-    passwordChange: true,
-    projectList: true,
+    include: {
+      passwordChange: true,
+      projectList: true,
+    }
  },
  super: '*',
  user: {
+    include : {
    upload: true,
    uploadViaURL: true,
    passwordChange: true,
@ -269,6 +293,7 @@ export default {
    xcMetaTablesExportDbToZip: true,
    auditRowUpdate: true,
  },
+  },
 };

 /**