Browse Source

feat(api): update backend api permissions

Signed-off-by: Pranav C <pranavxc@gmail.com>
pull/3796/head
Pranav C 2 years ago
parent
commit
260945e4f8
  1. 8
      packages/nc-gui/composables/useUIPermission/rolePermissions.ts
  2. 6
      packages/nocodb/src/lib/meta/helpers/ncMetaAclMw.ts
  3. 31
      packages/nocodb/src/lib/utils/projectAcl.ts

8
packages/nc-gui/composables/useUIPermission/rolePermissions.ts

@ -17,10 +17,14 @@ const rolePermissions = {
// Project role permissions // Project role permissions
[ProjectRole.Creator]: { [ProjectRole.Creator]: {
exclude: ['appStore'], exclude: {
appStore: true,
},
}, },
[ProjectRole.Owner]: { [ProjectRole.Owner]: {
exclude: ['appStore'], exclude: {
appStore: true,
},
}, },
[ProjectRole.Editor]: { [ProjectRole.Editor]: {
include: { include: {

6
packages/nocodb/src/lib/meta/helpers/ncMetaAclMw.ts

@ -57,7 +57,11 @@ export default function (handlerFn, permissionName) {
return ( return (
hasRole && hasRole &&
projectAcl[name] && projectAcl[name] &&
(projectAcl[name] === '*' || projectAcl[name][permissionName]) (projectAcl[name] === '*' ||
(projectAcl[name].exclude &&
!projectAcl[name].exclude[permissionName]) ||
(projectAcl[name].include &&
projectAcl[name].include[permissionName]))
); );
}); });
if (!isAllowed) { if (!isAllowed) {

31
packages/nocodb/src/lib/utils/projectAcl.ts

@ -1,8 +1,24 @@
export default { export default {
owner: '*', owner: {
creator: '*', exclude: {
pluginList:true,
pluginTest:true,
pluginRead:true,
pluginUpdate:true,
isPluginActive:true,
},
},
creator: {
exclude: {
pluginList:true,
pluginTest:true,
pluginRead:true,
pluginUpdate:true,
isPluginActive:true,
},
},
guest: {}, guest: {},
editor: { editor:{ include: {
hideAllColumns: true, hideAllColumns: true,
showAllColumns: true, showAllColumns: true,
auditRowUpdate: true, auditRowUpdate: true,
@ -137,7 +153,9 @@ export default {
upload: true, upload: true,
uploadViaURL: true, uploadViaURL: true,
}, },
},
commenter: { commenter: {
include: {
formViewGet: true, formViewGet: true,
passwordChange: true, passwordChange: true,
// project // project
@ -192,7 +210,9 @@ export default {
xcExportAsCsv: true, xcExportAsCsv: true,
dataCount: true, dataCount: true,
}, },
},
viewer: { viewer: {
include: {
formViewGet: true, formViewGet: true,
passwordChange: true, passwordChange: true,
// project // project
@ -243,12 +263,16 @@ export default {
xcExportAsCsv: true, xcExportAsCsv: true,
dataCount: true dataCount: true
}, },
},
user_new: { user_new: {
include: {
passwordChange: true, passwordChange: true,
projectList: true, projectList: true,
}
}, },
super: '*', super: '*',
user: { user: {
include : {
upload: true, upload: true,
uploadViaURL: true, uploadViaURL: true,
passwordChange: true, passwordChange: true,
@ -269,6 +293,7 @@ export default {
xcMetaTablesExportDbToZip: true, xcMetaTablesExportDbToZip: true,
auditRowUpdate: true, auditRowUpdate: true,
}, },
},
}; };
/** /**

Loading…
Cancel
Save