From 0d2505ebcb5f7b96b44426f0cd065ba59ad80700 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:17 +0000
Subject: [PATCH 01/28] fix: save readonly state in source meta column

---
 .../dashboard/settings/data-sources/CreateBase.vue  | 13 +++++++++++++
 .../dashboard/settings/data-sources/EditBase.vue    | 12 ++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index c559ee3b04..854ccdbaf8 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -55,6 +55,10 @@ const formState = ref<ProjectCreateForm>({
   },
   sslUse: SSLUsage.No,
   extraParameters: [],
+  meta: {
+    readOnlySchema: true,
+    readOnlyData: false,
+  },
 })
 
 const customFormState = ref<ProjectCreateForm>({
@@ -244,6 +248,7 @@ const createSource = async () => {
       config,
       inflection_column: formState.value.inflection.inflectionColumn,
       inflection_table: formState.value.inflection.inflectionTable,
+      meta: formState.value.meta,
     })
 
     $poller.subscribe(
@@ -508,6 +513,14 @@ const toggleModal = (val: boolean) => {
               >
                 <a-input v-model:value="formState.dataSource.searchPath[0]" />
               </a-form-item>
+
+              <a-form-item label="Readonly Schema">
+                <a-switch v-model:checked="formState.meta.readOnlySchema" size="small"></a-switch>
+              </a-form-item>
+              <a-form-item label="Readonly Data">
+                <a-switch v-model:checked="formState.meta.readOnlyData" size="small"></a-switch>
+              </a-form-item>
+
               <div class="flex items-right justify-end gap-2">
                 <!--                Use Connection URL -->
                 <NcButton type="ghost" size="small" class="nc-extdb-btn-import-url !rounded-md" @click.stop="importURLDlg = true">
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
index 3a12b83bcc..fafe7fa8c2 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
@@ -71,6 +71,10 @@ const customFormState = ref<ProjectCreateForm>({
   },
   sslUse: SSLUsage.No,
   extraParameters: [],
+  meta: {
+    readOnlySchema: true,
+    readOnlyData: false,
+  },
 })
 
 const validators = computed(() => {
@@ -524,6 +528,14 @@ watch(
           >
             <a-input v-model:value="formState.dataSource.searchPath[0]" />
           </a-form-item>
+
+          <a-form-item label="Readonly Schema">
+            <a-switch v-model:checked="formState.meta.readOnlySchema" size="small"></a-switch>
+          </a-form-item>
+          <a-form-item label="Readonly Data">
+            <a-switch v-model:checked="formState.meta.readOnlyData" size="small"></a-switch>
+          </a-form-item>
+
           <!--                Use Connection URL -->
           <div class="flex justify-end gap-2">
             <NcButton size="small" type="ghost" class="nc-extdb-btn-import-url !rounded-md" @click.stop="importURLDlg = true">

From 4e641f3fd2fcb51ae407a696e81d1db599751b4a Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:17 +0000
Subject: [PATCH 02/28] feat: extract source id in middleware and remove
 unnecessary optional chaining

---
 .../extract-ids/extract-ids.middleware.ts     | 49 +++++++++++++------
 1 file changed, 33 insertions(+), 16 deletions(-)

diff --git a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
index 80a50fd08b..e2a825b42b 100644
--- a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
+++ b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
@@ -85,7 +85,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.tableNotFound(params.tableId || params.modelId);
       }
 
-      req.ncBaseId = model?.base_id;
+      req.ncBaseId = model.base_id;
+      req.ncSourceId = model.source_id;
     } else if (params.viewId) {
       const view =
         (await View.get(context, params.viewId)) ||
@@ -95,7 +96,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.viewNotFound(params.viewId);
       }
 
-      req.ncBaseId = view?.base_id;
+      req.ncBaseId = view.base_id;
+      req.ncSourceId = view.source_id;
     } else if (
       params.formViewId ||
       params.gridViewId ||
@@ -122,7 +124,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         );
       }
 
-      req.ncBaseId = view?.base_id;
+      req.ncBaseId = view.base_id;
+      req.ncSourceId = view.source_id;
     } else if (params.publicDataUuid) {
       const view = await View.getByUUID(context, req.params.publicDataUuid);
 
@@ -130,7 +133,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.viewNotFound(params.publicDataUuid);
       }
 
-      req.ncBaseId = view?.base_id;
+      req.ncBaseId = view.base_id;
+      req.ncSourceId = view.source_id;
     } else if (params.sharedViewUuid) {
       const view = await View.getByUUID(context, req.params.sharedViewUuid);
 
@@ -138,7 +142,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.viewNotFound(req.params.sharedViewUuid);
       }
 
-      req.ncBaseId = view?.base_id;
+      req.ncBaseId = view.base_id;
+      req.ncSourceId = view.source_id;
     } else if (params.sharedBaseUuid) {
       const base = await Base.getByUuid(context, req.params.sharedBaseUuid);
 
@@ -154,7 +159,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.genericNotFound('Webhook', params.hookId);
       }
 
-      req.ncBaseId = hook?.base_id;
+      req.ncBaseId = hook.base_id;
+      req.ncSourceId = hook.source_id;
     } else if (params.gridViewColumnId) {
       const gridViewColumn = await GridViewColumn.get(
         context,
@@ -165,7 +171,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.fieldNotFound(params.gridViewColumnId);
       }
 
-      req.ncBaseId = gridViewColumn?.base_id;
+      req.ncBaseId = gridViewColumn.base_id;
+      req.ncSourceId = gridViewColumn.source_id;
     } else if (params.formViewColumnId) {
       const formViewColumn = await FormViewColumn.get(
         context,
@@ -176,7 +183,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.fieldNotFound(params.formViewColumnId);
       }
 
-      req.ncBaseId = formViewColumn?.base_id;
+      req.ncBaseId = formViewColumn.base_id;
+      req.ncSourceId = formViewColumn.source_id;
     } else if (params.galleryViewColumnId) {
       const galleryViewColumn = await GalleryViewColumn.get(
         context,
@@ -187,7 +195,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.fieldNotFound(params.galleryViewColumnId);
       }
 
-      req.ncBaseId = galleryViewColumn?.base_id;
+      req.ncBaseId = galleryViewColumn.base_id;
+      req.ncSourceId = galleryViewColumn.source_id;
     } else if (params.columnId) {
       const column = await Column.get(context, { colId: params.columnId });
 
@@ -195,7 +204,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.fieldNotFound(params.columnId);
       }
 
-      req.ncBaseId = column?.base_id;
+      req.ncBaseId = column.base_id;
+      req.ncSourceId = column.source_id;
     } else if (params.filterId) {
       const filter = await Filter.get(context, params.filterId);
 
@@ -203,7 +213,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.genericNotFound('Filter', params.filterId);
       }
 
-      req.ncBaseId = filter?.base_id;
+      req.ncBaseId = filter.base_id;
+      req.ncSourceId = filter.source_id;
     } else if (params.filterParentId) {
       const filter = await Filter.get(context, params.filterParentId);
 
@@ -211,7 +222,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.genericNotFound('Filter', params.filterParentId);
       }
 
-      req.ncBaseId = filter?.base_id;
+      req.ncBaseId = filter.base_id;
+      req.ncSourceId = filter.source_id;
     } else if (params.sortId) {
       const sort = await Sort.get(context, params.sortId);
 
@@ -219,7 +231,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.genericNotFound('Sort', params.sortId);
       }
 
-      req.ncBaseId = sort?.base_id;
+      req.ncBaseId = sort.base_id;
+      req.ncSourceId = sort.source_id;
     } else if (params.syncId) {
       const syncSource = await SyncSource.get(context, req.params.syncId);
 
@@ -228,6 +241,7 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
       }
 
       req.ncBaseId = syncSource.base_id;
+      req.ncSourceId = syncSource.source_id;
     } else if (params.extensionId) {
       const extension = await Extension.get(context, req.params.extensionId);
 
@@ -258,7 +272,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.tableNotFound(req.body.fk_model_id);
       }
 
-      req.ncBaseId = model?.base_id;
+      req.ncBaseId = model.base_id;
+      req.ncSourceId = model.source_id;
     }
     // extract fk_model_id from query params only if it's audit get endpoint
     else if (
@@ -281,7 +296,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.tableNotFound(req.query?.fk_model_id);
       }
 
-      req.ncBaseId = model?.base_id;
+      req.ncBaseId = model.base_id;
+      req.ncSourceId = model.source_id;
     } else if (
       [
         '/api/v1/db/meta/comment/:commentId',
@@ -296,7 +312,8 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         NcError.genericNotFound('Comment', params.commentId);
       }
 
-      req.ncBaseId = comment?.base_id;
+      req.ncBaseId = comment.base_id;
+      req.ncSourceId = comment.source_id;
     }
     // extract base id from query params only if it's userMe endpoint or webhook plugin list
     else if (

From 5d8b1fc55ab639a8effd84907b360afdfbf33473 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:17 +0000
Subject: [PATCH 03/28] feat: restrict data/meta operations in gui

---
 .../nc-gui/components/cell/MultiSelect.vue    |  3 +-
 .../nc-gui/components/cell/SingleSelect.vue   |  3 +-
 .../components/cell/attachment/Modal.vue      |  3 +-
 .../components/cell/attachment/index.vue      |  3 +-
 .../dashboard/Sidebar/TopSection.vue          |  4 +-
 .../dashboard/TreeView/AddNewTableNode.vue    |  3 +-
 .../dashboard/TreeView/BaseOptions.vue        |  6 +--
 .../dashboard/TreeView/ProjectNode.vue        |  2 +-
 .../dashboard/TreeView/TableNode.vue          | 19 ++++++---
 .../settings/data-sources/CreateBase.vue      |  9 +++--
 .../settings/data-sources/EditBase.vue        |  8 ++--
 .../nc-gui/components/project/AllTables.vue   |  4 +-
 .../nc-gui/components/smartsheet/Details.vue  |  3 +-
 .../nc-gui/components/smartsheet/Form.vue     |  3 +-
 .../nc-gui/components/smartsheet/Gallery.vue  |  3 +-
 .../nc-gui/components/smartsheet/Kanban.vue   |  3 +-
 .../smartsheet/calendar/DayView/DateField.vue |  3 +-
 .../calendar/DayView/DateTimeField.vue        |  3 +-
 .../smartsheet/calendar/MonthView.vue         |  3 +-
 .../smartsheet/calendar/SideMenu.vue          |  3 +-
 .../calendar/WeekView/DateField.vue           |  3 +-
 .../calendar/WeekView/DateTimeField.vue       |  2 +-
 .../smartsheet/expanded-form/Comments.vue     |  3 +-
 .../smartsheet/expanded-form/index.vue        |  3 +-
 .../components/smartsheet/grid/Table.vue      |  2 +-
 .../components/smartsheet/header/Cell.vue     |  3 +-
 .../smartsheet/header/VirtualCell.vue         |  3 +-
 .../smartsheet/sidebar/RenameableMenuItem.vue |  3 +-
 .../toolbar/KanbanStackEditOrAdd.vue          |  4 +-
 .../smartsheet/toolbar/MoreActions.vue        |  3 +-
 .../smartsheet/toolbar/ShareView.vue          |  3 +-
 .../smartsheet/toolbar/ViewActionMenu.vue     |  3 +-
 .../smartsheet/toolbar/ViewActions.vue        |  3 +-
 .../smartsheet/topbar/SelectMode.vue          |  4 +-
 .../nc-gui/components/tabs/Smartsheet.vue     | 14 ++++++-
 .../components/virtual-cell/BelongsTo.vue     |  3 +-
 .../components/virtual-cell/HasMany.vue       |  3 +-
 .../nc-gui/components/virtual-cell/Links.vue  |  3 +-
 .../components/virtual-cell/ManyToMany.vue    |  3 +-
 .../components/virtual-cell/OneToOne.vue      |  3 +-
 .../virtual-cell/components/ItemChip.vue      |  3 +-
 .../composables/useCalendarViewStore.ts       |  3 +-
 .../composables/useExpandedFormStore.ts       |  3 +-
 .../nc-gui/composables/useKanbanViewStore.ts  |  3 +-
 .../nc-gui/composables/useMapViewDataStore.ts |  3 +-
 packages/nc-gui/composables/useRoles/index.ts | 39 ++++++++++++++++++-
 packages/nc-gui/composables/useViewColumns.ts |  3 +-
 packages/nc-gui/composables/useViewData.ts    |  3 +-
 packages/nc-gui/composables/useViewFilters.ts |  3 +-
 packages/nc-gui/composables/useViewGroupBy.ts |  3 +-
 packages/nc-gui/composables/useViewSorts.ts   |  2 +-
 packages/nc-gui/context/index.ts              |  9 ++++-
 packages/nocodb-sdk/src/lib/enums.ts          |  8 ++++
 .../src/services/public-datas.service.ts      |  7 +++-
 packages/nocodb/src/utils/acl.ts              | 16 ++++++++
 55 files changed, 202 insertions(+), 68 deletions(-)

diff --git a/packages/nc-gui/components/cell/MultiSelect.vue b/packages/nc-gui/components/cell/MultiSelect.vue
index 3a625e8c24..fee5afe43a 100644
--- a/packages/nc-gui/components/cell/MultiSelect.vue
+++ b/packages/nc-gui/components/cell/MultiSelect.vue
@@ -5,6 +5,7 @@ import type { Select as AntSelect } from 'ant-design-vue'
 import type { SelectOptionType, SelectOptionsType } from 'nocodb-sdk'
 import type { FormFieldsLimitOptionsType } from '~/lib/types'
 import MdiCloseCircle from '~icons/mdi/close-circle'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 interface Props {
   modelValue?: string | string[]
@@ -57,7 +58,7 @@ const { $api } = useNuxtApp()
 
 const { getMeta } = useMetas()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { isPg, isMysql } = useBase()
 
diff --git a/packages/nc-gui/components/cell/SingleSelect.vue b/packages/nc-gui/components/cell/SingleSelect.vue
index 5852a9dcbf..e61ac988dd 100644
--- a/packages/nc-gui/components/cell/SingleSelect.vue
+++ b/packages/nc-gui/components/cell/SingleSelect.vue
@@ -4,6 +4,7 @@ import { message } from 'ant-design-vue'
 import tinycolor from 'tinycolor2'
 import type { SelectOptionType } from 'nocodb-sdk'
 import type { FormFieldsLimitOptionsType } from '~/lib/types'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 interface Props {
   modelValue?: string | undefined
@@ -49,7 +50,7 @@ const searchVal = ref()
 
 const { getMeta } = useMetas()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { isPg, isMysql } = useBase()
 
diff --git a/packages/nc-gui/components/cell/attachment/Modal.vue b/packages/nc-gui/components/cell/attachment/Modal.vue
index 4af4ec4526..82944f27ae 100644
--- a/packages/nc-gui/components/cell/attachment/Modal.vue
+++ b/packages/nc-gui/components/cell/attachment/Modal.vue
@@ -2,8 +2,9 @@
 import { onKeyDown, useEventListener } from '@vueuse/core'
 import { useAttachmentCell } from './utils'
 import { useSortable } from './sort'
+import {useRolesWrapper} from "~/composables/useRoles";
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const {
   open,
diff --git a/packages/nc-gui/components/cell/attachment/index.vue b/packages/nc-gui/components/cell/attachment/index.vue
index a95f1c4da8..8335952e9a 100644
--- a/packages/nc-gui/components/cell/attachment/index.vue
+++ b/packages/nc-gui/components/cell/attachment/index.vue
@@ -2,6 +2,7 @@
 import { onKeyDown } from '@vueuse/core'
 import { useProvideAttachmentCell } from './utils'
 import { useSortable } from './sort'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 interface Props {
   modelValue?: string | Record<string, any>[] | null
@@ -175,7 +176,7 @@ const keydownSpace = (e: KeyboardEvent) => {
   }
 }
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 const isConfirmModalOpen = ref(false)
 const filetoDelete = reactive({
   title: '',
diff --git a/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue b/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue
index 28f94f6a0c..57fe869023 100644
--- a/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue
+++ b/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue
@@ -1,8 +1,10 @@
 <script setup lang="ts">
+import {useRolesWrapper} from "~/composables/useRoles";
+
 const workspaceStore = useWorkspace()
 const baseStore = useBase()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { appInfo } = useGlobal()
 
diff --git a/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue b/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
index 7bdb041814..38c06f0e55 100644
--- a/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
@@ -4,6 +4,7 @@ import { storeToRefs } from 'pinia'
 import { toRef } from '@vue/reactivity'
 import { resolveComponent } from '@vue/runtime-core'
 import { ref } from 'vue'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const props = withDefaults(
   defineProps<{
@@ -19,7 +20,7 @@ const emit = defineEmits<{
   openTableCreateDialog: () => void
 }>()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const base = toRef(props, 'base')
 
diff --git a/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue b/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue
index b1ba78dfb3..75aeff3fde 100644
--- a/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue
@@ -68,7 +68,7 @@ function openQuickImportDialog(type: string) {
     <template #expandIcon></template>
 
     <NcMenuItem
-      v-if="isUIAllowed('airtableImport', { roles: baseRole })"
+      v-if="isUIAllowed('airtableImport', { roles: baseRole, source })"
       key="quick-import-airtable"
       @click="openAirtableImportDialog(source.base_id, source.id)"
     >
@@ -86,7 +86,7 @@ function openQuickImportDialog(type: string) {
     </NcMenuItem>
 
     <NcMenuItem
-      v-if="isUIAllowed('jsonImport', { roles: baseRole })"
+      v-if="isUIAllowed('jsonImport', { roles: baseRole, source })"
       key="quick-import-json"
       @click="openQuickImportDialog('json')"
     >
@@ -97,7 +97,7 @@ function openQuickImportDialog(type: string) {
     </NcMenuItem>
 
     <NcMenuItem
-      v-if="isUIAllowed('excelImport', { roles: baseRole })"
+      v-if="isUIAllowed('excelImport', { roles: baseRole, source })"
       key="quick-import-excel"
       @click="openQuickImportDialog('excel')"
     >
diff --git a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
index 0d5476079d..8893e2da0d 100644
--- a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
@@ -823,7 +823,7 @@ const onTableIdCopy = async () => {
                             </NcDropdown>
 
                             <NcButton
-                              v-if="isUIAllowed('tableCreate', { roles: baseRole })"
+                              v-if="isUIAllowed('tableCreate', { roles: baseRole, source })"
                               v-e="['c:source:add-table']"
                               type="text"
                               size="xxsmall"
diff --git a/packages/nc-gui/components/dashboard/TreeView/TableNode.vue b/packages/nc-gui/components/dashboard/TreeView/TableNode.vue
index ef3e11ea30..8f0cb52f27 100644
--- a/packages/nc-gui/components/dashboard/TreeView/TableNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/TableNode.vue
@@ -213,6 +213,10 @@ const refreshViews = async () => {
   await nextTick()
   isExpanded.value = true
 }
+
+const source = computed(() => {
+  return base.value?.sources?.[sourceIndex.value]
+})
 </script>
 
 <template>
@@ -331,15 +335,16 @@ const refreshViews = async () => {
               <template
                 v-if="
                   !isSharedBase &&
-                  (isUIAllowed('tableRename', { roles: baseRole }) || isUIAllowed('tableDelete', { roles: baseRole }))
+                  (isUIAllowed('tableRename', { roles: baseRole, source }) ||
+                    isUIAllowed('tableDelete', { roles: baseRole, source }))
                 "
               >
                 <NcDivider />
                 <NcMenuItem
-                  v-if="isUIAllowed('tableRename', { roles: baseRole })"
+                  v-if="isUIAllowed('tableRename', { roles: baseRole, source })"
                   :data-testid="`sidebar-table-rename-${table.title}`"
                   class="nc-table-rename"
-                  @click="openRenameTableDialog(table, base.sources[sourceIndex].id)"
+                  @click="openRenameTableDialog(table, source.id)"
                 >
                   <div v-e="['c:table:rename']" class="flex gap-2 items-center">
                     <GeneralIcon icon="rename" class="text-gray-700" />
@@ -349,9 +354,11 @@ const refreshViews = async () => {
 
                 <NcMenuItem
                   v-if="
-                    isUIAllowed('tableDuplicate') &&
+                    isUIAllowed('tableDuplicate', {
+                      source,
+                    }) &&
                     base.sources?.[sourceIndex] &&
-                    (base.sources[sourceIndex].is_meta || base.sources[sourceIndex].is_local)
+                    (source.is_meta || source.is_local)
                   "
                   :data-testid="`sidebar-table-duplicate-${table.title}`"
                   @click="duplicateTable(table)"
@@ -364,7 +371,7 @@ const refreshViews = async () => {
 
                 <NcDivider />
                 <NcMenuItem
-                  v-if="isUIAllowed('tableDelete', { roles: baseRole })"
+                  v-if="isUIAllowed('tableDelete', { roles: baseRole, source })"
                   :data-testid="`sidebar-table-delete-${table.title}`"
                   class="!text-red-500 !hover:bg-red-50 nc-table-delete"
                   @click="deleteTable"
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index 854ccdbaf8..45c88308d8 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -10,6 +10,7 @@ import {
   SSLUsage,
   clientTypes as _clientTypes,
 } from '#imports'
+import {SourceRestriction} from "nocodb-sdk";
 
 const props = defineProps<{ open: boolean; connectionType?: ClientType }>()
 
@@ -56,8 +57,8 @@ const formState = ref<ProjectCreateForm>({
   sslUse: SSLUsage.No,
   extraParameters: [],
   meta: {
-    readOnlySchema: true,
-    readOnlyData: false,
+    [SourceRestriction.META_READONLY]: true,
+    [SourceRestriction.DATA_READONLY]: false,
   },
 })
 
@@ -515,10 +516,10 @@ const toggleModal = (val: boolean) => {
               </a-form-item>
 
               <a-form-item label="Readonly Schema">
-                <a-switch v-model:checked="formState.meta.readOnlySchema" size="small"></a-switch>
+                <a-switch v-model:checked="formState.meta[SourceRestriction.META_READONLY]" size="small"></a-switch>
               </a-form-item>
               <a-form-item label="Readonly Data">
-                <a-switch v-model:checked="formState.meta.readOnlyData" size="small"></a-switch>
+                <a-switch v-model:checked="formState.meta[SourceRestriction.DATA_READONLY]" size="small"></a-switch>
               </a-form-item>
 
               <div class="flex items-right justify-end gap-2">
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
index fafe7fa8c2..6eb32c12b4 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
@@ -72,8 +72,8 @@ const customFormState = ref<ProjectCreateForm>({
   sslUse: SSLUsage.No,
   extraParameters: [],
   meta: {
-    readOnlySchema: true,
-    readOnlyData: false,
+    [SourceRestriction.META_READONLY]: true,
+    [SourceRestriction.DATA_READONLY]: false,
   },
 })
 
@@ -530,10 +530,10 @@ watch(
           </a-form-item>
 
           <a-form-item label="Readonly Schema">
-            <a-switch v-model:checked="formState.meta.readOnlySchema" size="small"></a-switch>
+            <a-switch v-model:checked="formState.meta[SourceRestriction.META_READONLY]" size="small"></a-switch>
           </a-form-item>
           <a-form-item label="Readonly Data">
-            <a-switch v-model:checked="formState.meta.readOnlyData" size="small"></a-switch>
+            <a-switch v-model:checked="formState.meta[SourceRestriction.DATA_READONLY]" size="small"></a-switch>
           </a-form-item>
 
           <!--                Use Connection URL -->
diff --git a/packages/nc-gui/components/project/AllTables.vue b/packages/nc-gui/components/project/AllTables.vue
index 41fdaeeca3..32e52c5526 100644
--- a/packages/nc-gui/components/project/AllTables.vue
+++ b/packages/nc-gui/components/project/AllTables.vue
@@ -76,7 +76,7 @@ function openTableCreateDialog(baseIndex?: number | undefined) {
       }"
     >
       <div
-        v-if="isUIAllowed('tableCreate')"
+        v-if="isUIAllowed('tableCreate', {source: openedProject?.sources?.[0]})"
         role="button"
         class="nc-base-view-all-table-btn"
         data-testid="proj-view-btn__add-new-table"
@@ -86,7 +86,7 @@ function openTableCreateDialog(baseIndex?: number | undefined) {
         <div class="label">{{ $t('general.new') }} {{ $t('objects.table') }}</div>
       </div>
       <div
-        v-if="isUIAllowed('tableCreate')"
+        v-if="isUIAllowed('tableCreate', {source: openedProject?.sources?.[0]})"
         v-e="['c:table:import']"
         role="button"
         class="nc-base-view-all-table-btn"
diff --git a/packages/nc-gui/components/smartsheet/Details.vue b/packages/nc-gui/components/smartsheet/Details.vue
index c9ac4c421d..734e1ccf22 100644
--- a/packages/nc-gui/components/smartsheet/Details.vue
+++ b/packages/nc-gui/components/smartsheet/Details.vue
@@ -1,5 +1,6 @@
 <script setup lang="ts">
 import { LoadingOutlined } from '@ant-design/icons-vue'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const { openedViewsTab } = storeToRefs(useViewsStore())
 const { onViewsTabChange } = useViewsStore()
@@ -8,7 +9,7 @@ const { isLeftSidebarOpen } = storeToRefs(useSidebarStore())
 
 const { $e } = useNuxtApp()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { base } = storeToRefs(useBase())
 const meta = inject(MetaInj, ref())
diff --git a/packages/nc-gui/components/smartsheet/Form.vue b/packages/nc-gui/components/smartsheet/Form.vue
index 16c00d6191..f3dc43a342 100644
--- a/packages/nc-gui/components/smartsheet/Form.vue
+++ b/packages/nc-gui/components/smartsheet/Form.vue
@@ -15,6 +15,7 @@ import {
   isVirtualCol,
 } from 'nocodb-sdk'
 import type { ImageCropperConfig } from '~/lib/types'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 provide(IsFormInj, ref(true))
 provide(IsGalleryInj, ref(false))
@@ -52,7 +53,7 @@ const { isMobileMode, user } = useGlobal()
 
 const { $api, $e } = useNuxtApp()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { base } = storeToRefs(useBase())
 
diff --git a/packages/nc-gui/components/smartsheet/Gallery.vue b/packages/nc-gui/components/smartsheet/Gallery.vue
index 53260cc72e..78533301e0 100644
--- a/packages/nc-gui/components/smartsheet/Gallery.vue
+++ b/packages/nc-gui/components/smartsheet/Gallery.vue
@@ -1,6 +1,7 @@
 <script lang="ts" setup>
 import { ViewTypes, isVirtualCol } from 'nocodb-sdk'
 import type { Row as RowType } from '#imports'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 interface Attachment {
   url: string
@@ -64,7 +65,7 @@ const coverImageObjectFitClass = computed(() => {
   if (fk_cover_image_object_fit === CoverImageObjectFit.COVER) return '!object-cover'
 })
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 const hasEditPermission = computed(() => isUIAllowed('dataEdit'))
 // TODO: extract this code (which is duplicated in grid and gallery) into a separate component
 const _contextMenu = ref(false)
diff --git a/packages/nc-gui/components/smartsheet/Kanban.vue b/packages/nc-gui/components/smartsheet/Kanban.vue
index d9205cc5f9..273b6d2407 100644
--- a/packages/nc-gui/components/smartsheet/Kanban.vue
+++ b/packages/nc-gui/components/smartsheet/Kanban.vue
@@ -4,6 +4,7 @@ import Draggable from 'vuedraggable'
 import tinycolor from 'tinycolor2'
 import { ViewTypes, isVirtualCol } from 'nocodb-sdk'
 import type { Row as RowType } from '#imports'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 interface Attachment {
   url: string
@@ -73,7 +74,7 @@ const {
 
 const { isViewDataLoading } = storeToRefs(useViewsStore())
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { appInfo, isMobileMode } = useGlobal()
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue b/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue
index b49663127c..a562206a72 100644
--- a/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue
@@ -1,6 +1,7 @@
 <script lang="ts" setup>
 import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const emit = defineEmits(['expandRecord', 'newRecord'])
 
@@ -8,7 +9,7 @@ const meta = inject(MetaInj, ref())
 
 const container = ref()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { selectedDate, formattedData, formattedSideBarData, calendarRange, updateRowProperty } = useCalendarViewStoreOrThrow()
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue b/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
index 5701131615..004a80a1e3 100644
--- a/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
@@ -1,6 +1,7 @@
 <script lang="ts" setup>
 import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const emit = defineEmits(['expandRecord', 'newRecord'])
 
@@ -20,7 +21,7 @@ const { $e } = useNuxtApp()
 
 const container = ref<null | HTMLElement>(null)
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const meta = inject(MetaInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/MonthView.vue b/packages/nc-gui/components/smartsheet/calendar/MonthView.vue
index d6a2388cac..104f47029c 100644
--- a/packages/nc-gui/components/smartsheet/calendar/MonthView.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/MonthView.vue
@@ -2,6 +2,7 @@
 import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
 import { UITypes } from 'nocodb-sdk'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const emit = defineEmits(['newRecord', 'expandRecord'])
 
@@ -23,7 +24,7 @@ const { $e } = useNuxtApp()
 
 const isMondayFirst = ref(true)
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const meta = inject(MetaInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue b/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue
index cdaa03a3ba..5c7f33c9ed 100644
--- a/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue
@@ -2,6 +2,7 @@
 import type { VNodeRef } from '@vue/runtime-core'
 import { UITypes } from 'nocodb-sdk'
 import dayjs from 'dayjs'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const props = defineProps<{
   visible: boolean
@@ -15,7 +16,7 @@ interface Attachment {
 
 const INFINITY_SCROLL_THRESHOLD = 100
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { $e } = useNuxtApp()
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue b/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue
index 8071b26605..3c41660603 100644
--- a/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue
@@ -2,6 +2,7 @@
 import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
 import type { Row } from '~/lib/types'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const emits = defineEmits(['expandRecord', 'newRecord'])
 
@@ -24,7 +25,7 @@ const container = ref<null | HTMLElement>(null)
 
 const { width: containerWidth } = useElementSize(container)
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const meta = inject(MetaInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/WeekView/DateTimeField.vue b/packages/nc-gui/components/smartsheet/calendar/WeekView/DateTimeField.vue
index 248156e071..b5c03c22ca 100644
--- a/packages/nc-gui/components/smartsheet/calendar/WeekView/DateTimeField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/WeekView/DateTimeField.vue
@@ -28,7 +28,7 @@ const { width: containerWidth } = useElementSize(container)
 
 const isPublic = inject(IsPublicInj, ref(false))
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const meta = inject(MetaInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue b/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue
index aca4c7b6f2..dc03bd801a 100644
--- a/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue
+++ b/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue
@@ -1,5 +1,6 @@
 <script setup lang="ts">
 import { type CommentType, ProjectRoles } from 'nocodb-sdk'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const props = defineProps<{
   loading: boolean
@@ -45,7 +46,7 @@ const isExpandedFormLoading = computed(() => props.loading)
 
 const tab = ref<'comments' | 'audits'>('comments')
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const router = useRouter()
 
diff --git a/packages/nc-gui/components/smartsheet/expanded-form/index.vue b/packages/nc-gui/components/smartsheet/expanded-form/index.vue
index fde52241f8..211aacde82 100644
--- a/packages/nc-gui/components/smartsheet/expanded-form/index.vue
+++ b/packages/nc-gui/components/smartsheet/expanded-form/index.vue
@@ -12,6 +12,7 @@ import type { Ref } from 'vue'
 import { Drawer } from 'ant-design-vue'
 import NcModal from '../../nc/Modal.vue'
 import MdiChevronDown from '~icons/mdi/chevron-down'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 interface Props {
   modelValue?: boolean
@@ -73,7 +74,7 @@ const isUnsavedDuplicatedRecordExist = ref(false)
 
 const isRecordLinkCopied = ref(false)
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const readOnly = computed(() => !isUIAllowed('dataEdit') || isPublic.value)
 
diff --git a/packages/nc-gui/components/smartsheet/grid/Table.vue b/packages/nc-gui/components/smartsheet/grid/Table.vue
index 6f28a12c13..9c995a4f79 100644
--- a/packages/nc-gui/components/smartsheet/grid/Table.vue
+++ b/packages/nc-gui/components/smartsheet/grid/Table.vue
@@ -166,7 +166,7 @@ const isViewColumnsLoading = computed(() => _isViewColumnsLoading.value || !meta
 const resizingColumn = ref(false)
 
 // #Permissions
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 const hasEditPermission = computed(() => isUIAllowed('dataEdit'))
 const isAddingColumnAllowed = computed(() => !readOnly.value && !isLocked.value && isUIAllowed('fieldAdd') && !isSqlView.value)
 
diff --git a/packages/nc-gui/components/smartsheet/header/Cell.vue b/packages/nc-gui/components/smartsheet/header/Cell.vue
index cfffcd3e81..1786fcea48 100644
--- a/packages/nc-gui/components/smartsheet/header/Cell.vue
+++ b/packages/nc-gui/components/smartsheet/header/Cell.vue
@@ -1,6 +1,7 @@
 <script setup lang="ts">
 import type { ColumnReqType, ColumnType } from 'nocodb-sdk'
 import { UITypes, UITypesName } from 'nocodb-sdk'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 interface Props {
   column: ColumnType
@@ -32,7 +33,7 @@ const isDropDownOpen = ref(false)
 
 const column = toRef(props, 'column')
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 provide(ColumnInj, column)
 
diff --git a/packages/nc-gui/components/smartsheet/header/VirtualCell.vue b/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
index d0bbd6437e..a3c58726d5 100644
--- a/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
+++ b/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
@@ -9,6 +9,7 @@ import {
   isLinksOrLTAR,
 } from 'nocodb-sdk'
 import { RelationTypes, UITypes, UITypesName, substituteColumnIdWithAliasInFormula } from 'nocodb-sdk'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const props = defineProps<{
   column: ColumnType
@@ -36,7 +37,7 @@ provide(ColumnInj, column)
 
 const { metas } = useMetas()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const meta = inject(MetaInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue b/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue
index a77836ab79..2010d56cea 100644
--- a/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue
+++ b/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue
@@ -2,6 +2,7 @@
 import type { VNodeRef } from '@vue/runtime-core'
 import type { KanbanType, ViewType, ViewTypes } from 'nocodb-sdk'
 import type { WritableComputedRef } from '@vue/reactivity'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 interface Props {
   view: ViewType
@@ -30,7 +31,7 @@ const vModel = useVModel(props, 'view', emits) as WritableComputedRef<ViewType &
 
 const { $e } = useNuxtApp()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const activeView = inject(ActiveViewInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue b/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue
index 157b5d79c0..22d75f7040 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue
@@ -1,5 +1,7 @@
 <script setup lang="ts">
-const { isUIAllowed } = useRoles()
+import {useRolesWrapper} from "~/composables/useRoles";
+
+const { isUIAllowed } = useRolesWrapper()
 
 const { groupingFieldColumn } = useKanbanViewStoreOrThrow()
 
diff --git a/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue b/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue
index 1711bb8159..5a08f2ad44 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue
@@ -3,6 +3,7 @@ import type { RequestParams } from 'nocodb-sdk'
 import { ExportTypes } from 'nocodb-sdk'
 import { saveAs } from 'file-saver'
 import * as XLSX from 'xlsx'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const { t } = useI18n()
 
@@ -32,7 +33,7 @@ const showWebhookDrawer = ref(false)
 
 const quickImportDialog = ref(false)
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const exportFile = async (exportType: ExportTypes) => {
   let offset = 0
diff --git a/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue b/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue
index 4acfd07706..44230175f2 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue
@@ -2,6 +2,7 @@
 import { ViewTypes } from 'nocodb-sdk'
 import { isString } from '@vue/shared'
 import tinycolor from 'tinycolor2'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const { t } = useI18n()
 
@@ -13,7 +14,7 @@ const { $e } = useNuxtApp()
 
 const { dashboardUrl } = useDashboard()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { isSharedBase } = storeToRefs(useBase())
 
diff --git a/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue b/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
index c26f6d8234..e8bfcfe323 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
@@ -2,6 +2,7 @@
 import type { TableType, ViewType } from 'nocodb-sdk'
 import { ViewTypes } from 'nocodb-sdk'
 import { LockType } from '#imports'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const props = withDefaults(
   defineProps<{
@@ -16,7 +17,7 @@ const props = withDefaults(
 
 const emits = defineEmits(['rename', 'closeModal', 'delete'])
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const isPublicView = inject(IsPublicInj, ref(false))
 
diff --git a/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue b/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue
index 491c025ced..9506d521da 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue
@@ -1,6 +1,7 @@
 <script lang="ts" setup>
 import type { Ref } from '@vue/reactivity'
 import { LockType } from '#imports'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const { t } = useI18n()
 
@@ -37,7 +38,7 @@ const quickImportDialogs: Record<(typeof quickImportDialogTypes)[number], Ref<bo
   {},
 ) as Record<QuickImportDialogType, Ref<boolean>>
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 useBase()
 
diff --git a/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue b/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue
index 88e8f5a7ea..4d1d80557c 100644
--- a/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue
+++ b/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue
@@ -1,7 +1,9 @@
 <script lang="ts" setup>
+import {useRolesWrapper} from "~/composables/useRoles";
+
 const { openedViewsTab, activeView } = storeToRefs(useViewsStore())
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { onViewsTabChange } = useViewsStore()
 
diff --git a/packages/nc-gui/components/tabs/Smartsheet.vue b/packages/nc-gui/components/tabs/Smartsheet.vue
index b1a61d4960..929818afa5 100644
--- a/packages/nc-gui/components/tabs/Smartsheet.vue
+++ b/packages/nc-gui/components/tabs/Smartsheet.vue
@@ -39,6 +39,12 @@ const reloadViewMetaEventHook = createEventHook<void | boolean>()
 
 const openNewRecordFormHook = createEventHook<void>()
 
+const { base } = storeToRefs(useBase())
+
+const activeSource = computed(() => {
+  return meta.value?.source_id && base.value && base.value.sources?.find((source) => source.id === meta.value?.source_id)
+})
+
 useProvideKanbanViewStore(meta, activeView)
 useProvideMapViewStore(meta, activeView)
 useProvideCalendarViewStore(meta, activeView)
@@ -52,9 +58,15 @@ provide(ReloadViewMetaHookInj, reloadViewMetaEventHook)
 provide(OpenNewRecordFormHookInj, openNewRecordFormHook)
 provide(IsFormInj, isForm)
 provide(TabMetaInj, activeTab)
+provide(ActiveSourceInj, activeSource)
 provide(
   ReadonlyInj,
-  computed(() => !isUIAllowed('dataEdit')),
+  computed(
+    () =>
+      !isUIAllowed('dataEdit', {
+        source: activeSource.value,
+      }),
+  ),
 )
 useExpandedFormDetachedProvider()
 
diff --git a/packages/nc-gui/components/virtual-cell/BelongsTo.vue b/packages/nc-gui/components/virtual-cell/BelongsTo.vue
index 2930e32ecc..b2f020ec69 100644
--- a/packages/nc-gui/components/virtual-cell/BelongsTo.vue
+++ b/packages/nc-gui/components/virtual-cell/BelongsTo.vue
@@ -1,6 +1,7 @@
 <script setup lang="ts">
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const column = inject(ColumnInj)!
 
@@ -18,7 +19,7 @@ const isForm = inject(IsFormInj, ref(false))
 
 const isUnderLookup = inject(IsUnderLookupInj, ref(false))
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const listItemsDlg = ref(false)
 
diff --git a/packages/nc-gui/components/virtual-cell/HasMany.vue b/packages/nc-gui/components/virtual-cell/HasMany.vue
index 731759575e..a2cd6c4cca 100644
--- a/packages/nc-gui/components/virtual-cell/HasMany.vue
+++ b/packages/nc-gui/components/virtual-cell/HasMany.vue
@@ -2,6 +2,7 @@
 import type { ColumnType } from 'nocodb-sdk'
 import { isSystemColumn } from 'nocodb-sdk'
 import type { Ref } from 'vue'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const column = inject(ColumnInj)!
 
@@ -25,7 +26,7 @@ const isOpen = ref(false)
 
 const hideBackBtn = ref(false)
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { state, isNew, removeLTARRef } = useSmartsheetRowStoreOrThrow()
 
diff --git a/packages/nc-gui/components/virtual-cell/Links.vue b/packages/nc-gui/components/virtual-cell/Links.vue
index a37989055c..b3fb6acc7f 100644
--- a/packages/nc-gui/components/virtual-cell/Links.vue
+++ b/packages/nc-gui/components/virtual-cell/Links.vue
@@ -3,6 +3,7 @@ import { computed } from '@vue/reactivity'
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 import { ref } from 'vue'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const value = inject(CellValueInj, ref(0))
 
@@ -28,7 +29,7 @@ const isOpen = ref(false)
 
 const hideBackBtn = ref(false)
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { t } = useI18n()
 
diff --git a/packages/nc-gui/components/virtual-cell/ManyToMany.vue b/packages/nc-gui/components/virtual-cell/ManyToMany.vue
index 32ee6e3a1b..2507c26bce 100644
--- a/packages/nc-gui/components/virtual-cell/ManyToMany.vue
+++ b/packages/nc-gui/components/virtual-cell/ManyToMany.vue
@@ -1,6 +1,7 @@
 <script setup lang="ts">
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const column = inject(ColumnInj)!
 
@@ -24,7 +25,7 @@ const isOpen = ref(false)
 
 const hideBackBtn = ref(false)
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const { state, isNew, removeLTARRef } = useSmartsheetRowStoreOrThrow()
 
diff --git a/packages/nc-gui/components/virtual-cell/OneToOne.vue b/packages/nc-gui/components/virtual-cell/OneToOne.vue
index 03bd03013d..bdc4d220a6 100644
--- a/packages/nc-gui/components/virtual-cell/OneToOne.vue
+++ b/packages/nc-gui/components/virtual-cell/OneToOne.vue
@@ -1,6 +1,7 @@
 <script setup lang="ts">
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const column = inject(ColumnInj)!
 
@@ -18,7 +19,7 @@ const isForm = inject(IsFormInj, ref(false))
 
 const isUnderLookup = inject(IsUnderLookupInj, ref(false))
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const listItemsDlg = ref(false)
 
diff --git a/packages/nc-gui/components/virtual-cell/components/ItemChip.vue b/packages/nc-gui/components/virtual-cell/components/ItemChip.vue
index 1a2926e38c..65938e478e 100644
--- a/packages/nc-gui/components/virtual-cell/components/ItemChip.vue
+++ b/packages/nc-gui/components/virtual-cell/components/ItemChip.vue
@@ -1,6 +1,7 @@
 <script lang="ts" setup>
 import type { ColumnType } from 'nocodb-sdk'
 import { UITypes, isVirtualCol } from 'nocodb-sdk'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 interface Props {
   value: string | number | boolean
@@ -17,7 +18,7 @@ const emit = defineEmits(['unlink'])
 
 const { relatedTableMeta } = useLTARStoreOrThrow()!
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed } = useRolesWrapper()
 
 const readOnly = inject(ReadonlyInj, ref(false))
 
diff --git a/packages/nc-gui/composables/useCalendarViewStore.ts b/packages/nc-gui/composables/useCalendarViewStore.ts
index fe040d4593..bd3d6d3381 100644
--- a/packages/nc-gui/composables/useCalendarViewStore.ts
+++ b/packages/nc-gui/composables/useCalendarViewStore.ts
@@ -2,6 +2,7 @@ import type { ComputedRef, Ref } from 'vue'
 import type { Api, CalendarRangeType, CalendarType, ColumnType, PaginatedType, TableType, ViewType } from 'nocodb-sdk'
 import { UITypes } from 'nocodb-sdk'
 import dayjs from 'dayjs'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const formatData = (list: Record<string, any>[]) =>
   list.map(
@@ -33,7 +34,7 @@ const [useProvideCalendarViewStore, useCalendarViewStore] = useInjectionState(
 
     const pageDate = ref<dayjs.Dayjs>(dayjs())
 
-    const { isUIAllowed } = useRoles()
+    const { isUIAllowed } = useRolesWrapper()
 
     const { isMobileMode } = useGlobal()
 
diff --git a/packages/nc-gui/composables/useExpandedFormStore.ts b/packages/nc-gui/composables/useExpandedFormStore.ts
index d2d2b02cb5..094b4f49f9 100644
--- a/packages/nc-gui/composables/useExpandedFormStore.ts
+++ b/packages/nc-gui/composables/useExpandedFormStore.ts
@@ -2,6 +2,7 @@ import type { AuditType, ColumnType, CommentType, TableType } from 'nocodb-sdk'
 import { UITypes, ViewTypes, isVirtualCol } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 import dayjs from 'dayjs'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const [useProvideExpandedFormStore, useExpandedFormStore] = useInjectionState((meta: Ref<TableType>, _row: Ref<Row>) => {
   const { $e, $state, $api } = useNuxtApp()
@@ -61,7 +62,7 @@ const [useProvideExpandedFormStore, useExpandedFormStore] = useInjectionState((m
 
   const reloadTrigger = inject(ReloadRowDataHookInj, createEventHook())
 
-  const { isUIAllowed } = useRoles()
+  const { isUIAllowed } = useRolesWrapper()
 
   // getters
   const displayValue = computed(() => {
diff --git a/packages/nc-gui/composables/useKanbanViewStore.ts b/packages/nc-gui/composables/useKanbanViewStore.ts
index f33165e3ac..662b31dccd 100644
--- a/packages/nc-gui/composables/useKanbanViewStore.ts
+++ b/packages/nc-gui/composables/useKanbanViewStore.ts
@@ -1,5 +1,6 @@
 import type { ComputedRef, Ref } from 'vue'
 import type { Api, ColumnType, KanbanType, SelectOptionType, SelectOptionsType, TableType, ViewType } from 'nocodb-sdk'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 type GroupingFieldColOptionsType = SelectOptionType & { collapsed: boolean }
 
@@ -27,7 +28,7 @@ const [useProvideKanbanViewStore, useKanbanViewStore] = useInjectionState(
 
     const { sharedView, fetchSharedViewData, fetchSharedViewGroupedData } = useSharedView()
 
-    const { isUIAllowed } = useRoles()
+    const { isUIAllowed } = useRolesWrapper()
 
     const isPublic = ref(shared) || inject(IsPublicInj, ref(false))
 
diff --git a/packages/nc-gui/composables/useMapViewDataStore.ts b/packages/nc-gui/composables/useMapViewDataStore.ts
index c587aec3bf..830728ebd4 100644
--- a/packages/nc-gui/composables/useMapViewDataStore.ts
+++ b/packages/nc-gui/composables/useMapViewDataStore.ts
@@ -1,5 +1,6 @@
 import type { ComputedRef, Ref } from 'vue'
 import type { ColumnType, MapType, PaginatedType, TableType, ViewType } from 'nocodb-sdk'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const formatData = (list: Record<string, any>[]) =>
   list.map(
@@ -32,7 +33,7 @@ const [useProvideMapViewStore, useMapViewStore] = useInjectionState(
 
     const { $api } = useNuxtApp()
 
-    const { isUIAllowed } = useRoles()
+    const { isUIAllowed } = useRolesWrapper()
 
     const isPublic = ref(shared) || inject(IsPublicInj, ref(false))
 
diff --git a/packages/nc-gui/composables/useRoles/index.ts b/packages/nc-gui/composables/useRoles/index.ts
index 767866eac0..100ccd235a 100644
--- a/packages/nc-gui/composables/useRoles/index.ts
+++ b/packages/nc-gui/composables/useRoles/index.ts
@@ -1,5 +1,5 @@
 import { isString } from '@vue/shared'
-import type { Roles, RolesObj, WorkspaceUserRoles } from 'nocodb-sdk'
+import { type Roles, type RolesObj, SourceRestriction, type SourceType, type WorkspaceUserRoles } from 'nocodb-sdk'
 import { extractRolesObj } from 'nocodb-sdk'
 
 const hasPermission = (role: Exclude<Roles, WorkspaceUserRoles>, hasRole: boolean, permission: Permission | string) => {
@@ -129,7 +129,10 @@ export const useRoles = createSharedComposable(() => {
 
   const isUIAllowed = (
     permission: Permission | string,
-    args: { roles?: string | Record<string, boolean> | string[] | null } = {},
+    args: {
+      roles?: string | Record<string, boolean> | string[] | null
+      source?: SourceType & { meta?: Record<string, any> }
+    } = {},
   ) => {
     const { roles } = args
 
@@ -141,6 +144,26 @@ export const useRoles = createSharedComposable(() => {
       checkRoles = extractRolesObj(roles)
     }
 
+    // check source level restrictions
+    if (
+      sourceRestrictions[SourceRestriction.DATA_READONLY][permission] ||
+      sourceRestrictions[SourceRestriction.META_READONLY][permission]
+    ) {
+      const source = unref(args.source || null)
+
+      if (!source) {
+        console.warn('Source not found', permission, new Error().stack)
+        return false
+      }
+
+      if (source?.meta?.[SourceRestriction.DATA_READONLY] && sourceRestrictions[SourceRestriction.DATA_READONLY][permission]) {
+        return false
+      }
+      if (source?.meta?.[SourceRestriction.META_READONLY] && sourceRestrictions[SourceRestriction.META_READONLY][permission]) {
+        return false
+      }
+    }
+
     return Object.entries(checkRoles).some(([role, hasRole]) =>
       hasPermission(role as Exclude<Roles, WorkspaceUserRoles>, hasRole, permission),
     )
@@ -148,3 +171,15 @@ export const useRoles = createSharedComposable(() => {
 
   return { allRoles, orgRoles, workspaceRoles, baseRoles, loadRoles, isUIAllowed }
 })
+
+export const useRolesWrapper = () => {
+  const currentSource = inject(ActiveSourceInj, ref())
+  const useRolesRes = useRoles()
+
+  return {
+    ...useRolesRes,
+    isUIAllowed: (...args: Parameters<ReturnType<typeof useRoles>['isUIAllowed']>) => {
+      return useRolesRes.isUIAllowed(args[0], { source: currentSource, ...(args[1] || {}) })
+    },
+  }
+}
diff --git a/packages/nc-gui/composables/useViewColumns.ts b/packages/nc-gui/composables/useViewColumns.ts
index 6fc4b1acba..832cf8ffd8 100644
--- a/packages/nc-gui/composables/useViewColumns.ts
+++ b/packages/nc-gui/composables/useViewColumns.ts
@@ -1,6 +1,7 @@
 import type { ColumnType, GridColumnReqType, GridColumnType, MapType, TableType, ViewType } from 'nocodb-sdk'
 import { ViewTypes, isHiddenCol, isSystemColumn } from 'nocodb-sdk'
 import type { ComputedRef, Ref } from 'vue'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const [useProvideViewColumns, useViewColumns] = useInjectionState(
   (
@@ -17,7 +18,7 @@ const [useProvideViewColumns, useViewColumns] = useInjectionState(
 
     const { $api, $e } = useNuxtApp()
 
-    const { isUIAllowed } = useRoles()
+    const { isUIAllowed } = useRolesWrapper()
 
     const { isSharedBase } = storeToRefs(useBase())
 
diff --git a/packages/nc-gui/composables/useViewData.ts b/packages/nc-gui/composables/useViewData.ts
index be5c5a8c0b..89f9fbdc20 100644
--- a/packages/nc-gui/composables/useViewData.ts
+++ b/packages/nc-gui/composables/useViewData.ts
@@ -3,6 +3,7 @@ import axios from 'axios'
 import type { Api, ColumnType, FormColumnType, FormType, GalleryType, PaginatedType, TableType, ViewType } from 'nocodb-sdk'
 import type { ComputedRef, Ref } from 'vue'
 import { NavigateDir } from '#imports'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const formatData = (list: Record<string, any>[]) =>
   list.map((row) => ({
@@ -59,7 +60,7 @@ export function useViewData(
 
   const { sorts, nestedFilters } = useSmartsheetStoreOrThrow()
 
-  const { isUIAllowed } = useRoles()
+  const { isUIAllowed } = useRolesWrapper()
 
   const routeQuery = computed(() => route.value.query as Record<string, string>)
 
diff --git a/packages/nc-gui/composables/useViewFilters.ts b/packages/nc-gui/composables/useViewFilters.ts
index ad61e79872..e91a0734bb 100644
--- a/packages/nc-gui/composables/useViewFilters.ts
+++ b/packages/nc-gui/composables/useViewFilters.ts
@@ -9,6 +9,7 @@ import {
 import type { ComputedRef, Ref } from 'vue'
 import type { SelectProps } from 'ant-design-vue'
 import { UITypes, isSystemColumn } from 'nocodb-sdk'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 type ColumnFilterType = FilterType & { status?: string; id?: string; children?: ColumnFilterType[]; is_group?: boolean }
 
@@ -41,7 +42,7 @@ export function useViewFilters(
 
   const { $api, $e } = useNuxtApp()
 
-  const { isUIAllowed } = useRoles()
+  const { isUIAllowed } = useRolesWrapper()
 
   const { metas, getMeta } = useMetas()
 
diff --git a/packages/nc-gui/composables/useViewGroupBy.ts b/packages/nc-gui/composables/useViewGroupBy.ts
index c8c0f7de60..ed41d11855 100644
--- a/packages/nc-gui/composables/useViewGroupBy.ts
+++ b/packages/nc-gui/composables/useViewGroupBy.ts
@@ -2,6 +2,7 @@ import type { ColumnType, LinkToAnotherRecordType, LookupType, SelectOptionsType
 import { UITypes } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 import { message } from 'ant-design-vue'
+import {useRolesWrapper} from "~/composables/useRoles";
 
 const excludedGroupingUidt = [UITypes.Attachment, UITypes.QrCode, UITypes.Barcode]
 
@@ -48,7 +49,7 @@ const [useProvideViewGroupBy, useViewGroupBy] = useInjectionState(
 
     const isGroupBy = computed(() => !!groupBy.value.length)
 
-    const { isUIAllowed } = useRoles()
+    const { isUIAllowed } = useRolesWrapper()
 
     const { sorts, nestedFilters } = useSmartsheetStoreOrThrow()
 
diff --git a/packages/nc-gui/composables/useViewSorts.ts b/packages/nc-gui/composables/useViewSorts.ts
index ad39f63087..2129688cd0 100644
--- a/packages/nc-gui/composables/useViewSorts.ts
+++ b/packages/nc-gui/composables/useViewSorts.ts
@@ -8,7 +8,7 @@ export function useViewSorts(view: Ref<ViewType | undefined>, reloadData?: () =>
 
   const { $api, $e } = useNuxtApp()
 
-  const { isUIAllowed } = useRoles()
+  const { isUIAllowed } = useRolesWrapper()
 
   const { isSharedBase } = storeToRefs(useBase())
 
diff --git a/packages/nc-gui/context/index.ts b/packages/nc-gui/context/index.ts
index fcb46a2061..ffa695b952 100644
--- a/packages/nc-gui/context/index.ts
+++ b/packages/nc-gui/context/index.ts
@@ -1,4 +1,4 @@
-import type { ColumnType, FilterType, TableType, ViewType } from 'nocodb-sdk'
+import type { ColumnType, FilterType, SourceType, TableType, ViewType } from 'nocodb-sdk'
 import type { ComputedRef, InjectionKey, Ref } from 'vue'
 import type { EventHook } from '@vueuse/core'
 import type { PageSidebarNode } from '#imports'
@@ -60,3 +60,10 @@ export const JsonExpandInj: InjectionKey<Ref<boolean>> = Symbol('json-expand-inj
 export const AllFiltersInj: InjectionKey<Ref<Record<string, FilterType[]>>> = Symbol('all-filters-injection')
 
 export const IsAdminPanelInj: InjectionKey<Ref<boolean>> = Symbol('is-admin-panel-injection')
+export const ActiveSourceInj: InjectionKey<
+  ComputedRef<
+    SourceType & {
+      meta?: Record<string, any>
+    }
+  >
+> = Symbol('active-source-injection')
diff --git a/packages/nocodb-sdk/src/lib/enums.ts b/packages/nocodb-sdk/src/lib/enums.ts
index 646a3ee7b2..632d138957 100644
--- a/packages/nocodb-sdk/src/lib/enums.ts
+++ b/packages/nocodb-sdk/src/lib/enums.ts
@@ -326,3 +326,11 @@ export enum APIContext {
   FILTERS = 'filters',
   SORTS = 'sorts',
 }
+
+
+export enum SourceRestriction {
+  META_READONLY = 'metaReadOnly',
+  DATA_READONLY = 'dataReadOnly',
+}
+
+
diff --git a/packages/nocodb/src/services/public-datas.service.ts b/packages/nocodb/src/services/public-datas.service.ts
index 58c5d5dced..f0eea37ed2 100644
--- a/packages/nocodb/src/services/public-datas.service.ts
+++ b/packages/nocodb/src/services/public-datas.service.ts
@@ -1,7 +1,7 @@
 import path from 'path';
 import { Injectable } from '@nestjs/common';
 import { nanoid } from 'nanoid';
-import { populateUniqueFileName, UITypes, ViewTypes } from 'nocodb-sdk';
+import {populateUniqueFileName, SourceRestriction, UITypes, ViewTypes} from 'nocodb-sdk';
 import slash from 'slash';
 import { nocoExecute } from 'nc-help';
 
@@ -293,6 +293,11 @@ export class PublicDatasService {
     });
 
     const source = await Source.get(context, model.source_id);
+
+    if (source?.meta?.[SourceRestriction.DATA_READONLY]) {
+      NcError.forbidden('Data insert is restricted');
+    }
+
     const base = await source.getProject(context);
 
     const baseModel = await Model.getBaseModelSQL(context, {
diff --git a/packages/nocodb/src/utils/acl.ts b/packages/nocodb/src/utils/acl.ts
index d4624a8ac5..4b68dbc3ad 100644
--- a/packages/nocodb/src/utils/acl.ts
+++ b/packages/nocodb/src/utils/acl.ts
@@ -450,4 +450,20 @@ Object.values(rolePermissions).forEach((role) => {
   }
 });
 
+// excluded/restricted permissions at source level based on source restriction
+// `true` means permission is restricted and `false`/missing means permission is allowed
+export const sourceRestrictions = {
+  [SourceRestriction.DATA_READONLY]: {
+    dataInsert: true,
+    dataEdit: true,
+    dataDelete: true,
+  },
+  [SourceRestriction.META_READONLY]: {
+    tableCreate: true,
+    tableRename: true,
+    tableDelete: true,
+    tableDuplicate: true,
+  },
+}
+
 export default rolePermissions;

From e82ea344bde44a2adceb4a08670a8a99b58a62f2 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:17 +0000
Subject: [PATCH 04/28] refactor: overwrite the default shared useRoles with a
 wrapped composable which injects currentSource from the component context

---
 packages/nc-gui/components/cell/MultiSelect.vue        |  4 ++--
 packages/nc-gui/components/cell/SingleSelect.vue       |  4 ++--
 packages/nc-gui/components/cell/attachment/Modal.vue   |  4 ++--
 packages/nc-gui/components/cell/attachment/index.vue   |  4 ++--
 .../nc-gui/components/dashboard/Sidebar/TopSection.vue |  4 ++--
 .../components/dashboard/TreeView/AddNewTableNode.vue  |  4 ++--
 packages/nc-gui/components/smartsheet/Details.vue      |  4 ++--
 packages/nc-gui/components/smartsheet/Form.vue         |  4 ++--
 packages/nc-gui/components/smartsheet/Gallery.vue      |  4 ++--
 packages/nc-gui/components/smartsheet/Kanban.vue       |  4 ++--
 .../smartsheet/calendar/DayView/DateField.vue          |  4 ++--
 .../smartsheet/calendar/DayView/DateTimeField.vue      |  4 ++--
 .../components/smartsheet/calendar/MonthView.vue       |  4 ++--
 .../nc-gui/components/smartsheet/calendar/SideMenu.vue |  4 ++--
 .../smartsheet/calendar/WeekView/DateField.vue         |  4 ++--
 .../smartsheet/calendar/WeekView/DateTimeField.vue     |  2 +-
 .../components/smartsheet/expanded-form/Comments.vue   |  4 ++--
 .../components/smartsheet/expanded-form/index.vue      |  4 ++--
 packages/nc-gui/components/smartsheet/grid/Table.vue   |  2 +-
 packages/nc-gui/components/smartsheet/header/Cell.vue  |  4 ++--
 .../components/smartsheet/header/VirtualCell.vue       |  4 ++--
 .../smartsheet/sidebar/RenameableMenuItem.vue          |  4 ++--
 .../smartsheet/toolbar/KanbanStackEditOrAdd.vue        |  4 ++--
 .../components/smartsheet/toolbar/MoreActions.vue      |  4 ++--
 .../nc-gui/components/smartsheet/toolbar/ShareView.vue |  4 ++--
 .../components/smartsheet/toolbar/ViewActionMenu.vue   |  4 ++--
 .../components/smartsheet/toolbar/ViewActions.vue      |  4 ++--
 .../nc-gui/components/smartsheet/topbar/SelectMode.vue |  4 ++--
 packages/nc-gui/components/virtual-cell/BelongsTo.vue  |  4 ++--
 packages/nc-gui/components/virtual-cell/HasMany.vue    |  4 ++--
 packages/nc-gui/components/virtual-cell/Links.vue      |  4 ++--
 packages/nc-gui/components/virtual-cell/ManyToMany.vue |  4 ++--
 packages/nc-gui/components/virtual-cell/OneToOne.vue   |  4 ++--
 .../components/virtual-cell/components/ItemChip.vue    |  4 ++--
 packages/nc-gui/composables/useCalendarViewStore.ts    |  4 ++--
 packages/nc-gui/composables/useExpandedFormStore.ts    |  3 +--
 packages/nc-gui/composables/useKanbanViewStore.ts      |  4 ++--
 packages/nc-gui/composables/useMapViewDataStore.ts     |  4 ++--
 packages/nc-gui/composables/useRoles/index.ts          | 10 +++++++---
 packages/nc-gui/composables/useViewColumns.ts          |  4 ++--
 packages/nc-gui/composables/useViewData.ts             |  4 ++--
 packages/nc-gui/composables/useViewFilters.ts          |  4 ++--
 packages/nc-gui/composables/useViewGroupBy.ts          |  4 ++--
 packages/nc-gui/composables/useViewSorts.ts            |  2 +-
 44 files changed, 89 insertions(+), 86 deletions(-)

diff --git a/packages/nc-gui/components/cell/MultiSelect.vue b/packages/nc-gui/components/cell/MultiSelect.vue
index fee5afe43a..b3bc690052 100644
--- a/packages/nc-gui/components/cell/MultiSelect.vue
+++ b/packages/nc-gui/components/cell/MultiSelect.vue
@@ -5,7 +5,7 @@ import type { Select as AntSelect } from 'ant-design-vue'
 import type { SelectOptionType, SelectOptionsType } from 'nocodb-sdk'
 import type { FormFieldsLimitOptionsType } from '~/lib/types'
 import MdiCloseCircle from '~icons/mdi/close-circle'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 interface Props {
   modelValue?: string | string[]
@@ -58,7 +58,7 @@ const { $api } = useNuxtApp()
 
 const { getMeta } = useMetas()
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { isPg, isMysql } = useBase()
 
diff --git a/packages/nc-gui/components/cell/SingleSelect.vue b/packages/nc-gui/components/cell/SingleSelect.vue
index e61ac988dd..d961824e76 100644
--- a/packages/nc-gui/components/cell/SingleSelect.vue
+++ b/packages/nc-gui/components/cell/SingleSelect.vue
@@ -4,7 +4,7 @@ import { message } from 'ant-design-vue'
 import tinycolor from 'tinycolor2'
 import type { SelectOptionType } from 'nocodb-sdk'
 import type { FormFieldsLimitOptionsType } from '~/lib/types'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 interface Props {
   modelValue?: string | undefined
@@ -50,7 +50,7 @@ const searchVal = ref()
 
 const { getMeta } = useMetas()
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { isPg, isMysql } = useBase()
 
diff --git a/packages/nc-gui/components/cell/attachment/Modal.vue b/packages/nc-gui/components/cell/attachment/Modal.vue
index 82944f27ae..5e2c97c3a8 100644
--- a/packages/nc-gui/components/cell/attachment/Modal.vue
+++ b/packages/nc-gui/components/cell/attachment/Modal.vue
@@ -2,9 +2,9 @@
 import { onKeyDown, useEventListener } from '@vueuse/core'
 import { useAttachmentCell } from './utils'
 import { useSortable } from './sort'
-import {useRolesWrapper} from "~/composables/useRoles";
 
-const { isUIAllowed } = useRolesWrapper()
+
+const { isUIAllowed } = useRoles()
 
 const {
   open,
diff --git a/packages/nc-gui/components/cell/attachment/index.vue b/packages/nc-gui/components/cell/attachment/index.vue
index 8335952e9a..0b0e084693 100644
--- a/packages/nc-gui/components/cell/attachment/index.vue
+++ b/packages/nc-gui/components/cell/attachment/index.vue
@@ -2,7 +2,7 @@
 import { onKeyDown } from '@vueuse/core'
 import { useProvideAttachmentCell } from './utils'
 import { useSortable } from './sort'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 interface Props {
   modelValue?: string | Record<string, any>[] | null
@@ -176,7 +176,7 @@ const keydownSpace = (e: KeyboardEvent) => {
   }
 }
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 const isConfirmModalOpen = ref(false)
 const filetoDelete = reactive({
   title: '',
diff --git a/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue b/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue
index 57fe869023..b08e907752 100644
--- a/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue
+++ b/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue
@@ -1,10 +1,10 @@
 <script setup lang="ts">
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const workspaceStore = useWorkspace()
 const baseStore = useBase()
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { appInfo } = useGlobal()
 
diff --git a/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue b/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
index 38c06f0e55..a33d87a5a2 100644
--- a/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
@@ -4,7 +4,7 @@ import { storeToRefs } from 'pinia'
 import { toRef } from '@vue/reactivity'
 import { resolveComponent } from '@vue/runtime-core'
 import { ref } from 'vue'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const props = withDefaults(
   defineProps<{
@@ -20,7 +20,7 @@ const emit = defineEmits<{
   openTableCreateDialog: () => void
 }>()
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const base = toRef(props, 'base')
 
diff --git a/packages/nc-gui/components/smartsheet/Details.vue b/packages/nc-gui/components/smartsheet/Details.vue
index 734e1ccf22..89129c499e 100644
--- a/packages/nc-gui/components/smartsheet/Details.vue
+++ b/packages/nc-gui/components/smartsheet/Details.vue
@@ -1,6 +1,6 @@
 <script setup lang="ts">
 import { LoadingOutlined } from '@ant-design/icons-vue'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const { openedViewsTab } = storeToRefs(useViewsStore())
 const { onViewsTabChange } = useViewsStore()
@@ -9,7 +9,7 @@ const { isLeftSidebarOpen } = storeToRefs(useSidebarStore())
 
 const { $e } = useNuxtApp()
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { base } = storeToRefs(useBase())
 const meta = inject(MetaInj, ref())
diff --git a/packages/nc-gui/components/smartsheet/Form.vue b/packages/nc-gui/components/smartsheet/Form.vue
index f3dc43a342..ccae14f006 100644
--- a/packages/nc-gui/components/smartsheet/Form.vue
+++ b/packages/nc-gui/components/smartsheet/Form.vue
@@ -15,7 +15,7 @@ import {
   isVirtualCol,
 } from 'nocodb-sdk'
 import type { ImageCropperConfig } from '~/lib/types'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 provide(IsFormInj, ref(true))
 provide(IsGalleryInj, ref(false))
@@ -53,7 +53,7 @@ const { isMobileMode, user } = useGlobal()
 
 const { $api, $e } = useNuxtApp()
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { base } = storeToRefs(useBase())
 
diff --git a/packages/nc-gui/components/smartsheet/Gallery.vue b/packages/nc-gui/components/smartsheet/Gallery.vue
index 78533301e0..5b026edae9 100644
--- a/packages/nc-gui/components/smartsheet/Gallery.vue
+++ b/packages/nc-gui/components/smartsheet/Gallery.vue
@@ -1,7 +1,7 @@
 <script lang="ts" setup>
 import { ViewTypes, isVirtualCol } from 'nocodb-sdk'
 import type { Row as RowType } from '#imports'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 interface Attachment {
   url: string
@@ -65,7 +65,7 @@ const coverImageObjectFitClass = computed(() => {
   if (fk_cover_image_object_fit === CoverImageObjectFit.COVER) return '!object-cover'
 })
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 const hasEditPermission = computed(() => isUIAllowed('dataEdit'))
 // TODO: extract this code (which is duplicated in grid and gallery) into a separate component
 const _contextMenu = ref(false)
diff --git a/packages/nc-gui/components/smartsheet/Kanban.vue b/packages/nc-gui/components/smartsheet/Kanban.vue
index 273b6d2407..5eb22a6d5f 100644
--- a/packages/nc-gui/components/smartsheet/Kanban.vue
+++ b/packages/nc-gui/components/smartsheet/Kanban.vue
@@ -4,7 +4,7 @@ import Draggable from 'vuedraggable'
 import tinycolor from 'tinycolor2'
 import { ViewTypes, isVirtualCol } from 'nocodb-sdk'
 import type { Row as RowType } from '#imports'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 interface Attachment {
   url: string
@@ -74,7 +74,7 @@ const {
 
 const { isViewDataLoading } = storeToRefs(useViewsStore())
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { appInfo, isMobileMode } = useGlobal()
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue b/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue
index a562206a72..8ba4bcb3db 100644
--- a/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue
@@ -1,7 +1,7 @@
 <script lang="ts" setup>
 import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const emit = defineEmits(['expandRecord', 'newRecord'])
 
@@ -9,7 +9,7 @@ const meta = inject(MetaInj, ref())
 
 const container = ref()
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { selectedDate, formattedData, formattedSideBarData, calendarRange, updateRowProperty } = useCalendarViewStoreOrThrow()
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue b/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
index 004a80a1e3..be37e3f549 100644
--- a/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
@@ -1,7 +1,7 @@
 <script lang="ts" setup>
 import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const emit = defineEmits(['expandRecord', 'newRecord'])
 
@@ -21,7 +21,7 @@ const { $e } = useNuxtApp()
 
 const container = ref<null | HTMLElement>(null)
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const meta = inject(MetaInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/MonthView.vue b/packages/nc-gui/components/smartsheet/calendar/MonthView.vue
index 104f47029c..bc1112e097 100644
--- a/packages/nc-gui/components/smartsheet/calendar/MonthView.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/MonthView.vue
@@ -2,7 +2,7 @@
 import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
 import { UITypes } from 'nocodb-sdk'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const emit = defineEmits(['newRecord', 'expandRecord'])
 
@@ -24,7 +24,7 @@ const { $e } = useNuxtApp()
 
 const isMondayFirst = ref(true)
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const meta = inject(MetaInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue b/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue
index 5c7f33c9ed..22ee072791 100644
--- a/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue
@@ -2,7 +2,7 @@
 import type { VNodeRef } from '@vue/runtime-core'
 import { UITypes } from 'nocodb-sdk'
 import dayjs from 'dayjs'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const props = defineProps<{
   visible: boolean
@@ -16,7 +16,7 @@ interface Attachment {
 
 const INFINITY_SCROLL_THRESHOLD = 100
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { $e } = useNuxtApp()
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue b/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue
index 3c41660603..eed0c41f3f 100644
--- a/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue
@@ -2,7 +2,7 @@
 import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
 import type { Row } from '~/lib/types'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const emits = defineEmits(['expandRecord', 'newRecord'])
 
@@ -25,7 +25,7 @@ const container = ref<null | HTMLElement>(null)
 
 const { width: containerWidth } = useElementSize(container)
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const meta = inject(MetaInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/calendar/WeekView/DateTimeField.vue b/packages/nc-gui/components/smartsheet/calendar/WeekView/DateTimeField.vue
index b5c03c22ca..248156e071 100644
--- a/packages/nc-gui/components/smartsheet/calendar/WeekView/DateTimeField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/WeekView/DateTimeField.vue
@@ -28,7 +28,7 @@ const { width: containerWidth } = useElementSize(container)
 
 const isPublic = inject(IsPublicInj, ref(false))
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const meta = inject(MetaInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue b/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue
index dc03bd801a..274097e1c2 100644
--- a/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue
+++ b/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue
@@ -1,6 +1,6 @@
 <script setup lang="ts">
 import { type CommentType, ProjectRoles } from 'nocodb-sdk'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const props = defineProps<{
   loading: boolean
@@ -46,7 +46,7 @@ const isExpandedFormLoading = computed(() => props.loading)
 
 const tab = ref<'comments' | 'audits'>('comments')
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const router = useRouter()
 
diff --git a/packages/nc-gui/components/smartsheet/expanded-form/index.vue b/packages/nc-gui/components/smartsheet/expanded-form/index.vue
index 211aacde82..a3b8a3c87e 100644
--- a/packages/nc-gui/components/smartsheet/expanded-form/index.vue
+++ b/packages/nc-gui/components/smartsheet/expanded-form/index.vue
@@ -12,7 +12,7 @@ import type { Ref } from 'vue'
 import { Drawer } from 'ant-design-vue'
 import NcModal from '../../nc/Modal.vue'
 import MdiChevronDown from '~icons/mdi/chevron-down'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 interface Props {
   modelValue?: boolean
@@ -74,7 +74,7 @@ const isUnsavedDuplicatedRecordExist = ref(false)
 
 const isRecordLinkCopied = ref(false)
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const readOnly = computed(() => !isUIAllowed('dataEdit') || isPublic.value)
 
diff --git a/packages/nc-gui/components/smartsheet/grid/Table.vue b/packages/nc-gui/components/smartsheet/grid/Table.vue
index 9c995a4f79..6f28a12c13 100644
--- a/packages/nc-gui/components/smartsheet/grid/Table.vue
+++ b/packages/nc-gui/components/smartsheet/grid/Table.vue
@@ -166,7 +166,7 @@ const isViewColumnsLoading = computed(() => _isViewColumnsLoading.value || !meta
 const resizingColumn = ref(false)
 
 // #Permissions
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 const hasEditPermission = computed(() => isUIAllowed('dataEdit'))
 const isAddingColumnAllowed = computed(() => !readOnly.value && !isLocked.value && isUIAllowed('fieldAdd') && !isSqlView.value)
 
diff --git a/packages/nc-gui/components/smartsheet/header/Cell.vue b/packages/nc-gui/components/smartsheet/header/Cell.vue
index 1786fcea48..fd9a1e1d7a 100644
--- a/packages/nc-gui/components/smartsheet/header/Cell.vue
+++ b/packages/nc-gui/components/smartsheet/header/Cell.vue
@@ -1,7 +1,7 @@
 <script setup lang="ts">
 import type { ColumnReqType, ColumnType } from 'nocodb-sdk'
 import { UITypes, UITypesName } from 'nocodb-sdk'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 interface Props {
   column: ColumnType
@@ -33,7 +33,7 @@ const isDropDownOpen = ref(false)
 
 const column = toRef(props, 'column')
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 provide(ColumnInj, column)
 
diff --git a/packages/nc-gui/components/smartsheet/header/VirtualCell.vue b/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
index a3c58726d5..d86bc459e4 100644
--- a/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
+++ b/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
@@ -9,7 +9,7 @@ import {
   isLinksOrLTAR,
 } from 'nocodb-sdk'
 import { RelationTypes, UITypes, UITypesName, substituteColumnIdWithAliasInFormula } from 'nocodb-sdk'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const props = defineProps<{
   column: ColumnType
@@ -37,7 +37,7 @@ provide(ColumnInj, column)
 
 const { metas } = useMetas()
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const meta = inject(MetaInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue b/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue
index 2010d56cea..de73a6049e 100644
--- a/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue
+++ b/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue
@@ -2,7 +2,7 @@
 import type { VNodeRef } from '@vue/runtime-core'
 import type { KanbanType, ViewType, ViewTypes } from 'nocodb-sdk'
 import type { WritableComputedRef } from '@vue/reactivity'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 interface Props {
   view: ViewType
@@ -31,7 +31,7 @@ const vModel = useVModel(props, 'view', emits) as WritableComputedRef<ViewType &
 
 const { $e } = useNuxtApp()
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const activeView = inject(ActiveViewInj, ref())
 
diff --git a/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue b/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue
index 22d75f7040..c481ceb18d 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue
@@ -1,7 +1,7 @@
 <script setup lang="ts">
-import {useRolesWrapper} from "~/composables/useRoles";
 
-const { isUIAllowed } = useRolesWrapper()
+
+const { isUIAllowed } = useRoles()
 
 const { groupingFieldColumn } = useKanbanViewStoreOrThrow()
 
diff --git a/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue b/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue
index 5a08f2ad44..308dd2b1ef 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue
@@ -3,7 +3,7 @@ import type { RequestParams } from 'nocodb-sdk'
 import { ExportTypes } from 'nocodb-sdk'
 import { saveAs } from 'file-saver'
 import * as XLSX from 'xlsx'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const { t } = useI18n()
 
@@ -33,7 +33,7 @@ const showWebhookDrawer = ref(false)
 
 const quickImportDialog = ref(false)
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const exportFile = async (exportType: ExportTypes) => {
   let offset = 0
diff --git a/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue b/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue
index 44230175f2..b2a334343e 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue
@@ -2,7 +2,7 @@
 import { ViewTypes } from 'nocodb-sdk'
 import { isString } from '@vue/shared'
 import tinycolor from 'tinycolor2'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const { t } = useI18n()
 
@@ -14,7 +14,7 @@ const { $e } = useNuxtApp()
 
 const { dashboardUrl } = useDashboard()
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { isSharedBase } = storeToRefs(useBase())
 
diff --git a/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue b/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
index e8bfcfe323..9239d271c2 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
@@ -2,7 +2,7 @@
 import type { TableType, ViewType } from 'nocodb-sdk'
 import { ViewTypes } from 'nocodb-sdk'
 import { LockType } from '#imports'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const props = withDefaults(
   defineProps<{
@@ -17,7 +17,7 @@ const props = withDefaults(
 
 const emits = defineEmits(['rename', 'closeModal', 'delete'])
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const isPublicView = inject(IsPublicInj, ref(false))
 
diff --git a/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue b/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue
index 9506d521da..25f5b2bf60 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue
@@ -1,7 +1,7 @@
 <script lang="ts" setup>
 import type { Ref } from '@vue/reactivity'
 import { LockType } from '#imports'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const { t } = useI18n()
 
@@ -38,7 +38,7 @@ const quickImportDialogs: Record<(typeof quickImportDialogTypes)[number], Ref<bo
   {},
 ) as Record<QuickImportDialogType, Ref<boolean>>
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 useBase()
 
diff --git a/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue b/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue
index 4d1d80557c..7b6b700f3d 100644
--- a/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue
+++ b/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue
@@ -1,9 +1,9 @@
 <script lang="ts" setup>
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const { openedViewsTab, activeView } = storeToRefs(useViewsStore())
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { onViewsTabChange } = useViewsStore()
 
diff --git a/packages/nc-gui/components/virtual-cell/BelongsTo.vue b/packages/nc-gui/components/virtual-cell/BelongsTo.vue
index b2f020ec69..c4a54885f2 100644
--- a/packages/nc-gui/components/virtual-cell/BelongsTo.vue
+++ b/packages/nc-gui/components/virtual-cell/BelongsTo.vue
@@ -1,7 +1,7 @@
 <script setup lang="ts">
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const column = inject(ColumnInj)!
 
@@ -19,7 +19,7 @@ const isForm = inject(IsFormInj, ref(false))
 
 const isUnderLookup = inject(IsUnderLookupInj, ref(false))
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const listItemsDlg = ref(false)
 
diff --git a/packages/nc-gui/components/virtual-cell/HasMany.vue b/packages/nc-gui/components/virtual-cell/HasMany.vue
index a2cd6c4cca..6b51262188 100644
--- a/packages/nc-gui/components/virtual-cell/HasMany.vue
+++ b/packages/nc-gui/components/virtual-cell/HasMany.vue
@@ -2,7 +2,7 @@
 import type { ColumnType } from 'nocodb-sdk'
 import { isSystemColumn } from 'nocodb-sdk'
 import type { Ref } from 'vue'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const column = inject(ColumnInj)!
 
@@ -26,7 +26,7 @@ const isOpen = ref(false)
 
 const hideBackBtn = ref(false)
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { state, isNew, removeLTARRef } = useSmartsheetRowStoreOrThrow()
 
diff --git a/packages/nc-gui/components/virtual-cell/Links.vue b/packages/nc-gui/components/virtual-cell/Links.vue
index b3fb6acc7f..4339facc53 100644
--- a/packages/nc-gui/components/virtual-cell/Links.vue
+++ b/packages/nc-gui/components/virtual-cell/Links.vue
@@ -3,7 +3,7 @@ import { computed } from '@vue/reactivity'
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 import { ref } from 'vue'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const value = inject(CellValueInj, ref(0))
 
@@ -29,7 +29,7 @@ const isOpen = ref(false)
 
 const hideBackBtn = ref(false)
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { t } = useI18n()
 
diff --git a/packages/nc-gui/components/virtual-cell/ManyToMany.vue b/packages/nc-gui/components/virtual-cell/ManyToMany.vue
index 2507c26bce..9f1bc111be 100644
--- a/packages/nc-gui/components/virtual-cell/ManyToMany.vue
+++ b/packages/nc-gui/components/virtual-cell/ManyToMany.vue
@@ -1,7 +1,7 @@
 <script setup lang="ts">
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const column = inject(ColumnInj)!
 
@@ -25,7 +25,7 @@ const isOpen = ref(false)
 
 const hideBackBtn = ref(false)
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const { state, isNew, removeLTARRef } = useSmartsheetRowStoreOrThrow()
 
diff --git a/packages/nc-gui/components/virtual-cell/OneToOne.vue b/packages/nc-gui/components/virtual-cell/OneToOne.vue
index bdc4d220a6..2a6e41100d 100644
--- a/packages/nc-gui/components/virtual-cell/OneToOne.vue
+++ b/packages/nc-gui/components/virtual-cell/OneToOne.vue
@@ -1,7 +1,7 @@
 <script setup lang="ts">
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const column = inject(ColumnInj)!
 
@@ -19,7 +19,7 @@ const isForm = inject(IsFormInj, ref(false))
 
 const isUnderLookup = inject(IsUnderLookupInj, ref(false))
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const listItemsDlg = ref(false)
 
diff --git a/packages/nc-gui/components/virtual-cell/components/ItemChip.vue b/packages/nc-gui/components/virtual-cell/components/ItemChip.vue
index 65938e478e..2b5af552ee 100644
--- a/packages/nc-gui/components/virtual-cell/components/ItemChip.vue
+++ b/packages/nc-gui/components/virtual-cell/components/ItemChip.vue
@@ -1,7 +1,7 @@
 <script lang="ts" setup>
 import type { ColumnType } from 'nocodb-sdk'
 import { UITypes, isVirtualCol } from 'nocodb-sdk'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 interface Props {
   value: string | number | boolean
@@ -18,7 +18,7 @@ const emit = defineEmits(['unlink'])
 
 const { relatedTableMeta } = useLTARStoreOrThrow()!
 
-const { isUIAllowed } = useRolesWrapper()
+const { isUIAllowed } = useRoles()
 
 const readOnly = inject(ReadonlyInj, ref(false))
 
diff --git a/packages/nc-gui/composables/useCalendarViewStore.ts b/packages/nc-gui/composables/useCalendarViewStore.ts
index bd3d6d3381..3b04470591 100644
--- a/packages/nc-gui/composables/useCalendarViewStore.ts
+++ b/packages/nc-gui/composables/useCalendarViewStore.ts
@@ -2,7 +2,7 @@ import type { ComputedRef, Ref } from 'vue'
 import type { Api, CalendarRangeType, CalendarType, ColumnType, PaginatedType, TableType, ViewType } from 'nocodb-sdk'
 import { UITypes } from 'nocodb-sdk'
 import dayjs from 'dayjs'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const formatData = (list: Record<string, any>[]) =>
   list.map(
@@ -34,7 +34,7 @@ const [useProvideCalendarViewStore, useCalendarViewStore] = useInjectionState(
 
     const pageDate = ref<dayjs.Dayjs>(dayjs())
 
-    const { isUIAllowed } = useRolesWrapper()
+    const { isUIAllowed } = useRoles()
 
     const { isMobileMode } = useGlobal()
 
diff --git a/packages/nc-gui/composables/useExpandedFormStore.ts b/packages/nc-gui/composables/useExpandedFormStore.ts
index 094b4f49f9..d2d2b02cb5 100644
--- a/packages/nc-gui/composables/useExpandedFormStore.ts
+++ b/packages/nc-gui/composables/useExpandedFormStore.ts
@@ -2,7 +2,6 @@ import type { AuditType, ColumnType, CommentType, TableType } from 'nocodb-sdk'
 import { UITypes, ViewTypes, isVirtualCol } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 import dayjs from 'dayjs'
-import {useRolesWrapper} from "~/composables/useRoles";
 
 const [useProvideExpandedFormStore, useExpandedFormStore] = useInjectionState((meta: Ref<TableType>, _row: Ref<Row>) => {
   const { $e, $state, $api } = useNuxtApp()
@@ -62,7 +61,7 @@ const [useProvideExpandedFormStore, useExpandedFormStore] = useInjectionState((m
 
   const reloadTrigger = inject(ReloadRowDataHookInj, createEventHook())
 
-  const { isUIAllowed } = useRolesWrapper()
+  const { isUIAllowed } = useRoles()
 
   // getters
   const displayValue = computed(() => {
diff --git a/packages/nc-gui/composables/useKanbanViewStore.ts b/packages/nc-gui/composables/useKanbanViewStore.ts
index 662b31dccd..9e56ed2b4c 100644
--- a/packages/nc-gui/composables/useKanbanViewStore.ts
+++ b/packages/nc-gui/composables/useKanbanViewStore.ts
@@ -1,6 +1,6 @@
 import type { ComputedRef, Ref } from 'vue'
 import type { Api, ColumnType, KanbanType, SelectOptionType, SelectOptionsType, TableType, ViewType } from 'nocodb-sdk'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 type GroupingFieldColOptionsType = SelectOptionType & { collapsed: boolean }
 
@@ -28,7 +28,7 @@ const [useProvideKanbanViewStore, useKanbanViewStore] = useInjectionState(
 
     const { sharedView, fetchSharedViewData, fetchSharedViewGroupedData } = useSharedView()
 
-    const { isUIAllowed } = useRolesWrapper()
+    const { isUIAllowed } = useRoles()
 
     const isPublic = ref(shared) || inject(IsPublicInj, ref(false))
 
diff --git a/packages/nc-gui/composables/useMapViewDataStore.ts b/packages/nc-gui/composables/useMapViewDataStore.ts
index 830728ebd4..72474fc76d 100644
--- a/packages/nc-gui/composables/useMapViewDataStore.ts
+++ b/packages/nc-gui/composables/useMapViewDataStore.ts
@@ -1,6 +1,6 @@
 import type { ComputedRef, Ref } from 'vue'
 import type { ColumnType, MapType, PaginatedType, TableType, ViewType } from 'nocodb-sdk'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const formatData = (list: Record<string, any>[]) =>
   list.map(
@@ -33,7 +33,7 @@ const [useProvideMapViewStore, useMapViewStore] = useInjectionState(
 
     const { $api } = useNuxtApp()
 
-    const { isUIAllowed } = useRolesWrapper()
+    const { isUIAllowed } = useRoles()
 
     const isPublic = ref(shared) || inject(IsPublicInj, ref(false))
 
diff --git a/packages/nc-gui/composables/useRoles/index.ts b/packages/nc-gui/composables/useRoles/index.ts
index 100ccd235a..a7d23a23af 100644
--- a/packages/nc-gui/composables/useRoles/index.ts
+++ b/packages/nc-gui/composables/useRoles/index.ts
@@ -24,7 +24,7 @@ const hasPermission = (role: Exclude<Roles, WorkspaceUserRoles>, hasRole: boolea
  * * `allRoles` - all roles a user has (userRoles + baseRoles)
  * * `loadRoles` - a function to load reload user roles for scope
  */
-export const useRoles = createSharedComposable(() => {
+export const useRolesShared = createSharedComposable(() => {
   const { user } = useGlobal()
 
   const { api } = useApi()
@@ -172,9 +172,13 @@ export const useRoles = createSharedComposable(() => {
   return { allRoles, orgRoles, workspaceRoles, baseRoles, loadRoles, isUIAllowed }
 })
 
-export const useRolesWrapper = () => {
+/**
+ * Wrap the default shared composable to inject the current source if available
+ * which will be used to determine if a user has permission to perform an action based on the source's restrictions
+ */
+export const useRoles = () => {
   const currentSource = inject(ActiveSourceInj, ref())
-  const useRolesRes = useRoles()
+  const useRolesRes = useRolesShared()
 
   return {
     ...useRolesRes,
diff --git a/packages/nc-gui/composables/useViewColumns.ts b/packages/nc-gui/composables/useViewColumns.ts
index 832cf8ffd8..f768f6fb1d 100644
--- a/packages/nc-gui/composables/useViewColumns.ts
+++ b/packages/nc-gui/composables/useViewColumns.ts
@@ -1,7 +1,7 @@
 import type { ColumnType, GridColumnReqType, GridColumnType, MapType, TableType, ViewType } from 'nocodb-sdk'
 import { ViewTypes, isHiddenCol, isSystemColumn } from 'nocodb-sdk'
 import type { ComputedRef, Ref } from 'vue'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const [useProvideViewColumns, useViewColumns] = useInjectionState(
   (
@@ -18,7 +18,7 @@ const [useProvideViewColumns, useViewColumns] = useInjectionState(
 
     const { $api, $e } = useNuxtApp()
 
-    const { isUIAllowed } = useRolesWrapper()
+    const { isUIAllowed } = useRoles()
 
     const { isSharedBase } = storeToRefs(useBase())
 
diff --git a/packages/nc-gui/composables/useViewData.ts b/packages/nc-gui/composables/useViewData.ts
index 89f9fbdc20..69e9d15ea3 100644
--- a/packages/nc-gui/composables/useViewData.ts
+++ b/packages/nc-gui/composables/useViewData.ts
@@ -3,7 +3,7 @@ import axios from 'axios'
 import type { Api, ColumnType, FormColumnType, FormType, GalleryType, PaginatedType, TableType, ViewType } from 'nocodb-sdk'
 import type { ComputedRef, Ref } from 'vue'
 import { NavigateDir } from '#imports'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const formatData = (list: Record<string, any>[]) =>
   list.map((row) => ({
@@ -60,7 +60,7 @@ export function useViewData(
 
   const { sorts, nestedFilters } = useSmartsheetStoreOrThrow()
 
-  const { isUIAllowed } = useRolesWrapper()
+  const { isUIAllowed } = useRoles()
 
   const routeQuery = computed(() => route.value.query as Record<string, string>)
 
diff --git a/packages/nc-gui/composables/useViewFilters.ts b/packages/nc-gui/composables/useViewFilters.ts
index e91a0734bb..a4e8cee459 100644
--- a/packages/nc-gui/composables/useViewFilters.ts
+++ b/packages/nc-gui/composables/useViewFilters.ts
@@ -9,7 +9,7 @@ import {
 import type { ComputedRef, Ref } from 'vue'
 import type { SelectProps } from 'ant-design-vue'
 import { UITypes, isSystemColumn } from 'nocodb-sdk'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 type ColumnFilterType = FilterType & { status?: string; id?: string; children?: ColumnFilterType[]; is_group?: boolean }
 
@@ -42,7 +42,7 @@ export function useViewFilters(
 
   const { $api, $e } = useNuxtApp()
 
-  const { isUIAllowed } = useRolesWrapper()
+  const { isUIAllowed } = useRoles()
 
   const { metas, getMeta } = useMetas()
 
diff --git a/packages/nc-gui/composables/useViewGroupBy.ts b/packages/nc-gui/composables/useViewGroupBy.ts
index ed41d11855..b4136cc5cd 100644
--- a/packages/nc-gui/composables/useViewGroupBy.ts
+++ b/packages/nc-gui/composables/useViewGroupBy.ts
@@ -2,7 +2,7 @@ import type { ColumnType, LinkToAnotherRecordType, LookupType, SelectOptionsType
 import { UITypes } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 import { message } from 'ant-design-vue'
-import {useRolesWrapper} from "~/composables/useRoles";
+
 
 const excludedGroupingUidt = [UITypes.Attachment, UITypes.QrCode, UITypes.Barcode]
 
@@ -49,7 +49,7 @@ const [useProvideViewGroupBy, useViewGroupBy] = useInjectionState(
 
     const isGroupBy = computed(() => !!groupBy.value.length)
 
-    const { isUIAllowed } = useRolesWrapper()
+    const { isUIAllowed } = useRoles()
 
     const { sorts, nestedFilters } = useSmartsheetStoreOrThrow()
 
diff --git a/packages/nc-gui/composables/useViewSorts.ts b/packages/nc-gui/composables/useViewSorts.ts
index 2129688cd0..ad39f63087 100644
--- a/packages/nc-gui/composables/useViewSorts.ts
+++ b/packages/nc-gui/composables/useViewSorts.ts
@@ -8,7 +8,7 @@ export function useViewSorts(view: Ref<ViewType | undefined>, reloadData?: () =>
 
   const { $api, $e } = useNuxtApp()
 
-  const { isUIAllowed } = useRolesWrapper()
+  const { isUIAllowed } = useRoles()
 
   const { isSharedBase } = storeToRefs(useBase())
 

From 308ee8ddf8dd549caa0ab85289bab5ee81dc1c7a Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:17 +0000
Subject: [PATCH 05/28] refactor: exception handling and missing permissions

---
 .../nc-gui/components/cell/MultiSelect.vue    |  1 -
 .../nc-gui/components/cell/SingleSelect.vue   |  1 -
 .../components/cell/attachment/Modal.vue      |  1 -
 .../components/cell/attachment/index.vue      |  1 -
 .../dashboard/Sidebar/TopSection.vue          |  2 --
 .../dashboard/TreeView/AddNewTableNode.vue    |  3 +-
 .../dashboard/TreeView/CreateViewBtn.vue      |  5 ++--
 .../dashboard/TreeView/ProjectNode.vue        |  4 ++-
 .../dashboard/TreeView/ViewsList.vue          |  8 +++--
 .../settings/data-sources/CreateBase.vue      |  2 +-
 .../settings/data-sources/EditBase.vue        |  7 +++++
 .../nc-gui/components/project/AllTables.vue   |  4 +--
 .../nc-gui/components/smartsheet/Details.vue  |  1 -
 .../nc-gui/components/smartsheet/Form.vue     |  1 -
 .../nc-gui/components/smartsheet/Gallery.vue  |  1 -
 .../nc-gui/components/smartsheet/Kanban.vue   |  1 -
 .../smartsheet/calendar/DayView/DateField.vue |  1 -
 .../calendar/DayView/DateTimeField.vue        |  1 -
 .../smartsheet/calendar/MonthView.vue         |  1 -
 .../smartsheet/calendar/SideMenu.vue          |  1 -
 .../calendar/WeekView/DateField.vue           |  1 -
 .../smartsheet/column/EditOrAdd.vue           |  1 -
 .../smartsheet/expanded-form/Comments.vue     |  1 -
 .../smartsheet/expanded-form/index.vue        |  1 -
 .../components/smartsheet/header/Cell.vue     |  1 -
 .../components/smartsheet/header/Menu.vue     | 13 ++++++--
 .../smartsheet/header/VirtualCell.vue         |  1 -
 .../smartsheet/sidebar/RenameableMenuItem.vue |  1 -
 .../toolbar/KanbanStackEditOrAdd.vue          |  2 --
 .../smartsheet/toolbar/MoreActions.vue        |  1 -
 .../smartsheet/toolbar/ShareView.vue          |  1 -
 .../smartsheet/toolbar/ViewActionMenu.vue     |  1 -
 .../smartsheet/toolbar/ViewActions.vue        |  1 -
 .../smartsheet/topbar/SelectMode.vue          |  2 --
 .../nc-gui/components/tabs/Smartsheet.vue     |  2 +-
 .../components/virtual-cell/BelongsTo.vue     |  1 -
 .../components/virtual-cell/HasMany.vue       |  1 -
 .../nc-gui/components/virtual-cell/Links.vue  |  1 -
 .../components/virtual-cell/ManyToMany.vue    |  1 -
 .../components/virtual-cell/OneToOne.vue      |  1 -
 .../virtual-cell/components/ItemChip.vue      |  1 -
 .../composables/useCalendarViewStore.ts       |  1 -
 .../nc-gui/composables/useKanbanViewStore.ts  |  1 -
 .../nc-gui/composables/useMapViewDataStore.ts |  1 -
 packages/nc-gui/composables/useRoles/index.ts | 15 ++++++----
 packages/nc-gui/composables/useViewColumns.ts |  1 -
 packages/nc-gui/composables/useViewData.ts    |  1 -
 packages/nc-gui/composables/useViewGroupBy.ts |  1 -
 packages/nc-gui/lib/acl.ts                    | 30 ++++++++++++++++++-
 packages/nocodb/src/helpers/catchError.ts     |  8 +++++
 packages/nocodb/src/models/Source.ts          |  4 +++
 .../export-import/duplicate.controller.ts     | 21 ++++++++++++-
 packages/nocodb/src/services/forms.service.ts | 10 +++++--
 .../src/services/public-datas.service.ts      |  9 ++++--
 packages/nocodb/src/utils/acl.ts              | 12 ++++++--
 55 files changed, 129 insertions(+), 69 deletions(-)

diff --git a/packages/nc-gui/components/cell/MultiSelect.vue b/packages/nc-gui/components/cell/MultiSelect.vue
index b3bc690052..3a625e8c24 100644
--- a/packages/nc-gui/components/cell/MultiSelect.vue
+++ b/packages/nc-gui/components/cell/MultiSelect.vue
@@ -6,7 +6,6 @@ import type { SelectOptionType, SelectOptionsType } from 'nocodb-sdk'
 import type { FormFieldsLimitOptionsType } from '~/lib/types'
 import MdiCloseCircle from '~icons/mdi/close-circle'
 
-
 interface Props {
   modelValue?: string | string[]
   rowIndex?: number
diff --git a/packages/nc-gui/components/cell/SingleSelect.vue b/packages/nc-gui/components/cell/SingleSelect.vue
index d961824e76..5852a9dcbf 100644
--- a/packages/nc-gui/components/cell/SingleSelect.vue
+++ b/packages/nc-gui/components/cell/SingleSelect.vue
@@ -5,7 +5,6 @@ import tinycolor from 'tinycolor2'
 import type { SelectOptionType } from 'nocodb-sdk'
 import type { FormFieldsLimitOptionsType } from '~/lib/types'
 
-
 interface Props {
   modelValue?: string | undefined
   rowIndex?: number
diff --git a/packages/nc-gui/components/cell/attachment/Modal.vue b/packages/nc-gui/components/cell/attachment/Modal.vue
index 5e2c97c3a8..4af4ec4526 100644
--- a/packages/nc-gui/components/cell/attachment/Modal.vue
+++ b/packages/nc-gui/components/cell/attachment/Modal.vue
@@ -3,7 +3,6 @@ import { onKeyDown, useEventListener } from '@vueuse/core'
 import { useAttachmentCell } from './utils'
 import { useSortable } from './sort'
 
-
 const { isUIAllowed } = useRoles()
 
 const {
diff --git a/packages/nc-gui/components/cell/attachment/index.vue b/packages/nc-gui/components/cell/attachment/index.vue
index 0b0e084693..a95f1c4da8 100644
--- a/packages/nc-gui/components/cell/attachment/index.vue
+++ b/packages/nc-gui/components/cell/attachment/index.vue
@@ -3,7 +3,6 @@ import { onKeyDown } from '@vueuse/core'
 import { useProvideAttachmentCell } from './utils'
 import { useSortable } from './sort'
 
-
 interface Props {
   modelValue?: string | Record<string, any>[] | null
   rowIndex?: number
diff --git a/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue b/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue
index b08e907752..28f94f6a0c 100644
--- a/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue
+++ b/packages/nc-gui/components/dashboard/Sidebar/TopSection.vue
@@ -1,6 +1,4 @@
 <script setup lang="ts">
-
-
 const workspaceStore = useWorkspace()
 const baseStore = useBase()
 
diff --git a/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue b/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
index a33d87a5a2..40254e339d 100644
--- a/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
@@ -5,7 +5,6 @@ import { toRef } from '@vue/reactivity'
 import { resolveComponent } from '@vue/runtime-core'
 import { ref } from 'vue'
 
-
 const props = withDefaults(
   defineProps<{
     base: BaseType
@@ -192,7 +191,7 @@ function openTableCreateMagicDialog(sourceId?: string) {
             </a-menu-item>
 
             <a-menu-item
-              v-if="isUIAllowed('excelImport', { roles: baseRole })"
+              v-if="isUIAllowed('excelImport', { roles: baseRole, source: base.sources[sourceIndex] })"
               key="quick-import-excel"
               @click="openQuickImportDialog('excel', base.sources[sourceIndex].id)"
             >
diff --git a/packages/nc-gui/components/dashboard/TreeView/CreateViewBtn.vue b/packages/nc-gui/components/dashboard/TreeView/CreateViewBtn.vue
index b0a8057426..b87270b07a 100644
--- a/packages/nc-gui/components/dashboard/TreeView/CreateViewBtn.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/CreateViewBtn.vue
@@ -1,10 +1,11 @@
 <script lang="ts" setup>
-import type { ViewType } from 'nocodb-sdk'
+import { SourceRestriction, type ViewType } from 'nocodb-sdk'
 import { ViewTypes } from 'nocodb-sdk'
 
 const props = defineProps<{
   // Prop used to align the dropdown to the left in sidebar
   alignLeftLevel: number | undefined
+  source: Source
 }>()
 
 const { $e } = useNuxtApp()
@@ -125,7 +126,7 @@ async function onOpenModal({
           </div>
         </NcMenuItem>
 
-        <NcMenuItem @click="onOpenModal({ type: ViewTypes.FORM })">
+        <NcMenuItem v-if="!source.meta?.[SourceRestriction.DATA_READONLY]" @click="onOpenModal({ type: ViewTypes.FORM })">
           <div class="item" data-testid="sidebar-view-create-form">
             <div class="item-inner">
               <GeneralViewIcon :meta="{ type: ViewTypes.FORM }" />
diff --git a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
index 8893e2da0d..d6fd5f3bb1 100644
--- a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
@@ -101,7 +101,9 @@ const baseViewOpen = computed(() => {
 })
 
 const showBaseOption = computed(() => {
-  return ['airtableImport', 'csvImport', 'jsonImport', 'excelImport'].some((permission) => isUIAllowed(permission))
+  return ['airtableImport', 'csvImport', 'jsonImport', 'excelImport'].some((permission) =>
+    isUIAllowed(permission, { skipSourceCheck: true }),
+  )
 })
 
 const enableEditMode = () => {
diff --git a/packages/nc-gui/components/dashboard/TreeView/ViewsList.vue b/packages/nc-gui/components/dashboard/TreeView/ViewsList.vue
index a4c90a6db7..1409af7fbd 100644
--- a/packages/nc-gui/components/dashboard/TreeView/ViewsList.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/ViewsList.vue
@@ -75,13 +75,14 @@ function markItem(id: string) {
   }, 300)
 }
 
+const source = computed(() => base.value?.sources?.find((b) => b.id === table.value.source_id))
+
 const isDefaultSource = computed(() => {
   if (base.value?.sources?.length === 1) return true
 
-  const source = base.value?.sources?.find((b) => b.id === table.value.source_id)
-  if (!source) return false
+  if (!source.value) return false
 
-  return isDefaultBase(source)
+  return isDefaultBase(source.value)
 })
 
 /** validate view title */
@@ -406,6 +407,7 @@ function onOpenModal({
         '!pl-13.3 !xs:(pl-13.5)': isDefaultSource,
         '!pl-18.6 !xs:(pl-20)': !isDefaultSource,
       }"
+      :source="source"
     >
       <div
         :class="{
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index 45c88308d8..0ee0a30cea 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -1,6 +1,7 @@
 <script lang="ts" setup>
 import { Form, message } from 'ant-design-vue'
 import type { SelectHandler } from 'ant-design-vue/es/vc-select/Select'
+import { SourceRestriction } from 'nocodb-sdk'
 import {
   type CertTypes,
   ClientType,
@@ -10,7 +11,6 @@ import {
   SSLUsage,
   clientTypes as _clientTypes,
 } from '#imports'
-import {SourceRestriction} from "nocodb-sdk";
 
 const props = defineProps<{ open: boolean; connectionType?: ClientType }>()
 
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
index 6eb32c12b4..1584a38388 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
@@ -1,5 +1,6 @@
 <script lang="ts" setup>
 import type { SourceType } from 'nocodb-sdk'
+import { SourceRestriction } from 'nocodb-sdk'
 import { Form, message } from 'ant-design-vue'
 import type { SelectHandler } from 'ant-design-vue/es/vc-select/Select'
 import {
@@ -60,6 +61,10 @@ const formState = ref<ProjectCreateForm>({
   },
   sslUse: SSLUsage.No,
   extraParameters: [],
+  meta: {
+    [SourceRestriction.META_READONLY]: true,
+    [SourceRestriction.DATA_READONLY]: false,
+  },
 })
 
 const customFormState = ref<ProjectCreateForm>({
@@ -232,6 +237,7 @@ const editBase = async () => {
       config,
       inflection_column: formState.value.inflection.inflectionColumn,
       inflection_table: formState.value.inflection.inflectionTable,
+      meta: formState.value.meta || {},
     })
 
     $e('a:source:edit:extdb')
@@ -343,6 +349,7 @@ onMounted(async () => {
       },
       extraParameters: tempParameters,
       sslUse: SSLUsage.No,
+      meta: activeBase.meta || {},
     }
     updateSSLUse()
   }
diff --git a/packages/nc-gui/components/project/AllTables.vue b/packages/nc-gui/components/project/AllTables.vue
index 32e52c5526..66fc484752 100644
--- a/packages/nc-gui/components/project/AllTables.vue
+++ b/packages/nc-gui/components/project/AllTables.vue
@@ -76,7 +76,7 @@ function openTableCreateDialog(baseIndex?: number | undefined) {
       }"
     >
       <div
-        v-if="isUIAllowed('tableCreate', {source: openedProject?.sources?.[0]})"
+        v-if="isUIAllowed('tableCreate', { source: openedProject?.sources?.[0] })"
         role="button"
         class="nc-base-view-all-table-btn"
         data-testid="proj-view-btn__add-new-table"
@@ -86,7 +86,7 @@ function openTableCreateDialog(baseIndex?: number | undefined) {
         <div class="label">{{ $t('general.new') }} {{ $t('objects.table') }}</div>
       </div>
       <div
-        v-if="isUIAllowed('tableCreate', {source: openedProject?.sources?.[0]})"
+        v-if="isUIAllowed('tableCreate', { source: openedProject?.sources?.[0] })"
         v-e="['c:table:import']"
         role="button"
         class="nc-base-view-all-table-btn"
diff --git a/packages/nc-gui/components/smartsheet/Details.vue b/packages/nc-gui/components/smartsheet/Details.vue
index 89129c499e..c9ac4c421d 100644
--- a/packages/nc-gui/components/smartsheet/Details.vue
+++ b/packages/nc-gui/components/smartsheet/Details.vue
@@ -1,7 +1,6 @@
 <script setup lang="ts">
 import { LoadingOutlined } from '@ant-design/icons-vue'
 
-
 const { openedViewsTab } = storeToRefs(useViewsStore())
 const { onViewsTabChange } = useViewsStore()
 
diff --git a/packages/nc-gui/components/smartsheet/Form.vue b/packages/nc-gui/components/smartsheet/Form.vue
index ccae14f006..16c00d6191 100644
--- a/packages/nc-gui/components/smartsheet/Form.vue
+++ b/packages/nc-gui/components/smartsheet/Form.vue
@@ -16,7 +16,6 @@ import {
 } from 'nocodb-sdk'
 import type { ImageCropperConfig } from '~/lib/types'
 
-
 provide(IsFormInj, ref(true))
 provide(IsGalleryInj, ref(false))
 
diff --git a/packages/nc-gui/components/smartsheet/Gallery.vue b/packages/nc-gui/components/smartsheet/Gallery.vue
index 5b026edae9..53260cc72e 100644
--- a/packages/nc-gui/components/smartsheet/Gallery.vue
+++ b/packages/nc-gui/components/smartsheet/Gallery.vue
@@ -2,7 +2,6 @@
 import { ViewTypes, isVirtualCol } from 'nocodb-sdk'
 import type { Row as RowType } from '#imports'
 
-
 interface Attachment {
   url: string
 }
diff --git a/packages/nc-gui/components/smartsheet/Kanban.vue b/packages/nc-gui/components/smartsheet/Kanban.vue
index 5eb22a6d5f..d9205cc5f9 100644
--- a/packages/nc-gui/components/smartsheet/Kanban.vue
+++ b/packages/nc-gui/components/smartsheet/Kanban.vue
@@ -5,7 +5,6 @@ import tinycolor from 'tinycolor2'
 import { ViewTypes, isVirtualCol } from 'nocodb-sdk'
 import type { Row as RowType } from '#imports'
 
-
 interface Attachment {
   url: string
 }
diff --git a/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue b/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue
index 8ba4bcb3db..b49663127c 100644
--- a/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/DayView/DateField.vue
@@ -2,7 +2,6 @@
 import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
 
-
 const emit = defineEmits(['expandRecord', 'newRecord'])
 
 const meta = inject(MetaInj, ref())
diff --git a/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue b/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
index be37e3f549..5701131615 100644
--- a/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
@@ -2,7 +2,6 @@
 import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
 
-
 const emit = defineEmits(['expandRecord', 'newRecord'])
 
 const {
diff --git a/packages/nc-gui/components/smartsheet/calendar/MonthView.vue b/packages/nc-gui/components/smartsheet/calendar/MonthView.vue
index bc1112e097..d6a2388cac 100644
--- a/packages/nc-gui/components/smartsheet/calendar/MonthView.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/MonthView.vue
@@ -3,7 +3,6 @@ import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
 import { UITypes } from 'nocodb-sdk'
 
-
 const emit = defineEmits(['newRecord', 'expandRecord'])
 
 const {
diff --git a/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue b/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue
index 22ee072791..cdaa03a3ba 100644
--- a/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/SideMenu.vue
@@ -3,7 +3,6 @@ import type { VNodeRef } from '@vue/runtime-core'
 import { UITypes } from 'nocodb-sdk'
 import dayjs from 'dayjs'
 
-
 const props = defineProps<{
   visible: boolean
 }>()
diff --git a/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue b/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue
index eed0c41f3f..8071b26605 100644
--- a/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/WeekView/DateField.vue
@@ -3,7 +3,6 @@ import dayjs from 'dayjs'
 import type { ColumnType } from 'nocodb-sdk'
 import type { Row } from '~/lib/types'
 
-
 const emits = defineEmits(['expandRecord', 'newRecord'])
 
 const {
diff --git a/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue b/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
index 8d9893beb2..495d2aee12 100644
--- a/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
+++ b/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
@@ -1,7 +1,6 @@
 <script lang="ts" setup>
 import type { ColumnReqType, ColumnType } from 'nocodb-sdk'
 import { UITypes, UITypesName, isLinksOrLTAR, isSelfReferencingTableColumn, isSystemColumn, isVirtualCol } from 'nocodb-sdk'
-
 import MdiPlusIcon from '~icons/mdi/plus-circle-outline'
 import MdiMinusIcon from '~icons/mdi/minus-circle-outline'
 import MdiIdentifierIcon from '~icons/mdi/identifier'
diff --git a/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue b/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue
index 274097e1c2..aca4c7b6f2 100644
--- a/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue
+++ b/packages/nc-gui/components/smartsheet/expanded-form/Comments.vue
@@ -1,7 +1,6 @@
 <script setup lang="ts">
 import { type CommentType, ProjectRoles } from 'nocodb-sdk'
 
-
 const props = defineProps<{
   loading: boolean
   primaryKey: string | null
diff --git a/packages/nc-gui/components/smartsheet/expanded-form/index.vue b/packages/nc-gui/components/smartsheet/expanded-form/index.vue
index a3b8a3c87e..fde52241f8 100644
--- a/packages/nc-gui/components/smartsheet/expanded-form/index.vue
+++ b/packages/nc-gui/components/smartsheet/expanded-form/index.vue
@@ -13,7 +13,6 @@ import { Drawer } from 'ant-design-vue'
 import NcModal from '../../nc/Modal.vue'
 import MdiChevronDown from '~icons/mdi/chevron-down'
 
-
 interface Props {
   modelValue?: boolean
   state?: Record<string, any> | null
diff --git a/packages/nc-gui/components/smartsheet/header/Cell.vue b/packages/nc-gui/components/smartsheet/header/Cell.vue
index fd9a1e1d7a..cfffcd3e81 100644
--- a/packages/nc-gui/components/smartsheet/header/Cell.vue
+++ b/packages/nc-gui/components/smartsheet/header/Cell.vue
@@ -2,7 +2,6 @@
 import type { ColumnReqType, ColumnType } from 'nocodb-sdk'
 import { UITypes, UITypesName } from 'nocodb-sdk'
 
-
 interface Props {
   column: ColumnType
   required?: boolean | number
diff --git a/packages/nc-gui/components/smartsheet/header/Menu.vue b/packages/nc-gui/components/smartsheet/header/Menu.vue
index c7661b1606..94c7f6b594 100644
--- a/packages/nc-gui/components/smartsheet/header/Menu.vue
+++ b/packages/nc-gui/components/smartsheet/header/Menu.vue
@@ -43,6 +43,8 @@ const { gridViewCols } = useViewColumnsOrThrow()
 
 const { fieldsToGroupBy, groupByLimit } = useViewGroupByOrThrow(view)
 
+const { isUIAllowed } = useRoles()
+
 const isLoading = ref<'' | 'hideOrShow' | 'setDisplay'>('')
 
 const setAsDisplayValue = async () => {
@@ -374,7 +376,7 @@ const filterOrGroupByThisField = (event: SmartsheetStoreEvents) => {
           'min-w-[256px]': isExpandedForm,
         }"
       >
-        <NcMenuItem :disabled="column?.pk || isSystemColumn(column)" @click="onEditPress">
+        <NcMenuItem v-if="isUIAllowed('fieldAlter')" :disabled="column?.pk || isSystemColumn(column)" @click="onEditPress">
           <div class="nc-column-edit nc-header-menu-item">
             <component :is="iconMap.ncEdit" class="text-gray-700" />
             <!-- Edit -->
@@ -388,7 +390,7 @@ const filterOrGroupByThisField = (event: SmartsheetStoreEvents) => {
             {{ t('general.duplicate') }}
           </div>
         </NcMenuItem>
-        <a-divider v-if="!column?.pv" class="!my-0" />
+        <a-divider v-if="isUIAllowed('fieldAlter') && !column?.pv" class="!my-0" />
         <NcMenuItem v-if="!column?.pv" @click="hideOrShowField">
           <div v-e="['a:field:hide']" class="nc-column-insert-before nc-header-menu-item">
             <GeneralLoader v-if="isLoading === 'hideOrShow'" size="regular" />
@@ -514,7 +516,12 @@ const filterOrGroupByThisField = (event: SmartsheetStoreEvents) => {
         </template>
         <a-divider v-if="!column?.pv" class="!my-0" />
 
-        <NcMenuItem v-if="!column?.pv" :disabled="!isDeleteAllowed" class="!hover:bg-red-50" @click="handleDelete">
+        <NcMenuItem
+          v-if="!column?.pv && isUIAllowed('fieldDelete')"
+          :disabled="!isDeleteAllowed"
+          class="!hover:bg-red-50"
+          @click="handleDelete"
+        >
           <div class="nc-column-delete nc-header-menu-item text-red-600">
             <component :is="iconMap.delete" />
             <!-- Delete -->
diff --git a/packages/nc-gui/components/smartsheet/header/VirtualCell.vue b/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
index d86bc459e4..d0bbd6437e 100644
--- a/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
+++ b/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
@@ -10,7 +10,6 @@ import {
 } from 'nocodb-sdk'
 import { RelationTypes, UITypes, UITypesName, substituteColumnIdWithAliasInFormula } from 'nocodb-sdk'
 
-
 const props = defineProps<{
   column: ColumnType
   hideMenu?: boolean
diff --git a/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue b/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue
index de73a6049e..a77836ab79 100644
--- a/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue
+++ b/packages/nc-gui/components/smartsheet/sidebar/RenameableMenuItem.vue
@@ -3,7 +3,6 @@ import type { VNodeRef } from '@vue/runtime-core'
 import type { KanbanType, ViewType, ViewTypes } from 'nocodb-sdk'
 import type { WritableComputedRef } from '@vue/reactivity'
 
-
 interface Props {
   view: ViewType
   onValidate: (view: ViewType) => boolean | string
diff --git a/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue b/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue
index c481ceb18d..157b5d79c0 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/KanbanStackEditOrAdd.vue
@@ -1,6 +1,4 @@
 <script setup lang="ts">
-
-
 const { isUIAllowed } = useRoles()
 
 const { groupingFieldColumn } = useKanbanViewStoreOrThrow()
diff --git a/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue b/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue
index 308dd2b1ef..1711bb8159 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/MoreActions.vue
@@ -4,7 +4,6 @@ import { ExportTypes } from 'nocodb-sdk'
 import { saveAs } from 'file-saver'
 import * as XLSX from 'xlsx'
 
-
 const { t } = useI18n()
 
 const sharedViewListDlg = ref(false)
diff --git a/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue b/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue
index b2a334343e..4acfd07706 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/ShareView.vue
@@ -3,7 +3,6 @@ import { ViewTypes } from 'nocodb-sdk'
 import { isString } from '@vue/shared'
 import tinycolor from 'tinycolor2'
 
-
 const { t } = useI18n()
 
 const { view, $api } = useSmartsheetStoreOrThrow()
diff --git a/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue b/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
index 9239d271c2..c26f6d8234 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
@@ -3,7 +3,6 @@ import type { TableType, ViewType } from 'nocodb-sdk'
 import { ViewTypes } from 'nocodb-sdk'
 import { LockType } from '#imports'
 
-
 const props = withDefaults(
   defineProps<{
     view: ViewType
diff --git a/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue b/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue
index 25f5b2bf60..491c025ced 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/ViewActions.vue
@@ -2,7 +2,6 @@
 import type { Ref } from '@vue/reactivity'
 import { LockType } from '#imports'
 
-
 const { t } = useI18n()
 
 const sharedViewListDlg = ref(false)
diff --git a/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue b/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue
index 7b6b700f3d..88e8f5a7ea 100644
--- a/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue
+++ b/packages/nc-gui/components/smartsheet/topbar/SelectMode.vue
@@ -1,6 +1,4 @@
 <script lang="ts" setup>
-
-
 const { openedViewsTab, activeView } = storeToRefs(useViewsStore())
 
 const { isUIAllowed } = useRoles()
diff --git a/packages/nc-gui/components/tabs/Smartsheet.vue b/packages/nc-gui/components/tabs/Smartsheet.vue
index 929818afa5..c898c54cb2 100644
--- a/packages/nc-gui/components/tabs/Smartsheet.vue
+++ b/packages/nc-gui/components/tabs/Smartsheet.vue
@@ -64,7 +64,7 @@ provide(
   computed(
     () =>
       !isUIAllowed('dataEdit', {
-        source: activeSource.value,
+        skipSourceCheck: true,
       }),
   ),
 )
diff --git a/packages/nc-gui/components/virtual-cell/BelongsTo.vue b/packages/nc-gui/components/virtual-cell/BelongsTo.vue
index c4a54885f2..2930e32ecc 100644
--- a/packages/nc-gui/components/virtual-cell/BelongsTo.vue
+++ b/packages/nc-gui/components/virtual-cell/BelongsTo.vue
@@ -2,7 +2,6 @@
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 
-
 const column = inject(ColumnInj)!
 
 const reloadRowTrigger = inject(ReloadRowDataHookInj, createEventHook())
diff --git a/packages/nc-gui/components/virtual-cell/HasMany.vue b/packages/nc-gui/components/virtual-cell/HasMany.vue
index 6b51262188..731759575e 100644
--- a/packages/nc-gui/components/virtual-cell/HasMany.vue
+++ b/packages/nc-gui/components/virtual-cell/HasMany.vue
@@ -3,7 +3,6 @@ import type { ColumnType } from 'nocodb-sdk'
 import { isSystemColumn } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 
-
 const column = inject(ColumnInj)!
 
 const cellValue = inject(CellValueInj)!
diff --git a/packages/nc-gui/components/virtual-cell/Links.vue b/packages/nc-gui/components/virtual-cell/Links.vue
index 4339facc53..a37989055c 100644
--- a/packages/nc-gui/components/virtual-cell/Links.vue
+++ b/packages/nc-gui/components/virtual-cell/Links.vue
@@ -4,7 +4,6 @@ import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 import { ref } from 'vue'
 
-
 const value = inject(CellValueInj, ref(0))
 
 const column = inject(ColumnInj)!
diff --git a/packages/nc-gui/components/virtual-cell/ManyToMany.vue b/packages/nc-gui/components/virtual-cell/ManyToMany.vue
index 9f1bc111be..32ee6e3a1b 100644
--- a/packages/nc-gui/components/virtual-cell/ManyToMany.vue
+++ b/packages/nc-gui/components/virtual-cell/ManyToMany.vue
@@ -2,7 +2,6 @@
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 
-
 const column = inject(ColumnInj)!
 
 const row = inject(RowInj)!
diff --git a/packages/nc-gui/components/virtual-cell/OneToOne.vue b/packages/nc-gui/components/virtual-cell/OneToOne.vue
index 2a6e41100d..03bd03013d 100644
--- a/packages/nc-gui/components/virtual-cell/OneToOne.vue
+++ b/packages/nc-gui/components/virtual-cell/OneToOne.vue
@@ -2,7 +2,6 @@
 import type { ColumnType } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 
-
 const column = inject(ColumnInj)!
 
 const reloadRowTrigger = inject(ReloadRowDataHookInj, createEventHook())
diff --git a/packages/nc-gui/components/virtual-cell/components/ItemChip.vue b/packages/nc-gui/components/virtual-cell/components/ItemChip.vue
index 2b5af552ee..1a2926e38c 100644
--- a/packages/nc-gui/components/virtual-cell/components/ItemChip.vue
+++ b/packages/nc-gui/components/virtual-cell/components/ItemChip.vue
@@ -2,7 +2,6 @@
 import type { ColumnType } from 'nocodb-sdk'
 import { UITypes, isVirtualCol } from 'nocodb-sdk'
 
-
 interface Props {
   value: string | number | boolean
   item: any
diff --git a/packages/nc-gui/composables/useCalendarViewStore.ts b/packages/nc-gui/composables/useCalendarViewStore.ts
index 3b04470591..fe040d4593 100644
--- a/packages/nc-gui/composables/useCalendarViewStore.ts
+++ b/packages/nc-gui/composables/useCalendarViewStore.ts
@@ -3,7 +3,6 @@ import type { Api, CalendarRangeType, CalendarType, ColumnType, PaginatedType, T
 import { UITypes } from 'nocodb-sdk'
 import dayjs from 'dayjs'
 
-
 const formatData = (list: Record<string, any>[]) =>
   list.map(
     (row) =>
diff --git a/packages/nc-gui/composables/useKanbanViewStore.ts b/packages/nc-gui/composables/useKanbanViewStore.ts
index 9e56ed2b4c..f33165e3ac 100644
--- a/packages/nc-gui/composables/useKanbanViewStore.ts
+++ b/packages/nc-gui/composables/useKanbanViewStore.ts
@@ -1,7 +1,6 @@
 import type { ComputedRef, Ref } from 'vue'
 import type { Api, ColumnType, KanbanType, SelectOptionType, SelectOptionsType, TableType, ViewType } from 'nocodb-sdk'
 
-
 type GroupingFieldColOptionsType = SelectOptionType & { collapsed: boolean }
 
 const [useProvideKanbanViewStore, useKanbanViewStore] = useInjectionState(
diff --git a/packages/nc-gui/composables/useMapViewDataStore.ts b/packages/nc-gui/composables/useMapViewDataStore.ts
index 72474fc76d..c587aec3bf 100644
--- a/packages/nc-gui/composables/useMapViewDataStore.ts
+++ b/packages/nc-gui/composables/useMapViewDataStore.ts
@@ -1,7 +1,6 @@
 import type { ComputedRef, Ref } from 'vue'
 import type { ColumnType, MapType, PaginatedType, TableType, ViewType } from 'nocodb-sdk'
 
-
 const formatData = (list: Record<string, any>[]) =>
   list.map(
     (row) =>
diff --git a/packages/nc-gui/composables/useRoles/index.ts b/packages/nc-gui/composables/useRoles/index.ts
index a7d23a23af..dd1e4c2141 100644
--- a/packages/nc-gui/composables/useRoles/index.ts
+++ b/packages/nc-gui/composables/useRoles/index.ts
@@ -1,6 +1,7 @@
 import { isString } from '@vue/shared'
 import { type Roles, type RolesObj, SourceRestriction, type SourceType, type WorkspaceUserRoles } from 'nocodb-sdk'
 import { extractRolesObj } from 'nocodb-sdk'
+import type { MaybeRef } from 'vue'
 
 const hasPermission = (role: Exclude<Roles, WorkspaceUserRoles>, hasRole: boolean, permission: Permission | string) => {
   const rolePermission = rolePermissions[role]
@@ -131,7 +132,8 @@ export const useRolesShared = createSharedComposable(() => {
     permission: Permission | string,
     args: {
       roles?: string | Record<string, boolean> | string[] | null
-      source?: SourceType & { meta?: Record<string, any> }
+      source?: MaybeRef<SourceType & { meta?: Record<string, any> }>
+      skipSourceCheck?: boolean
     } = {},
   ) => {
     const { roles } = args
@@ -146,13 +148,14 @@ export const useRolesShared = createSharedComposable(() => {
 
     // check source level restrictions
     if (
-      sourceRestrictions[SourceRestriction.DATA_READONLY][permission] ||
-      sourceRestrictions[SourceRestriction.META_READONLY][permission]
+      !args.skipSourceCheck &&
+      (sourceRestrictions[SourceRestriction.DATA_READONLY][permission] ||
+        sourceRestrictions[SourceRestriction.META_READONLY][permission])
     ) {
       const source = unref(args.source || null)
 
       if (!source) {
-        console.warn('Source not found', permission, new Error().stack)
+        console.warn('Source reference not found', permission)
         return false
       }
 
@@ -172,6 +175,8 @@ export const useRolesShared = createSharedComposable(() => {
   return { allRoles, orgRoles, workspaceRoles, baseRoles, loadRoles, isUIAllowed }
 })
 
+type IsUIAllowedParams = Parameters<ReturnType<typeof useRolesShared>['isUIAllowed']>
+
 /**
  * Wrap the default shared composable to inject the current source if available
  * which will be used to determine if a user has permission to perform an action based on the source's restrictions
@@ -182,7 +187,7 @@ export const useRoles = () => {
 
   return {
     ...useRolesRes,
-    isUIAllowed: (...args: Parameters<ReturnType<typeof useRoles>['isUIAllowed']>) => {
+    isUIAllowed: (...args: IsUIAllowedParams) => {
       return useRolesRes.isUIAllowed(args[0], { source: currentSource, ...(args[1] || {}) })
     },
   }
diff --git a/packages/nc-gui/composables/useViewColumns.ts b/packages/nc-gui/composables/useViewColumns.ts
index f768f6fb1d..6fc4b1acba 100644
--- a/packages/nc-gui/composables/useViewColumns.ts
+++ b/packages/nc-gui/composables/useViewColumns.ts
@@ -2,7 +2,6 @@ import type { ColumnType, GridColumnReqType, GridColumnType, MapType, TableType,
 import { ViewTypes, isHiddenCol, isSystemColumn } from 'nocodb-sdk'
 import type { ComputedRef, Ref } from 'vue'
 
-
 const [useProvideViewColumns, useViewColumns] = useInjectionState(
   (
     view: Ref<ViewType | undefined>,
diff --git a/packages/nc-gui/composables/useViewData.ts b/packages/nc-gui/composables/useViewData.ts
index 69e9d15ea3..be5c5a8c0b 100644
--- a/packages/nc-gui/composables/useViewData.ts
+++ b/packages/nc-gui/composables/useViewData.ts
@@ -4,7 +4,6 @@ import type { Api, ColumnType, FormColumnType, FormType, GalleryType, PaginatedT
 import type { ComputedRef, Ref } from 'vue'
 import { NavigateDir } from '#imports'
 
-
 const formatData = (list: Record<string, any>[]) =>
   list.map((row) => ({
     row: { ...row },
diff --git a/packages/nc-gui/composables/useViewGroupBy.ts b/packages/nc-gui/composables/useViewGroupBy.ts
index b4136cc5cd..c8c0f7de60 100644
--- a/packages/nc-gui/composables/useViewGroupBy.ts
+++ b/packages/nc-gui/composables/useViewGroupBy.ts
@@ -3,7 +3,6 @@ import { UITypes } from 'nocodb-sdk'
 import type { Ref } from 'vue'
 import { message } from 'ant-design-vue'
 
-
 const excludedGroupingUidt = [UITypes.Attachment, UITypes.QrCode, UITypes.Barcode]
 
 const [useProvideViewGroupBy, useViewGroupBy] = useInjectionState(
diff --git a/packages/nc-gui/lib/acl.ts b/packages/nc-gui/lib/acl.ts
index 96351a9aa6..dbb587c1ba 100644
--- a/packages/nc-gui/lib/acl.ts
+++ b/packages/nc-gui/lib/acl.ts
@@ -1,4 +1,4 @@
-import { OrgUserRoles, ProjectRoles } from 'nocodb-sdk'
+import { OrgUserRoles, ProjectRoles, SourceRestriction } from 'nocodb-sdk'
 
 const roleScopes = {
   org: [OrgUserRoles.VIEWER, OrgUserRoles.CREATOR],
@@ -72,6 +72,8 @@ const rolePermissions = {
       newUser: true,
       webhook: true,
       fieldEdit: true,
+      fieldAlter: true,
+      fieldDelete: true,
       fieldAdd: true,
       tableIconEdit: true,
       viewCreateOrEdit: true,
@@ -117,6 +119,32 @@ const rolePermissions = {
   },
 } as Record<OrgUserRoles | ProjectRoles, Perm | '*'>
 
+// excluded/restricted permissions at source level based on source restriction
+// `true` means permission is restricted and `false`/missing means permission is allowed
+export const sourceRestrictions = {
+  [SourceRestriction.DATA_READONLY]: {
+    dataInsert: true,
+    dataEdit: true,
+    dataDelete: true,
+    airtableImport: true,
+    csvImport: true,
+    jsonImport: true,
+    excelImport: true,
+  },
+  [SourceRestriction.META_READONLY]: {
+    tableCreate: true,
+    tableRename: true,
+    tableDelete: true,
+    tableDuplicate: true,
+    airtableImport: true,
+    csvImport: true,
+    jsonImport: true,
+    excelImport: true,
+    fieldAdd: true,
+    fieldAlter: true,
+  },
+}
+
 /*
   We inherit include permissions from previous roles in the same scope (role order)
   To determine role order, we use `roleScopes` object
diff --git a/packages/nocodb/src/helpers/catchError.ts b/packages/nocodb/src/helpers/catchError.ts
index b43c46b39e..adb9018e43 100644
--- a/packages/nocodb/src/helpers/catchError.ts
+++ b/packages/nocodb/src/helpers/catchError.ts
@@ -809,4 +809,12 @@ export class NcError {
   static metaError(param: { message: string; sql: string }) {
     throw new MetaError(param);
   }
+
+  static sourceDataReadOnly(name: any) {
+    NcError.forbidden(`Source '${name}' is read-only`);
+  }
+
+  static sourceMetaReadOnly(name: any) {
+    NcError.forbidden(`Source '${name}' schema is read-only`);
+  }
 }
diff --git a/packages/nocodb/src/models/Source.ts b/packages/nocodb/src/models/Source.ts
index f5acae9011..09ad96c515 100644
--- a/packages/nocodb/src/models/Source.ts
+++ b/packages/nocodb/src/models/Source.ts
@@ -144,6 +144,10 @@ export default class Source implements SourceType {
       updateObj.type = oldSource.type;
     }
 
+    if ('meta' in updateObj) {
+      updateObj.meta = stringifyMetaProp(updateObj);
+    }
+
     // if order is missing (possible in old versions), get next order
     if (!oldSource.order && !updateObj.order) {
       updateObj.order = await ncMeta.metaGetNextOrder(MetaTable.BASES, {
diff --git a/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts b/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts
index c288f1d110..3b3174bfa4 100644
--- a/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts
+++ b/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts
@@ -8,7 +8,7 @@ import {
   Req,
   UseGuards,
 } from '@nestjs/common';
-import { ProjectStatus } from 'nocodb-sdk';
+import { ProjectStatus, SourceRestriction } from 'nocodb-sdk';
 import { GlobalGuard } from '~/guards/global/global.guard';
 import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware';
 import { BasesService } from '~/services/bases.service';
@@ -20,6 +20,7 @@ import { IJobsService } from '~/modules/jobs/jobs-service.interface';
 import { TenantContext } from '~/decorators/tenant-context.decorator';
 import { NcContext, NcRequest } from '~/interface/config';
 import { RootScopes } from '~/utils/globals';
+import { NcError } from '~/helpers/catchError';
 
 @Controller()
 @UseGuards(MetaApiLimiterGuard, GlobalGuard)
@@ -212,6 +213,14 @@ export class DuplicateController {
 
     const source = await Source.get(context, model.source_id);
 
+    // if data/schema is readonly, then restrict duplication
+    if (source.meta?.[SourceRestriction.META_READONLY]) {
+      NcError.sourceMetaReadOnly(source.alias);
+    }
+    if (source.meta?.[SourceRestriction.DATA_READONLY]) {
+      NcError.sourceDataReadOnly(source.alias);
+    }
+
     const models = await source.getModels(context);
 
     const uniqueTitle = generateUniqueName(
@@ -276,6 +285,16 @@ export class DuplicateController {
       throw new Error(`Model not found!`);
     }
 
+    const source = await Source.get(context, model.source_id);
+
+    // if data/schema is readonly, then restrict duplication
+    if (source.meta?.[SourceRestriction.META_READONLY]) {
+      NcError.sourceMetaReadOnly(source.alias);
+    }
+    if (source.meta?.[SourceRestriction.DATA_READONLY]) {
+      NcError.sourceDataReadOnly(source.alias);
+    }
+
     const job = await this.jobsService.add(JobTypes.DuplicateColumn, {
       context,
       baseId: base.id,
diff --git a/packages/nocodb/src/services/forms.service.ts b/packages/nocodb/src/services/forms.service.ts
index 40bd47b6ad..9d8b7bb568 100644
--- a/packages/nocodb/src/services/forms.service.ts
+++ b/packages/nocodb/src/services/forms.service.ts
@@ -1,5 +1,5 @@
 import { Injectable } from '@nestjs/common';
-import { AppEvents, ViewTypes } from 'nocodb-sdk';
+import { AppEvents, SourceRestriction, ViewTypes } from 'nocodb-sdk';
 import type {
   FormUpdateReqType,
   UserType,
@@ -9,7 +9,7 @@ import type { NcContext, NcRequest } from '~/interface/config';
 import { AppHooksService } from '~/services/app-hooks/app-hooks.service';
 import { validatePayload } from '~/helpers';
 import { NcError } from '~/helpers/catchError';
-import { FormView, Model, View } from '~/models';
+import { FormView, Model, Source, View } from '~/models';
 import NocoCache from '~/cache/NocoCache';
 import { CacheScope } from '~/utils/globals';
 
@@ -38,6 +38,12 @@ export class FormsService {
 
     const model = await Model.get(context, param.tableId);
 
+    const source = await Source.get(context, model.source_id);
+
+    if (source.meta?.[SourceRestriction.DATA_READONLY]) {
+      NcError.sourceDataReadOnly(source.alias);
+    }
+
     const { id } = await View.insertMetaOnly(
       context,
       {
diff --git a/packages/nocodb/src/services/public-datas.service.ts b/packages/nocodb/src/services/public-datas.service.ts
index f0eea37ed2..092b0074ff 100644
--- a/packages/nocodb/src/services/public-datas.service.ts
+++ b/packages/nocodb/src/services/public-datas.service.ts
@@ -1,7 +1,12 @@
 import path from 'path';
 import { Injectable } from '@nestjs/common';
 import { nanoid } from 'nanoid';
-import {populateUniqueFileName, SourceRestriction, UITypes, ViewTypes} from 'nocodb-sdk';
+import {
+  populateUniqueFileName,
+  SourceRestriction,
+  UITypes,
+  ViewTypes,
+} from 'nocodb-sdk';
 import slash from 'slash';
 import { nocoExecute } from 'nc-help';
 
@@ -295,7 +300,7 @@ export class PublicDatasService {
     const source = await Source.get(context, model.source_id);
 
     if (source?.meta?.[SourceRestriction.DATA_READONLY]) {
-      NcError.forbidden('Data insert is restricted');
+      NcError.sourceDataReadOnly(source.alias);
     }
 
     const base = await source.getProject(context);
diff --git a/packages/nocodb/src/utils/acl.ts b/packages/nocodb/src/utils/acl.ts
index 4b68dbc3ad..e048c70dbb 100644
--- a/packages/nocodb/src/utils/acl.ts
+++ b/packages/nocodb/src/utils/acl.ts
@@ -1,4 +1,4 @@
-import { OrgUserRoles, ProjectRoles } from 'nocodb-sdk';
+import { OrgUserRoles, ProjectRoles, SourceRestriction } from 'nocodb-sdk';
 
 const roleScopes = {
   org: [OrgUserRoles.VIEWER, OrgUserRoles.CREATOR],
@@ -457,13 +457,21 @@ export const sourceRestrictions = {
     dataInsert: true,
     dataEdit: true,
     dataDelete: true,
+    airtableImport: true,
+    csvImport: true,
+    jsonImport: true,
+    excelImport: true,
   },
   [SourceRestriction.META_READONLY]: {
     tableCreate: true,
     tableRename: true,
     tableDelete: true,
     tableDuplicate: true,
+    airtableImport: true,
+    csvImport: true,
+    jsonImport: true,
+    excelImport: true,
   },
-}
+};
 
 export default rolePermissions;

From 6c856f4f570c892f67ef16e64392b953d817ec5e Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:17 +0000
Subject: [PATCH 06/28] fix: error handling correction in middleware

---
 .../extract-ids/extract-ids.middleware.ts           | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
index e2a825b42b..1e0d04a135 100644
--- a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
+++ b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
@@ -70,6 +70,19 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
       const base = await Base.getByTitleOrId(context, params.baseName);
       if (base) {
         req.ncBaseId = base.id;
+        if (req.params.tableName) {
+          // extract model and then source id from model
+          const model = await Model.getByAliasOrId(context, {
+            base_id: base.id,
+            aliasOrId: req.params.tableName,
+          });
+
+          if (!model) {
+            NcError.tableNotFound(req.params.tableName);
+          }
+
+          req.ncSourceId = model?.source_id;
+        }
       }
     }
     if (params.baseId) {

From 82b89d1ffe5839163524d00312bd0a5a306d8392 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:17 +0000
Subject: [PATCH 07/28] fix: middleware corrections

---
 .../dashboard/TreeView/ProjectNode.vue        | 29 +++++++++--
 .../components/smartsheet/header/Menu.vue     |  6 ++-
 packages/nc-gui/lib/acl.ts                    |  5 ++
 .../extract-ids/extract-ids.middleware.ts     | 52 ++++++++++++++++++-
 4 files changed, 85 insertions(+), 7 deletions(-)

diff --git a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
index d6fd5f3bb1..b2cdb64e62 100644
--- a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
@@ -446,6 +446,10 @@ const onTableIdCopy = async () => {
     message.error(e.message)
   }
 }
+
+const getSource = (sourceId: string) => {
+  return base.value.sources?.find((s) => s.id === sourceId)
+}
 </script>
 
 <template>
@@ -633,7 +637,7 @@ const onTableIdCopy = async () => {
             </NcDropdown>
 
             <NcButton
-              v-if="isUIAllowed('tableCreate', { roles: baseRole })"
+              v-if="isUIAllowed('tableCreate', { roles: baseRole, source: base?.sources?.[0] })"
               v-e="['c:base:create-table']"
               :disabled="!base?.sources?.[0]?.enabled"
               class="nc-sidebar-node-btn"
@@ -886,9 +890,17 @@ const onTableIdCopy = async () => {
             </div>
           </NcTooltip>
 
-          <template v-if="isUIAllowed('tableRename') || isUIAllowed('tableDelete')">
+          <template
+            v-if="
+              isUIAllowed('tableRename', { source: getSource(contextMenuTarget.value?.source_id) }) ||
+              isUIAllowed('tableDelete', { source: getSource(contextMenuTarget.value?.source_id) })
+            "
+          >
             <NcDivider />
-            <NcMenuItem v-if="isUIAllowed('tableRename')" @click="openRenameTableDialog(contextMenuTarget.value, true)">
+            <NcMenuItem
+              v-if="isUIAllowed('tableRename', { source: getSource(contextMenuTarget.value?.source_id) })"
+              @click="openRenameTableDialog(contextMenuTarget.value, true)"
+            >
               <div v-e="['c:table:rename']" class="nc-base-option-item flex gap-2 items-center">
                 <GeneralIcon icon="rename" class="text-gray-700" />
                 {{ $t('general.rename') }} {{ $t('objects.table') }}
@@ -896,7 +908,10 @@ const onTableIdCopy = async () => {
             </NcMenuItem>
 
             <NcMenuItem
-              v-if="isUIAllowed('tableDuplicate') && (contextMenuBase?.is_meta || contextMenuBase?.is_local)"
+              v-if="
+                isUIAllowed('tableDuplicate', { source: getSource(contextMenuTarget.value?.source_id) }) &&
+                (contextMenuBase?.is_meta || contextMenuBase?.is_local)
+              "
               @click="duplicateTable(contextMenuTarget.value)"
             >
               <div v-e="['c:table:duplicate']" class="nc-base-option-item flex gap-2 items-center">
@@ -905,7 +920,11 @@ const onTableIdCopy = async () => {
               </div>
             </NcMenuItem>
             <NcDivider />
-            <NcMenuItem v-if="isUIAllowed('table-delete')" class="!hover:bg-red-50" @click="tableDelete">
+            <NcMenuItem
+              v-if="isUIAllowed('tableDelete', { source: getSource(contextMenuTarget.value?.source_id) })"
+              class="!hover:bg-red-50"
+              @click="tableDelete"
+            >
               <div class="nc-base-option-item flex gap-2 items-center text-red-600">
                 <GeneralIcon icon="delete" />
                 {{ $t('general.delete') }} {{ $t('objects.table') }}
diff --git a/packages/nc-gui/components/smartsheet/header/Menu.vue b/packages/nc-gui/components/smartsheet/header/Menu.vue
index 94c7f6b594..74bfb25eb7 100644
--- a/packages/nc-gui/components/smartsheet/header/Menu.vue
+++ b/packages/nc-gui/components/smartsheet/header/Menu.vue
@@ -383,7 +383,11 @@ const filterOrGroupByThisField = (event: SmartsheetStoreEvents) => {
             {{ $t('general.edit') }}
           </div>
         </NcMenuItem>
-        <NcMenuItem v-if="isExpandedForm && !column?.pk" :disabled="!isDuplicateAllowed" @click="openDuplicateDlg">
+        <NcMenuItem
+          v-if="isUIAllowed('duplicateColumn') && isExpandedForm && !column?.pk"
+          :disabled="!isDuplicateAllowed"
+          @click="openDuplicateDlg"
+        >
           <div v-e="['a:field:duplicate']" class="nc-column-duplicate nc-header-menu-item">
             <component :is="iconMap.duplicate" class="text-gray-700" />
             <!-- Duplicate -->
diff --git a/packages/nc-gui/lib/acl.ts b/packages/nc-gui/lib/acl.ts
index dbb587c1ba..503c81f052 100644
--- a/packages/nc-gui/lib/acl.ts
+++ b/packages/nc-gui/lib/acl.ts
@@ -130,6 +130,9 @@ export const sourceRestrictions = {
     csvImport: true,
     jsonImport: true,
     excelImport: true,
+    duplicateColumn: true,
+    duplicateModel: true,
+    tableDuplicate: true,
   },
   [SourceRestriction.META_READONLY]: {
     tableCreate: true,
@@ -142,6 +145,8 @@ export const sourceRestrictions = {
     excelImport: true,
     fieldAdd: true,
     fieldAlter: true,
+    duplicateColumn: true,
+    duplicateModel: true,
   },
 }
 
diff --git a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
index 1e0d04a135..f450e01f2c 100644
--- a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
+++ b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
@@ -1,6 +1,11 @@
 import { Injectable, SetMetadata, UseInterceptors } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
-import { extractRolesObj, OrgUserRoles, ProjectRoles } from 'nocodb-sdk';
+import {
+  extractRolesObj,
+  OrgUserRoles,
+  ProjectRoles,
+  SourceRestriction,
+} from 'nocodb-sdk';
 import { map } from 'rxjs';
 import type { Observable } from 'rxjs';
 import type {
@@ -28,6 +33,8 @@ import {
 import rolePermissions from '~/utils/acl';
 import { NcError } from '~/helpers/catchError';
 import { RootScopes } from '~/utils/globals';
+import { sourceRestrictions } from '~/utils/acl';
+import { Source } from '~/models';
 
 export const rolesLabel = {
   [OrgUserRoles.SUPER_ADMIN]: 'Super Admin',
@@ -455,6 +462,49 @@ export class AclMiddleware implements NestInterceptor {
       );
     }
 
+    // check if permission have source level permission restriction
+    // 1. Check if it's present in the source restriction list
+    // 2. If present, check if write permission is allowed
+    if (
+      sourceRestrictions[SourceRestriction.META_READONLY][permissionName] ||
+      sourceRestrictions[SourceRestriction.DATA_READONLY][permissionName]
+    ) {
+      let source: Source;
+
+      // if tableCreate and source ID is empty, then extract the default source from base
+      if (!req.ncSourceId && req.ncBaseId && permissionName === 'tableCreate') {
+        const sources = await Source.list(req.context, {
+          baseId: req.ncBaseId,
+        });
+        if (req.params.sourceId) {
+          source = sources.find((s) => s.id === req.params.sourceId);
+        } else {
+          source = sources.find((s) => s.isMeta());
+        }
+      } else if (req.ncSourceId) {
+        source = await Source.get(req.context, req.ncSourceId);
+      }
+
+      // todo: replace with better error and this is not an expected error
+      if (!source) {
+        NcError.notFound('Source not found or source id not extracted');
+      }
+
+      if (
+        source.meta?.[SourceRestriction.META_READONLY] &&
+        sourceRestrictions[SourceRestriction.META_READONLY][permissionName]
+      ) {
+        NcError.sourceMetaReadOnly(source.alias);
+      }
+
+      if (
+        source.meta?.[SourceRestriction.DATA_READONLY] &&
+        sourceRestrictions[SourceRestriction.DATA_READONLY][permissionName]
+      ) {
+        NcError.sourceDataReadOnly(source.alias);
+      }
+    }
+
     return next.handle().pipe(
       map((data) => {
         return data;

From 76ff5594d197057d7a26bf7a7f585f4131eccbd4 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:17 +0000
Subject: [PATCH 08/28] fix: pass source reference where it's missing

---
 .../components/dashboard/TreeView/AddNewTableNode.vue    | 6 +++++-
 packages/nc-gui/components/dashboard/TreeView/index.vue  | 6 +++---
 packages/nc-gui/composables/useCalendarViewStore.ts      | 2 +-
 packages/nc-gui/composables/useKanbanViewStore.ts        | 8 +++++++-
 packages/nc-gui/composables/useMapViewDataStore.ts       | 2 +-
 packages/nc-gui/context/index.ts                         | 4 ++++
 packages/nocodb/src/helpers/catchError.ts                | 4 ++--
 .../middlewares/extract-ids/extract-ids.middleware.ts    | 9 +++++++--
 8 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue b/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
index 40254e339d..1bee14a32d 100644
--- a/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
@@ -112,11 +112,15 @@ function openTableCreateMagicDialog(sourceId?: string) {
     close(1000)
   }
 }
+
+const source = computed(() => {
+  return base.value?.sources?.[props.sourceIndex]
+})
 </script>
 
 <template>
   <div
-    v-if="isUIAllowed('tableCreate', { roles: baseRole })"
+    v-if="isUIAllowed('tableCreate', { roles: baseRole, source })"
     class="group flex items-center gap-2 pl-2 pr-4.75 py-1 text-primary/70 hover:(text-primary/100) cursor-pointer select-none"
     @click="emit('openTableCreateDialog')"
   >
diff --git a/packages/nc-gui/components/dashboard/TreeView/index.vue b/packages/nc-gui/components/dashboard/TreeView/index.vue
index 79fdea2586..93d5089a89 100644
--- a/packages/nc-gui/components/dashboard/TreeView/index.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/index.vue
@@ -15,7 +15,7 @@ const basesStore = useBases()
 
 const { createProject: _createProject, updateProject } = basesStore
 
-const { bases, basesList, activeProjectId } = storeToRefs(basesStore)
+const { bases, basesList, activeProjectId, b } = storeToRefs(basesStore)
 
 const { isWorkspaceLoading } = storeToRefs(useWorkspace())
 
@@ -23,7 +23,7 @@ const baseCreateDlg = ref(false)
 
 const baseStore = useBase()
 
-const { isSharedBase } = storeToRefs(baseStore)
+const { isSharedBase, base } = storeToRefs(baseStore)
 
 const { activeTable: _activeTable } = storeToRefs(useTablesStore())
 
@@ -100,7 +100,7 @@ const duplicateTable = async (table: TableType) => {
 
 const isCreateTableAllowed = computed(
   () =>
-    isUIAllowed('tableCreate') &&
+    isUIAllowed('tableCreate', { source: base.value?.sources?.[0] }) &&
     route.value.name !== 'index' &&
     route.value.name !== 'index-index' &&
     route.value.name !== 'index-index-create' &&
diff --git a/packages/nc-gui/composables/useCalendarViewStore.ts b/packages/nc-gui/composables/useCalendarViewStore.ts
index fe040d4593..69f2b68947 100644
--- a/packages/nc-gui/composables/useCalendarViewStore.ts
+++ b/packages/nc-gui/composables/useCalendarViewStore.ts
@@ -558,7 +558,7 @@ const [useProvideCalendarViewStore, useCalendarViewStore] = useInjectionState(
     }
 
     async function updateCalendarMeta(updateObj: Partial<CalendarType>) {
-      if (!viewMeta?.value?.id || !isUIAllowed('dataEdit') || isPublic.value) return
+      if (!viewMeta?.value?.id || !isUIAllowed('dataEdit', { skipSourceCheck: true }) || isPublic.value) return
 
       const updateValue = {
         ...(typeof calendarMetaData.value.meta === 'string'
diff --git a/packages/nc-gui/composables/useKanbanViewStore.ts b/packages/nc-gui/composables/useKanbanViewStore.ts
index f33165e3ac..fb4e9202c7 100644
--- a/packages/nc-gui/composables/useKanbanViewStore.ts
+++ b/packages/nc-gui/composables/useKanbanViewStore.ts
@@ -312,7 +312,13 @@ const [useProvideKanbanViewStore, useKanbanViewStore] = useInjectionState(
     }
 
     async function updateKanbanMeta(updateObj: Partial<KanbanType>) {
-      if (!viewMeta?.value?.id || !isUIAllowed('dataEdit')) return
+      if (
+        !viewMeta?.value?.id ||
+        !isUIAllowed('dataEdit', {
+          skipSourceCheck: true,
+        })
+      )
+        return
       await $api.dbView.kanbanUpdate(viewMeta.value.id, updateObj)
     }
 
diff --git a/packages/nc-gui/composables/useMapViewDataStore.ts b/packages/nc-gui/composables/useMapViewDataStore.ts
index c587aec3bf..0bd3439f13 100644
--- a/packages/nc-gui/composables/useMapViewDataStore.ts
+++ b/packages/nc-gui/composables/useMapViewDataStore.ts
@@ -84,7 +84,7 @@ const [useProvideMapViewStore, useMapViewStore] = useInjectionState(
     }
 
     async function updateMapMeta(updateObj: Partial<MapType>) {
-      if (!viewMeta?.value?.id || !isUIAllowed('dataEdit')) return
+      if (!viewMeta?.value?.id || !isUIAllowed('dataEdit', { skipSourceCheck: true })) return
       await $api.dbView.mapUpdate(viewMeta.value.id, updateObj)
     }
 
diff --git a/packages/nc-gui/context/index.ts b/packages/nc-gui/context/index.ts
index ffa695b952..f2368053dc 100644
--- a/packages/nc-gui/context/index.ts
+++ b/packages/nc-gui/context/index.ts
@@ -60,6 +60,10 @@ export const JsonExpandInj: InjectionKey<Ref<boolean>> = Symbol('json-expand-inj
 export const AllFiltersInj: InjectionKey<Ref<Record<string, FilterType[]>>> = Symbol('all-filters-injection')
 
 export const IsAdminPanelInj: InjectionKey<Ref<boolean>> = Symbol('is-admin-panel-injection')
+/**
+ * `ActiveSourceInj` is an injection key for providing the active source context to Vue components.
+ * This is mainly used in useRoles composable to get source level restriction configuration in GUI.
+ */
 export const ActiveSourceInj: InjectionKey<
   ComputedRef<
     SourceType & {
diff --git a/packages/nocodb/src/helpers/catchError.ts b/packages/nocodb/src/helpers/catchError.ts
index adb9018e43..2994434409 100644
--- a/packages/nocodb/src/helpers/catchError.ts
+++ b/packages/nocodb/src/helpers/catchError.ts
@@ -810,11 +810,11 @@ export class NcError {
     throw new MetaError(param);
   }
 
-  static sourceDataReadOnly(name: any) {
+  static sourceDataReadOnly(name: string) {
     NcError.forbidden(`Source '${name}' is read-only`);
   }
 
-  static sourceMetaReadOnly(name: any) {
+  static sourceMetaReadOnly(name: string) {
     NcError.forbidden(`Source '${name}' schema is read-only`);
   }
 }
diff --git a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
index f450e01f2c..6f2bbaf455 100644
--- a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
+++ b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
@@ -75,13 +75,18 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
     // extract base id based on request path params
     if (params.baseName) {
       const base = await Base.getByTitleOrId(context, params.baseName);
+
+      if (!base) {
+        NcError.baseNotFound(params.baseName);
+      }
+
       if (base) {
         req.ncBaseId = base.id;
-        if (req.params.tableName) {
+        if (params.tableName) {
           // extract model and then source id from model
           const model = await Model.getByAliasOrId(context, {
             base_id: base.id,
-            aliasOrId: req.params.tableName,
+            aliasOrId: params.tableName,
           });
 
           if (!model) {

From c73b0b62ad8b99e31d8e69e6ae4be498fbb2b372 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:17 +0000
Subject: [PATCH 09/28] fix: proper role extraction

---
 .../components/dashboard/TreeView/BaseOptions.vue      |  4 +++-
 .../components/dashboard/TreeView/ProjectNode.vue      | 10 +++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue b/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue
index 75aeff3fde..0c04553bcc 100644
--- a/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue
@@ -8,9 +8,11 @@ const props = defineProps<{
 
 const source = toRef(props, 'source')
 
+const base = toRef(props, 'base')
+
 const { isUIAllowed } = useRoles()
 
-const baseRole = inject(ProjectRoleInj)
+const baseRole = computed(() => base.value.project_role || base.value.workspace_role)
 
 const { $e } = useNuxtApp()
 
diff --git a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
index b2cdb64e62..2e583cfdb7 100644
--- a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
@@ -69,7 +69,7 @@ const { t } = useI18n()
 
 const input = ref<HTMLInputElement>()
 
-const baseRole = inject(ProjectRoleInj)
+const baseRole = computed(() => base.value.project_role || base.value.workspace_role)
 
 const { activeProjectId } = storeToRefs(useBases())
 
@@ -100,9 +100,9 @@ const baseViewOpen = computed(() => {
   return routeNameAfterProjectView.split('-').length === 2 || routeNameAfterProjectView.split('-').length === 1
 })
 
-const showBaseOption = computed(() => {
+const showBaseOption = (source: SourceType) => {
   return ['airtableImport', 'csvImport', 'jsonImport', 'excelImport'].some((permission) =>
-    isUIAllowed(permission, { skipSourceCheck: true }),
+    isUIAllowed(permission, { source }),
   )
 })
 
@@ -602,7 +602,7 @@ const getSource = (sourceId: string) => {
                     </NcMenuItem>
                   </template>
 
-                  <template v-if="base?.sources?.[0]?.enabled && showBaseOption">
+                  <template v-if="base?.sources?.[0]?.enabled && showBaseOption(base?.sources?.[0])">
                     <NcDivider />
                     <DashboardTreeViewBaseOptions v-model:base="base" :source="base.sources[0]" />
                   </template>
@@ -823,7 +823,7 @@ const getSource = (sourceId: string) => {
                                     </div>
                                   </NcMenuItem>
 
-                                  <DashboardTreeViewBaseOptions v-if="showBaseOption" v-model:base="base" :source="source" />
+                                  <DashboardTreeViewBaseOptions v-if="showBaseOption(source)" v-model:base="base" :source="source" />
                                 </NcMenu>
                               </template>
                             </NcDropdown>

From 79747d8fb46fbe5c3441a4aabea69d57373ccfbe Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:17 +0000
Subject: [PATCH 10/28] feat: allow virtual column add/edit/remove

---
 .../smartsheet/column/EditOrAdd.vue           | 29 +++++++++++++++++--
 .../column/UITypesOptionsWithSearch.vue       | 24 +++++++++++++--
 2 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue b/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
index 495d2aee12..afe9ebeb23 100644
--- a/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
+++ b/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
@@ -38,6 +38,8 @@ const { getMeta } = useMetas()
 
 const { t } = useI18n()
 
+const {isMetaReadOnly} = useRoles()
+
 const columnLabel = computed(() => props.columnLabel || t('objects.field'))
 
 const { $e } = useNuxtApp()
@@ -99,6 +101,14 @@ const onlyNameUpdateOnEditColumns = [
   UITypes.Barcode,
 ]
 
+const readonlyMetaAllowedTypes = [
+  UITypes.Lookup,
+  UITypes.Rollup,
+  UITypes.Formula,
+  UITypes.Barcode,
+  UITypes.QrCode,
+]
+
 // To close column type dropdown on escape and
 // close modal only when the type popup is close
 const isColumnTypeOpen = ref(false)
@@ -124,7 +134,7 @@ const uiFilters = (t: { name: UITypes; virtual?: number; deprecated?: boolean })
 }
 
 const uiTypesOptions = computed<typeof uiTypes>(() => {
-  return [
+  const types = [
     ...uiTypes.filter(uiFilters),
     ...(!isEdit.value && meta?.value?.columns?.every((c) => !c.pk)
       ? [
@@ -136,6 +146,21 @@ const uiTypesOptions = computed<typeof uiTypes>(() => {
         ]
       : []),
   ]
+
+  // if meta is readonly, move disabled types to the end
+  if(isMetaReadOnly.value) {
+    types.sort((a, b) => {
+      const aDisabled = readonlyMetaAllowedTypes.includes(a.name)
+      const bDisabled = readonlyMetaAllowedTypes.includes(b.name)
+
+      if(aDisabled && !bDisabled) return -1
+      if(!aDisabled && bDisabled) return 1
+
+      return 0
+    })
+  }
+
+  return types
 })
 
 const onSelectType = (uidt: UITypes) => {
@@ -380,7 +405,7 @@ const filterOption = (input: string, option: { value: UITypes }) => {
             v-model:value="formState.uidt"
             show-search
             class="nc-column-type-input !rounded-lg"
-            :disabled="isKanban || readOnly || (isEdit && !!onlyNameUpdateOnEditColumns.includes(column?.uidt))"
+            :disabled="(isMetaReadOnly && !readonlyMetaAllowedTypes.includes(formState.uidt)) || isKanban || readOnly || (isEdit && !!onlyNameUpdateOnEditColumns.includes(column?.uidt))"
             dropdown-class-name="nc-dropdown-column-type border-1 !rounded-lg border-gray-200"
             :filter-option="filterOption"
             @dropdown-visible-change="onDropdownChange"
diff --git a/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue b/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
index a15e86302d..c586adb66a 100644
--- a/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
+++ b/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
@@ -11,6 +11,8 @@ const { options } = toRefs(props)
 
 const searchQuery = ref('')
 
+const {isMetaReadOnly} = useRoles()
+
 const filteredOptions = computed(
   () =>
     options.value?.filter(
@@ -62,6 +64,19 @@ onMounted(() => {
   searchQuery.value = ''
   activeFieldIndex.value = options.value.findIndex((o) => o.name === UITypes.SingleLineText)
 })
+
+
+const readonlyMetaAllowedTypes = [
+  UITypes.Lookup,
+  UITypes.Rollup,
+  UITypes.Formula,
+  UITypes.Barcode,
+  UITypes.QrCode,
+]
+
+const isDisabledUIType = (type: UITypes) => {
+  return isMetaReadOnly.value && !readonlyMetaAllowedTypes.includes(type)
+}
 </script>
 
 <template>
@@ -98,18 +113,21 @@ onMounted(() => {
       <div
         v-for="(option, index) in filteredOptions"
         :key="index"
-        class="flex w-full py-2 items-center justify-between px-2 hover:bg-gray-100 cursor-pointer rounded-md"
+        class="flex w-full py-2 items-center justify-between px-2 rounded-md"
         :class="[
           `nc-column-list-option-${index}`,
           {
-            'bg-gray-100 nc-column-list-option-active': activeFieldIndex === index,
+            'hover:bg-gray-100 cursor-pointer' : !isDisabledUIType(option.name),
+            'bg-gray-100 nc-column-list-option-active': activeFieldIndex === index && !isDisabledUIType(option.name),
+            '!text-gray-400 cursor-not-allowed': isDisabledUIType(option.name),
+
           },
         ]"
         :data-testid="option.name"
         @click="onClick(option.name)"
       >
         <div class="flex gap-2 items-center">
-          <component :is="option.icon" class="text-gray-700 w-4 h-4" />
+          <component :is="option.icon" class="w-4 h-4" :class="isDisabledUIType(option.name) ? '!text-gray-400' : 'text-gray-700' "/>
           <div class="flex-1 text-sm">{{ UITypesName[option.name] }}</div>
           <span v-if="option.deprecated" class="!text-xs !text-gray-300">({{ $t('general.deprecated') }})</span>
         </div>

From 0b184fc3ca5709d4e861da3dbf83621db73225f9 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 11/28] feat: allow virtual column add/edit/remove - backend

---
 .../smartsheet/column/EditOrAdd.vue           | 10 +------
 .../column/UITypesOptionsWithSearch.vue       | 11 +-------
 packages/nocodb-sdk/src/lib/UITypes.ts        | 10 +++++++
 packages/nocodb-sdk/src/lib/index.ts          |  1 +
 .../nocodb/src/services/columns.service.ts    | 28 +++++++++++++++++++
 5 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue b/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
index afe9ebeb23..931f916fc8 100644
--- a/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
+++ b/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
@@ -1,6 +1,6 @@
 <script lang="ts" setup>
 import type { ColumnReqType, ColumnType } from 'nocodb-sdk'
-import { UITypes, UITypesName, isLinksOrLTAR, isSelfReferencingTableColumn, isSystemColumn, isVirtualCol } from 'nocodb-sdk'
+import { UITypes, UITypesName, isLinksOrLTAR, isSelfReferencingTableColumn, isSystemColumn, isVirtualCol, readonlyMetaAllowedTypes } from 'nocodb-sdk'
 import MdiPlusIcon from '~icons/mdi/plus-circle-outline'
 import MdiMinusIcon from '~icons/mdi/minus-circle-outline'
 import MdiIdentifierIcon from '~icons/mdi/identifier'
@@ -101,14 +101,6 @@ const onlyNameUpdateOnEditColumns = [
   UITypes.Barcode,
 ]
 
-const readonlyMetaAllowedTypes = [
-  UITypes.Lookup,
-  UITypes.Rollup,
-  UITypes.Formula,
-  UITypes.Barcode,
-  UITypes.QrCode,
-]
-
 // To close column type dropdown on escape and
 // close modal only when the type popup is close
 const isColumnTypeOpen = ref(false)
diff --git a/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue b/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
index c586adb66a..6ac463f1a3 100644
--- a/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
+++ b/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
@@ -1,5 +1,5 @@
 <script lang="ts" setup>
-import { UITypes, UITypesName } from 'nocodb-sdk'
+import { UITypes, UITypesName, readonlyMetaAllowedTypes } from 'nocodb-sdk'
 
 const props = defineProps<{
   options: typeof uiTypes
@@ -65,15 +65,6 @@ onMounted(() => {
   activeFieldIndex.value = options.value.findIndex((o) => o.name === UITypes.SingleLineText)
 })
 
-
-const readonlyMetaAllowedTypes = [
-  UITypes.Lookup,
-  UITypes.Rollup,
-  UITypes.Formula,
-  UITypes.Barcode,
-  UITypes.QrCode,
-]
-
 const isDisabledUIType = (type: UITypes) => {
   return isMetaReadOnly.value && !readonlyMetaAllowedTypes.includes(type)
 }
diff --git a/packages/nocodb-sdk/src/lib/UITypes.ts b/packages/nocodb-sdk/src/lib/UITypes.ts
index c2bc95cbaf..6dd66e20a4 100644
--- a/packages/nocodb-sdk/src/lib/UITypes.ts
+++ b/packages/nocodb-sdk/src/lib/UITypes.ts
@@ -254,3 +254,13 @@ export const isSelectTypeCol = (
   );
 };
 export default UITypes;
+
+
+export const readonlyMetaAllowedTypes = [
+  UITypes.Lookup,
+  UITypes.Rollup,
+  UITypes.Formula,
+  UITypes.Barcode,
+  UITypes.QrCode,
+]
+
diff --git a/packages/nocodb-sdk/src/lib/index.ts b/packages/nocodb-sdk/src/lib/index.ts
index 75a547a167..0f108d90f6 100644
--- a/packages/nocodb-sdk/src/lib/index.ts
+++ b/packages/nocodb-sdk/src/lib/index.ts
@@ -20,6 +20,7 @@ export {
   isHiddenCol,
   getEquivalentUIType,
   isSelectTypeCol,
+  readonlyMetaAllowedTypes,
 } from '~/lib/UITypes';
 export { default as CustomAPI, FileType } from '~/lib/CustomAPI';
 export { default as TemplateGenerator } from '~/lib/TemplateGenerator';
diff --git a/packages/nocodb/src/services/columns.service.ts b/packages/nocodb/src/services/columns.service.ts
index f47296dec1..fae07000b7 100644
--- a/packages/nocodb/src/services/columns.service.ts
+++ b/packages/nocodb/src/services/columns.service.ts
@@ -5,7 +5,9 @@ import {
   isCreatedOrLastModifiedTimeCol,
   isLinksOrLTAR,
   isVirtualCol,
+  readonlyMetaAllowedTypes,
   RelationTypes,
+  SourceRestriction,
   substituteColumnAliasWithIdInFormula,
   substituteColumnIdWithAliasInFormula,
   UITypes,
@@ -197,6 +199,16 @@ export class ColumnsService {
       Source.get(context, table.source_id),
     );
 
+    // check if source is readonly and column type is not allowed
+    if (
+      source?.meta?.[SourceRestriction.META_READONLY] &&
+      (!readonlyMetaAllowedTypes.includes(column.uidt) ||
+        (param.column.uidt &&
+          !readonlyMetaAllowedTypes.includes(param.column.uidt as UITypes)))
+    ) {
+      NcError.sourceMetaReadOnly(source.alias);
+    }
+
     const sqlClient = await reuseOrSave('sqlClient', reuse, async () =>
       NcConnectionMgrv2.getSqlClient(source),
     );
@@ -1482,6 +1494,14 @@ export class ColumnsService {
       Source.get(context, table.source_id),
     );
 
+    // check if source is readonly and column type is not allowed
+    if (
+      source?.meta?.[SourceRestriction.META_READONLY] &&
+      !readonlyMetaAllowedTypes.includes(param.column.uidt as UITypes)
+    ) {
+      NcError.sourceMetaReadOnly(source.alias);
+    }
+
     const base = await reuseOrSave('base', reuse, async () =>
       source.getProject(context),
     );
@@ -2042,6 +2062,14 @@ export class ColumnsService {
       Source.get(context, table.source_id, false, ncMeta),
     );
 
+    // check if source is readonly and column type is not allowed
+    if (
+      source?.meta?.[SourceRestriction.META_READONLY] &&
+      !readonlyMetaAllowedTypes.includes(column.uidt)
+    ) {
+      NcError.sourceMetaReadOnly(source.alias);
+    }
+
     const sqlMgr = await reuseOrSave('sqlMgr', reuse, async () =>
       ProjectMgrv2.getSqlMgr(context, { id: source.base_id }, ncMeta),
     );

From 3820e91a1b6dec9330afedfacad4ac20f0750d1a Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 12/28] feat: label and tooltip corrections

---
 .../components/dashboard/TreeView/index.vue   |  6 +--
 .../settings/data-sources/CreateBase.vue      | 51 +++++++++++++++++--
 .../settings/data-sources/EditBase.vue        | 51 +++++++++++++++++--
 .../smartsheet/column/EditOrAdd.vue           | 25 ++++++---
 .../column/UITypesOptionsWithSearch.vue       | 11 ++--
 .../components/smartsheet/header/Menu.vue     | 34 +++++++++----
 .../smartsheet/toolbar/Calendar/Range.vue     |  2 +-
 packages/nc-gui/composables/useRoles/index.ts | 10 ++++
 packages/nc-gui/composables/useViewFilters.ts |  1 -
 packages/nc-gui/lang/en.json                  |  4 ++
 10 files changed, 159 insertions(+), 36 deletions(-)

diff --git a/packages/nc-gui/components/dashboard/TreeView/index.vue b/packages/nc-gui/components/dashboard/TreeView/index.vue
index 93d5089a89..84220e5466 100644
--- a/packages/nc-gui/components/dashboard/TreeView/index.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/index.vue
@@ -15,7 +15,7 @@ const basesStore = useBases()
 
 const { createProject: _createProject, updateProject } = basesStore
 
-const { bases, basesList, activeProjectId, b } = storeToRefs(basesStore)
+const { bases, basesList, activeProjectId } = storeToRefs(basesStore)
 
 const { isWorkspaceLoading } = storeToRefs(useWorkspace())
 
@@ -248,9 +248,9 @@ watch(
           ghost-class="ghost"
           @change="onMove($event)"
         >
-          <template #item="{ element: base }">
+          <template #item="{ element: base1 }">
             <div :key="base.id">
-              <ProjectWrapper :base-role="base.project_role" :base="base">
+              <ProjectWrapper :base-role="base1.project_role" :base="base1">
                 <DashboardTreeViewProjectNode />
               </ProjectWrapper>
             </div>
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index 0ee0a30cea..8febd32045 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -399,6 +399,22 @@ watch(
 const toggleModal = (val: boolean) => {
   vOpen.value = val
 }
+
+const allowMetaWrite = computed({
+  get: () => !formState.value.meta[SourceRestriction.META_READONLY],
+  set: (v) => {
+    formState.value.meta = formState.value.meta || {}
+    formState.value.meta[SourceRestriction.META_READONLY] = !v
+  },
+})
+
+const allowDataWrite = computed({
+  get: () => !formState.value.meta[SourceRestriction.DATA_READONLY],
+  set: (v) => {
+    formState.value.meta = formState.value.meta || {}
+    formState.value.meta[SourceRestriction.DATA_READONLY] = !v
+  },
+})
 </script>
 
 <template>
@@ -514,12 +530,37 @@ const toggleModal = (val: boolean) => {
               >
                 <a-input v-model:value="formState.dataSource.searchPath[0]" />
               </a-form-item>
-
-              <a-form-item label="Readonly Schema">
-                <a-switch v-model:checked="formState.meta[SourceRestriction.META_READONLY]" size="small"></a-switch>
+              <a-form-item>
+                <template #label>
+                  <div class="flex gap-1 justify-end">
+                    <span>
+                      {{ $t('labels.allowMetaWrite') }}
+                    </span>
+                    <NcTooltip>
+                      <template #title>
+                        <span>{{ $t('tooltip.allowMetaWrite') }}</span>
+                      </template>
+                      <GeneralIcon class="text-gray-500" icon="info" />
+                    </NcTooltip>
+                  </div>
+                </template>
+                <a-switch v-model:checked="allowMetaWrite" size="small"></a-switch>
               </a-form-item>
-              <a-form-item label="Readonly Data">
-                <a-switch v-model:checked="formState.meta[SourceRestriction.DATA_READONLY]" size="small"></a-switch>
+              <a-form-item>
+                <template #label>
+                  <div class="flex gap-1 justify-end">
+                    <span>
+                      {{ $t('labels.allowDataWrite') }}
+                    </span>
+                    <NcTooltip>
+                      <template #title>
+                        <span>{{ $t('tooltip.allowDataWrite') }}</span>
+                      </template>
+                      <GeneralIcon class="text-gray-500" icon="info" />
+                    </NcTooltip>
+                  </div>
+                </template>
+                <a-switch v-model:checked="allowDataWrite" size="small"></a-switch>
               </a-form-item>
 
               <div class="flex items-right justify-end gap-2">
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
index 1584a38388..a80fa834fc 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
@@ -367,6 +367,22 @@ watch(
     immediate: true,
   },
 )
+
+const allowMetaWrite = computed({
+  get: () => !formState.value.meta[SourceRestriction.META_READONLY],
+  set: (v) => {
+    formState.value.meta = formState.value.meta || {}
+    formState.value.meta[SourceRestriction.META_READONLY] = !v
+  },
+})
+
+const allowDataWrite = computed({
+  get: () => !formState.value.meta[SourceRestriction.DATA_READONLY],
+  set: (v) => {
+    formState.value.meta = formState.value.meta || {}
+    formState.value.meta[SourceRestriction.DATA_READONLY] = !v
+  },
+})
 </script>
 
 <template>
@@ -536,13 +552,38 @@ watch(
             <a-input v-model:value="formState.dataSource.searchPath[0]" />
           </a-form-item>
 
-          <a-form-item label="Readonly Schema">
-            <a-switch v-model:checked="formState.meta[SourceRestriction.META_READONLY]" size="small"></a-switch>
+          <a-form-item>
+            <template #label>
+              <div class="flex gap-1 justify-end">
+                <span>
+                  {{ $t('labels.allowMetaWrite') }}
+                </span>
+                <NcTooltip>
+                  <template #title>
+                    <span>{{ $t('tooltip.allowMetaWrite') }}</span>
+                  </template>
+                  <GeneralIcon class="text-gray-500" icon="info" />
+                </NcTooltip>
+              </div>
+            </template>
+            <a-switch v-model:checked="allowMetaWrite" size="small"></a-switch>
           </a-form-item>
-          <a-form-item label="Readonly Data">
-            <a-switch v-model:checked="formState.meta[SourceRestriction.DATA_READONLY]" size="small"></a-switch>
+          <a-form-item>
+            <template #label>
+              <div class="flex gap-1 justify-end">
+                <span>
+                  {{ $t('labels.allowDataWrite') }}
+                </span>
+                <NcTooltip>
+                  <template #title>
+                    <span>{{ $t('tooltip.allowDataWrite') }}</span>
+                  </template>
+                  <GeneralIcon class="text-gray-500" icon="info" />
+                </NcTooltip>
+              </div>
+            </template>
+            <a-switch v-model:checked="allowDataWrite" size="small"></a-switch>
           </a-form-item>
-
           <!--                Use Connection URL -->
           <div class="flex justify-end gap-2">
             <NcButton size="small" type="ghost" class="nc-extdb-btn-import-url !rounded-md" @click.stop="importURLDlg = true">
diff --git a/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue b/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
index 931f916fc8..4e4629f9b0 100644
--- a/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
+++ b/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
@@ -1,6 +1,14 @@
 <script lang="ts" setup>
 import type { ColumnReqType, ColumnType } from 'nocodb-sdk'
-import { UITypes, UITypesName, isLinksOrLTAR, isSelfReferencingTableColumn, isSystemColumn, isVirtualCol, readonlyMetaAllowedTypes } from 'nocodb-sdk'
+import {
+  UITypes,
+  UITypesName,
+  isLinksOrLTAR,
+  isSelfReferencingTableColumn,
+  isSystemColumn,
+  isVirtualCol,
+  readonlyMetaAllowedTypes,
+} from 'nocodb-sdk'
 import MdiPlusIcon from '~icons/mdi/plus-circle-outline'
 import MdiMinusIcon from '~icons/mdi/minus-circle-outline'
 import MdiIdentifierIcon from '~icons/mdi/identifier'
@@ -38,7 +46,7 @@ const { getMeta } = useMetas()
 
 const { t } = useI18n()
 
-const {isMetaReadOnly} = useRoles()
+const { isMetaReadOnly } = useRoles()
 
 const columnLabel = computed(() => props.columnLabel || t('objects.field'))
 
@@ -140,13 +148,13 @@ const uiTypesOptions = computed<typeof uiTypes>(() => {
   ]
 
   // if meta is readonly, move disabled types to the end
-  if(isMetaReadOnly.value) {
+  if (isMetaReadOnly.value) {
     types.sort((a, b) => {
       const aDisabled = readonlyMetaAllowedTypes.includes(a.name)
       const bDisabled = readonlyMetaAllowedTypes.includes(b.name)
 
-      if(aDisabled && !bDisabled) return -1
-      if(!aDisabled && bDisabled) return 1
+      if (aDisabled && !bDisabled) return -1
+      if (!aDisabled && bDisabled) return 1
 
       return 0
     })
@@ -397,7 +405,12 @@ const filterOption = (input: string, option: { value: UITypes }) => {
             v-model:value="formState.uidt"
             show-search
             class="nc-column-type-input !rounded-lg"
-            :disabled="(isMetaReadOnly && !readonlyMetaAllowedTypes.includes(formState.uidt)) || isKanban || readOnly || (isEdit && !!onlyNameUpdateOnEditColumns.includes(column?.uidt))"
+            :disabled="
+              (isMetaReadOnly && !readonlyMetaAllowedTypes.includes(formState.uidt)) ||
+              isKanban ||
+              readOnly ||
+              (isEdit && !!onlyNameUpdateOnEditColumns.includes(column?.uidt))
+            "
             dropdown-class-name="nc-dropdown-column-type border-1 !rounded-lg border-gray-200"
             :filter-option="filterOption"
             @dropdown-visible-change="onDropdownChange"
diff --git a/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue b/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
index 6ac463f1a3..9c9574244f 100644
--- a/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
+++ b/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
@@ -11,7 +11,7 @@ const { options } = toRefs(props)
 
 const searchQuery = ref('')
 
-const {isMetaReadOnly} = useRoles()
+const { isMetaReadOnly } = useRoles()
 
 const filteredOptions = computed(
   () =>
@@ -108,17 +108,20 @@ const isDisabledUIType = (type: UITypes) => {
         :class="[
           `nc-column-list-option-${index}`,
           {
-            'hover:bg-gray-100 cursor-pointer' : !isDisabledUIType(option.name),
+            'hover:bg-gray-100 cursor-pointer': !isDisabledUIType(option.name),
             'bg-gray-100 nc-column-list-option-active': activeFieldIndex === index && !isDisabledUIType(option.name),
             '!text-gray-400 cursor-not-allowed': isDisabledUIType(option.name),
-
           },
         ]"
         :data-testid="option.name"
         @click="onClick(option.name)"
       >
         <div class="flex gap-2 items-center">
-          <component :is="option.icon" class="w-4 h-4" :class="isDisabledUIType(option.name) ? '!text-gray-400' : 'text-gray-700' "/>
+          <component
+            :is="option.icon"
+            class="w-4 h-4"
+            :class="isDisabledUIType(option.name) ? '!text-gray-400' : 'text-gray-700'"
+          />
           <div class="flex-1 text-sm">{{ UITypesName[option.name] }}</div>
           <span v-if="option.deprecated" class="!text-xs !text-gray-300">({{ $t('general.deprecated') }})</span>
         </div>
diff --git a/packages/nc-gui/components/smartsheet/header/Menu.vue b/packages/nc-gui/components/smartsheet/header/Menu.vue
index 74bfb25eb7..76955194b0 100644
--- a/packages/nc-gui/components/smartsheet/header/Menu.vue
+++ b/packages/nc-gui/components/smartsheet/header/Menu.vue
@@ -1,5 +1,5 @@
 <script lang="ts" setup>
-import type { ColumnReqType } from 'nocodb-sdk'
+import { type ColumnReqType, readonlyMetaAllowedTypes } from 'nocodb-sdk'
 import { PlanLimitTypes, RelationTypes, UITypes, isLinksOrLTAR, isSystemColumn } from 'nocodb-sdk'
 import { SmartsheetStoreEvents } from '#imports'
 
@@ -43,7 +43,7 @@ const { gridViewCols } = useViewColumnsOrThrow()
 
 const { fieldsToGroupBy, groupByLimit } = useViewGroupByOrThrow(view)
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed, isMetaReadOnly } = useRoles()
 
 const isLoading = ref<'' | 'hideOrShow' | 'setDisplay'>('')
 
@@ -354,6 +354,11 @@ const filterOrGroupByThisField = (event: SmartsheetStoreEvents) => {
   }
   isOpen.value = false
 }
+
+const isColumnCRUDAllowed = computed(() => {
+  if (isMetaReadOnly.value && !readonlyMetaAllowedTypes.includes(column.value?.uidt)) return false
+  return true
+})
 </script>
 
 <template>
@@ -376,7 +381,11 @@ const filterOrGroupByThisField = (event: SmartsheetStoreEvents) => {
           'min-w-[256px]': isExpandedForm,
         }"
       >
-        <NcMenuItem v-if="isUIAllowed('fieldAlter')" :disabled="column?.pk || isSystemColumn(column)" @click="onEditPress">
+        <NcMenuItem
+          v-if="isUIAllowed('fieldAlter') && isColumnCRUDAllowed"
+          :disabled="column?.pk || isSystemColumn(column)"
+          @click="onEditPress"
+        >
           <div class="nc-column-edit nc-header-menu-item">
             <component :is="iconMap.ncEdit" class="text-gray-700" />
             <!-- Edit -->
@@ -471,13 +480,15 @@ const filterOrGroupByThisField = (event: SmartsheetStoreEvents) => {
           <NcTooltip
             :disabled="(isGroupBySupported && !isGroupByLimitExceeded) || isGroupedByThisField || !(isEeUI && !isPublic)"
           >
-            <template #title>{{
-              !isGroupBySupported
-                ? "This field type doesn't support grouping"
-                : isGroupByLimitExceeded
-                ? 'Group by limit exceeded'
-                : ''
-            }}</template>
+            <template #title
+              >{{
+                !isGroupBySupported
+                  ? "This field type doesn't support grouping"
+                  : isGroupByLimitExceeded
+                  ? 'Group by limit exceeded'
+                  : ''
+              }}
+            </template>
             <NcMenuItem
               :disabled="isEeUI && !isPublic && (!isGroupBySupported || isGroupByLimitExceeded) && !isGroupedByThisField"
               @click="
@@ -521,7 +532,7 @@ const filterOrGroupByThisField = (event: SmartsheetStoreEvents) => {
         <a-divider v-if="!column?.pv" class="!my-0" />
 
         <NcMenuItem
-          v-if="!column?.pv && isUIAllowed('fieldDelete')"
+          v-if="!column?.pv && isUIAllowed('fieldDelete') && isColumnCRUDAllowed"
           :disabled="!isDeleteAllowed"
           class="!hover:bg-red-50"
           @click="handleDelete"
@@ -559,6 +570,7 @@ const filterOrGroupByThisField = (event: SmartsheetStoreEvents) => {
 :deep(.ant-dropdown-menu-item:not(.ant-dropdown-menu-item-disabled)) {
   @apply !hover:text-black text-gray-700;
 }
+
 :deep(.ant-dropdown-menu-item.ant-dropdown-menu-item-disabled .nc-icon) {
   @apply text-current;
 }
diff --git a/packages/nc-gui/components/smartsheet/toolbar/Calendar/Range.vue b/packages/nc-gui/components/smartsheet/toolbar/Calendar/Range.vue
index 4f27e6f8b1..5f3375c634 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/Calendar/Range.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/Calendar/Range.vue
@@ -1,5 +1,5 @@
 <script lang="ts" setup>
-import { type CalendarRangeType, UITypes, ViewTypes, isSystemColumn } from 'nocodb-sdk'
+import { type CalendarRangeType, UITypes, isSystemColumn } from 'nocodb-sdk'
 import type { SelectProps } from 'ant-design-vue'
 
 const meta = inject(MetaInj, ref())
diff --git a/packages/nc-gui/composables/useRoles/index.ts b/packages/nc-gui/composables/useRoles/index.ts
index dd1e4c2141..e64a74183c 100644
--- a/packages/nc-gui/composables/useRoles/index.ts
+++ b/packages/nc-gui/composables/useRoles/index.ts
@@ -185,10 +185,20 @@ export const useRoles = () => {
   const currentSource = inject(ActiveSourceInj, ref())
   const useRolesRes = useRolesShared()
 
+  const isMetaReadOnly = computed(() => {
+    return currentSource.value?.meta?.[SourceRestriction.META_READONLY] || false
+  })
+
+  const isDataReadOnly = computed(() => {
+    return currentSource.value?.meta?.[SourceRestriction.DATA_READONLY] || false
+  })
+
   return {
     ...useRolesRes,
     isUIAllowed: (...args: IsUIAllowedParams) => {
       return useRolesRes.isUIAllowed(args[0], { source: currentSource, ...(args[1] || {}) })
     },
+    isDataReadOnly,
+    isMetaReadOnly,
   }
 }
diff --git a/packages/nc-gui/composables/useViewFilters.ts b/packages/nc-gui/composables/useViewFilters.ts
index a4e8cee459..ad61e79872 100644
--- a/packages/nc-gui/composables/useViewFilters.ts
+++ b/packages/nc-gui/composables/useViewFilters.ts
@@ -10,7 +10,6 @@ import type { ComputedRef, Ref } from 'vue'
 import type { SelectProps } from 'ant-design-vue'
 import { UITypes, isSystemColumn } from 'nocodb-sdk'
 
-
 type ColumnFilterType = FilterType & { status?: string; id?: string; children?: ColumnFilterType[]; is_group?: boolean }
 
 export function useViewFilters(
diff --git a/packages/nc-gui/lang/en.json b/packages/nc-gui/lang/en.json
index e49ab0af6e..22b2f94aa8 100644
--- a/packages/nc-gui/lang/en.json
+++ b/packages/nc-gui/lang/en.json
@@ -456,6 +456,8 @@
     "looksLikeThisStackIsEmpty": "Looks like this stack does not have any records"
   },
   "labels": {
+    "allowMetaWrite" : "Allow Schema Change",
+    "allowDataWrite" : "Allow Data Write/Edit",
     "selectView": "Select a View",
     "connectionDetails": "Connection Details",
     "metaSync": "Meta Sync",
@@ -1038,6 +1040,8 @@
     "group": "Group"
   },
   "tooltip": {
+    "allowMetaWrite": "Enable this option to allow modifications to the database schema, including adding, altering, or deleting tables and columns. Use with caution, as changes may affect application functionality.",
+    "allowDataWrite": "Enable this option to allow updating, deleting, or inserting data within the database tables. Ideal for administrative users who need to manage data directly.",
     "reachedSourceLimit": "Limited to only one data source for the moment",
     "saveChanges": "Save changes",
     "xcDB": "Create a new base",

From 4561423226fa87d7aaeecd93410b79ddfbd26fd2 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 13/28] refactor: move readonly props from meta to new cols for
 better stability

---
 .../dashboard/TreeView/CreateViewBtn.vue      |  2 +-
 .../settings/data-sources/CreateBase.vue      | 18 ++++++------
 .../settings/data-sources/EditBase.vue        | 28 ++++++++-----------
 packages/nc-gui/composables/useRoles/index.ts | 10 +++----
 packages/nc-gui/lib/acl.ts                    |  2 +-
 packages/nocodb-sdk/src/lib/enums.ts          |  4 +--
 .../meta/migrations/XcMigrationSourcev2.ts    |  4 +++
 .../v2/nc_051_source_readonly_columns.ts      | 18 ++++++++++++
 .../extract-ids/extract-ids.middleware.ts     |  8 +++---
 packages/nocodb/src/models/Source.ts          |  6 ++++
 .../export-import/duplicate.controller.ts     |  8 +++---
 packages/nocodb/src/schema/swagger-v2.json    |  8 ++++++
 packages/nocodb/src/schema/swagger.json       |  8 ++++++
 .../nocodb/src/services/columns.service.ts    |  6 ++--
 packages/nocodb/src/services/forms.service.ts |  2 +-
 .../src/services/public-datas.service.ts      |  2 +-
 packages/nocodb/src/utils/acl.ts              |  2 +-
 17 files changed, 87 insertions(+), 49 deletions(-)
 create mode 100644 packages/nocodb/src/meta/migrations/v2/nc_051_source_readonly_columns.ts

diff --git a/packages/nc-gui/components/dashboard/TreeView/CreateViewBtn.vue b/packages/nc-gui/components/dashboard/TreeView/CreateViewBtn.vue
index b87270b07a..b2da2dbb39 100644
--- a/packages/nc-gui/components/dashboard/TreeView/CreateViewBtn.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/CreateViewBtn.vue
@@ -126,7 +126,7 @@ async function onOpenModal({
           </div>
         </NcMenuItem>
 
-        <NcMenuItem v-if="!source.meta?.[SourceRestriction.DATA_READONLY]" @click="onOpenModal({ type: ViewTypes.FORM })">
+        <NcMenuItem v-if="!source.is_schema_readonly" @click="onOpenModal({ type: ViewTypes.FORM })">
           <div class="item" data-testid="sidebar-view-create-form">
             <div class="item-inner">
               <GeneralViewIcon :meta="{ type: ViewTypes.FORM }" />
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index 8febd32045..d828b8deb3 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -56,9 +56,8 @@ const formState = ref<ProjectCreateForm>({
   },
   sslUse: SSLUsage.No,
   extraParameters: [],
-  meta: {
-    [SourceRestriction.META_READONLY]: true,
-    [SourceRestriction.DATA_READONLY]: false,
+  'is_schema_readonly': true,
+  'is_data_readonly': false,
   },
 })
 
@@ -249,7 +248,8 @@ const createSource = async () => {
       config,
       inflection_column: formState.value.inflection.inflectionColumn,
       inflection_table: formState.value.inflection.inflectionTable,
-      meta: formState.value.meta,
+      is_schema_readonly: formState.value.is_schema_readonly,
+      is_data_readonly: formState.value.is_data_readonly,
     })
 
     $poller.subscribe(
@@ -401,18 +401,16 @@ const toggleModal = (val: boolean) => {
 }
 
 const allowMetaWrite = computed({
-  get: () => !formState.value.meta[SourceRestriction.META_READONLY],
+  get: () => !formState.value.is_schema_readonly,
   set: (v) => {
-    formState.value.meta = formState.value.meta || {}
-    formState.value.meta[SourceRestriction.META_READONLY] = !v
+    formState.value.is_schema_readonly = !v
   },
 })
 
 const allowDataWrite = computed({
-  get: () => !formState.value.meta[SourceRestriction.DATA_READONLY],
+  get: () => !formState.value.is_data_readonly,
   set: (v) => {
-    formState.value.meta = formState.value.meta || {}
-    formState.value.meta[SourceRestriction.DATA_READONLY] = !v
+    formState.value.is_data_readonly = !v
   },
 })
 </script>
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
index a80fa834fc..43a5a3368b 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
@@ -61,10 +61,8 @@ const formState = ref<ProjectCreateForm>({
   },
   sslUse: SSLUsage.No,
   extraParameters: [],
-  meta: {
-    [SourceRestriction.META_READONLY]: true,
-    [SourceRestriction.DATA_READONLY]: false,
-  },
+  is_schema_readonly: true,
+  is_data_readonly: false,
 })
 
 const customFormState = ref<ProjectCreateForm>({
@@ -76,10 +74,8 @@ const customFormState = ref<ProjectCreateForm>({
   },
   sslUse: SSLUsage.No,
   extraParameters: [],
-  meta: {
-    [SourceRestriction.META_READONLY]: true,
-    [SourceRestriction.DATA_READONLY]: false,
-  },
+  is_schema_readonly: true,
+  is_data_readonly: false,
 })
 
 const validators = computed(() => {
@@ -237,7 +233,8 @@ const editBase = async () => {
       config,
       inflection_column: formState.value.inflection.inflectionColumn,
       inflection_table: formState.value.inflection.inflectionTable,
-      meta: formState.value.meta || {},
+      is_schema_readonly: formState.value.is_schema_readonly,
+      is_data_readonly: formState.value.is_data_readonly,
     })
 
     $e('a:source:edit:extdb')
@@ -349,7 +346,8 @@ onMounted(async () => {
       },
       extraParameters: tempParameters,
       sslUse: SSLUsage.No,
-      meta: activeBase.meta || {},
+      is_schema_readonly: activeBase.is_schema_readonly,
+      is_data_readonly: activeBase.is_data_readonly,
     }
     updateSSLUse()
   }
@@ -369,18 +367,16 @@ watch(
 )
 
 const allowMetaWrite = computed({
-  get: () => !formState.value.meta[SourceRestriction.META_READONLY],
+  get: () => !formState.value.is_schema_readonly,
   set: (v) => {
-    formState.value.meta = formState.value.meta || {}
-    formState.value.meta[SourceRestriction.META_READONLY] = !v
+    formState.value.is_schema_readonly = !v
   },
 })
 
 const allowDataWrite = computed({
-  get: () => !formState.value.meta[SourceRestriction.DATA_READONLY],
+  get: () => !formState.value.is_data_readonly,
   set: (v) => {
-    formState.value.meta = formState.value.meta || {}
-    formState.value.meta[SourceRestriction.DATA_READONLY] = !v
+    formState.value.is_data_readonly = !v
   },
 })
 </script>
diff --git a/packages/nc-gui/composables/useRoles/index.ts b/packages/nc-gui/composables/useRoles/index.ts
index e64a74183c..79cd906b00 100644
--- a/packages/nc-gui/composables/useRoles/index.ts
+++ b/packages/nc-gui/composables/useRoles/index.ts
@@ -150,7 +150,7 @@ export const useRolesShared = createSharedComposable(() => {
     if (
       !args.skipSourceCheck &&
       (sourceRestrictions[SourceRestriction.DATA_READONLY][permission] ||
-        sourceRestrictions[SourceRestriction.META_READONLY][permission])
+        sourceRestrictions[SourceRestriction.SCHEMA_READONLY][permission])
     ) {
       const source = unref(args.source || null)
 
@@ -159,10 +159,10 @@ export const useRolesShared = createSharedComposable(() => {
         return false
       }
 
-      if (source?.meta?.[SourceRestriction.DATA_READONLY] && sourceRestrictions[SourceRestriction.DATA_READONLY][permission]) {
+      if (source?.is_data_readonly && sourceRestrictions[SourceRestriction.DATA_READONLY][permission]) {
         return false
       }
-      if (source?.meta?.[SourceRestriction.META_READONLY] && sourceRestrictions[SourceRestriction.META_READONLY][permission]) {
+      if (source?.is_schema_readonly && sourceRestrictions[SourceRestriction.SCHEMA_READONLY][permission]) {
         return false
       }
     }
@@ -186,11 +186,11 @@ export const useRoles = () => {
   const useRolesRes = useRolesShared()
 
   const isMetaReadOnly = computed(() => {
-    return currentSource.value?.meta?.[SourceRestriction.META_READONLY] || false
+    return currentSource.value?.is_schema_readonly || false
   })
 
   const isDataReadOnly = computed(() => {
-    return currentSource.value?.meta?.[SourceRestriction.DATA_READONLY] || false
+    return currentSource.value?.is_schema_readonly || false
   })
 
   return {
diff --git a/packages/nc-gui/lib/acl.ts b/packages/nc-gui/lib/acl.ts
index 503c81f052..d0124c0853 100644
--- a/packages/nc-gui/lib/acl.ts
+++ b/packages/nc-gui/lib/acl.ts
@@ -134,7 +134,7 @@ export const sourceRestrictions = {
     duplicateModel: true,
     tableDuplicate: true,
   },
-  [SourceRestriction.META_READONLY]: {
+  [SourceRestriction.SCHEMA_READONLY]: {
     tableCreate: true,
     tableRename: true,
     tableDelete: true,
diff --git a/packages/nocodb-sdk/src/lib/enums.ts b/packages/nocodb-sdk/src/lib/enums.ts
index 632d138957..8e358d91a3 100644
--- a/packages/nocodb-sdk/src/lib/enums.ts
+++ b/packages/nocodb-sdk/src/lib/enums.ts
@@ -329,8 +329,8 @@ export enum APIContext {
 
 
 export enum SourceRestriction {
-  META_READONLY = 'metaReadOnly',
-  DATA_READONLY = 'dataReadOnly',
+  SCHEMA_READONLY = 'is_schema_readonly',
+  DATA_READONLY = 'is_data_readonly',
 }
 
 
diff --git a/packages/nocodb/src/meta/migrations/XcMigrationSourcev2.ts b/packages/nocodb/src/meta/migrations/XcMigrationSourcev2.ts
index 8dd0fb24f9..07b9054f2c 100644
--- a/packages/nocodb/src/meta/migrations/XcMigrationSourcev2.ts
+++ b/packages/nocodb/src/meta/migrations/XcMigrationSourcev2.ts
@@ -37,6 +37,7 @@ import * as nc_047_comment_migration from '~/meta/migrations/v2/nc_047_comment_m
 import * as nc_048_view_links from '~/meta/migrations/v2/nc_048_view_links';
 import * as nc_049_clear_notifications from '~/meta/migrations/v2/nc_049_clear_notifications';
 import * as nc_050_tenant_isolation from '~/meta/migrations/v2/nc_050_tenant_isolation';
+import * as nc_051_source_readonly_columns from '~/meta/migrations/v2/nc_051_source_readonly_columns';
 
 // Create a custom migration source class
 export default class XcMigrationSourcev2 {
@@ -85,6 +86,7 @@ export default class XcMigrationSourcev2 {
       'nc_048_view_links',
       'nc_049_clear_notifications',
       'nc_050_tenant_isolation',
+      'nc_051_source_readonly_columns',
     ]);
   }
 
@@ -172,6 +174,8 @@ export default class XcMigrationSourcev2 {
         return nc_049_clear_notifications;
       case 'nc_050_tenant_isolation':
         return nc_050_tenant_isolation;
+      case 'nc_051_source_readonly_columns':
+        return nc_051_source_readonly_columns;
     }
   }
 }
diff --git a/packages/nocodb/src/meta/migrations/v2/nc_051_source_readonly_columns.ts b/packages/nocodb/src/meta/migrations/v2/nc_051_source_readonly_columns.ts
new file mode 100644
index 0000000000..943f8f11dd
--- /dev/null
+++ b/packages/nocodb/src/meta/migrations/v2/nc_051_source_readonly_columns.ts
@@ -0,0 +1,18 @@
+import type { Knex } from 'knex';
+import { MetaTable } from '~/utils/globals';
+
+const up = async (knex: Knex) => {
+  await knex.schema.alterTable(MetaTable.BASES, (table) => {
+    table.boolean('is_schema_readonly').defaultTo(false);
+    table.boolean('is_data_readonly').defaultTo(false);
+  });
+};
+
+const down = async (knex: Knex) => {
+  await knex.schema.alterTable(MetaTable.BASES, (table) => {
+    table.dropColumn('is_schema_readonly');
+    table.dropColumn('is_data_readonly');
+  });
+};
+
+export { up, down };
diff --git a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
index 6f2bbaf455..aba3d01af3 100644
--- a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
+++ b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
@@ -471,7 +471,7 @@ export class AclMiddleware implements NestInterceptor {
     // 1. Check if it's present in the source restriction list
     // 2. If present, check if write permission is allowed
     if (
-      sourceRestrictions[SourceRestriction.META_READONLY][permissionName] ||
+      sourceRestrictions[SourceRestriction.SCHEMA_READONLY][permissionName] ||
       sourceRestrictions[SourceRestriction.DATA_READONLY][permissionName]
     ) {
       let source: Source;
@@ -496,14 +496,14 @@ export class AclMiddleware implements NestInterceptor {
       }
 
       if (
-        source.meta?.[SourceRestriction.META_READONLY] &&
-        sourceRestrictions[SourceRestriction.META_READONLY][permissionName]
+        source.is_schema_readonly &&
+        sourceRestrictions[SourceRestriction.SCHEMA_READONLY][permissionName]
       ) {
         NcError.sourceMetaReadOnly(source.alias);
       }
 
       if (
-        source.meta?.[SourceRestriction.DATA_READONLY] &&
+        source.is_data_readonly &&
         sourceRestrictions[SourceRestriction.DATA_READONLY][permissionName]
       ) {
         NcError.sourceDataReadOnly(source.alias);
diff --git a/packages/nocodb/src/models/Source.ts b/packages/nocodb/src/models/Source.ts
index 09ad96c515..cd77f22547 100644
--- a/packages/nocodb/src/models/Source.ts
+++ b/packages/nocodb/src/models/Source.ts
@@ -33,6 +33,8 @@ export default class Source implements SourceType {
   alias?: string;
   type?: DriverClient;
   is_meta?: BoolType;
+  is_schema_readonly?: BoolType;
+  is_data_readonly?: BoolType;
   config?: string;
   inflection_column?: string;
   inflection_table?: string;
@@ -70,6 +72,8 @@ export default class Source implements SourceType {
       'order',
       'enabled',
       'meta',
+      'is_schema_readonly',
+      'is_data_readonly',
     ]);
 
     insertObj.config = CryptoJS.AES.encrypt(
@@ -130,6 +134,8 @@ export default class Source implements SourceType {
       'meta',
       'deleted',
       'fk_sql_executor_id',
+      'is_schema_readonly',
+      'is_data_readonly',
     ]);
 
     if (updateObj.config) {
diff --git a/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts b/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts
index 3b3174bfa4..5a2aeda45e 100644
--- a/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts
+++ b/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts
@@ -214,10 +214,10 @@ export class DuplicateController {
     const source = await Source.get(context, model.source_id);
 
     // if data/schema is readonly, then restrict duplication
-    if (source.meta?.[SourceRestriction.META_READONLY]) {
+    if (source.is_schema_readonly) {
       NcError.sourceMetaReadOnly(source.alias);
     }
-    if (source.meta?.[SourceRestriction.DATA_READONLY]) {
+    if (source.is_data_readonly) {
       NcError.sourceDataReadOnly(source.alias);
     }
 
@@ -288,10 +288,10 @@ export class DuplicateController {
     const source = await Source.get(context, model.source_id);
 
     // if data/schema is readonly, then restrict duplication
-    if (source.meta?.[SourceRestriction.META_READONLY]) {
+    if (source.is_schema_readonly) {
       NcError.sourceMetaReadOnly(source.alias);
     }
-    if (source.meta?.[SourceRestriction.DATA_READONLY]) {
+    if (source.is_data_readonly) {
       NcError.sourceDataReadOnly(source.alias);
     }
 
diff --git a/packages/nocodb/src/schema/swagger-v2.json b/packages/nocodb/src/schema/swagger-v2.json
index 6e2c729b6d..2724fca78a 100644
--- a/packages/nocodb/src/schema/swagger-v2.json
+++ b/packages/nocodb/src/schema/swagger-v2.json
@@ -12166,6 +12166,14 @@
             "$ref": "#/components/schemas/Bool",
             "description": "Is the data source minimal db"
           },
+          "is_schema_readonly": {
+            "$ref": "#/components/schemas/Bool",
+            "description": "Is the data source minimal db"
+          },
+          "is_data_readonly": {
+            "$ref": "#/components/schemas/Bool",
+            "description": "Is the data source minimal db"
+          },
           "order": {
             "description": "The order of the list of sources",
             "example": 1,
diff --git a/packages/nocodb/src/schema/swagger.json b/packages/nocodb/src/schema/swagger.json
index 24af650cd1..faa1052e77 100644
--- a/packages/nocodb/src/schema/swagger.json
+++ b/packages/nocodb/src/schema/swagger.json
@@ -18215,6 +18215,14 @@
             "$ref": "#/components/schemas/Bool",
             "description": "Is the data source minimal db"
           },
+          "is_schema_readonly": {
+            "$ref": "#/components/schemas/Bool",
+            "description": "Is the data source minimal db"
+          },
+          "is_data_readonly": {
+            "$ref": "#/components/schemas/Bool",
+            "description": "Is the data source minimal db"
+          },
           "order": {
             "description": "The order of the list of sources",
             "example": 1,
diff --git a/packages/nocodb/src/services/columns.service.ts b/packages/nocodb/src/services/columns.service.ts
index fae07000b7..e3b9300b95 100644
--- a/packages/nocodb/src/services/columns.service.ts
+++ b/packages/nocodb/src/services/columns.service.ts
@@ -201,7 +201,7 @@ export class ColumnsService {
 
     // check if source is readonly and column type is not allowed
     if (
-      source?.meta?.[SourceRestriction.META_READONLY] &&
+      source?.is_schema_readonly &&
       (!readonlyMetaAllowedTypes.includes(column.uidt) ||
         (param.column.uidt &&
           !readonlyMetaAllowedTypes.includes(param.column.uidt as UITypes)))
@@ -1496,7 +1496,7 @@ export class ColumnsService {
 
     // check if source is readonly and column type is not allowed
     if (
-      source?.meta?.[SourceRestriction.META_READONLY] &&
+      source?.is_schema_readonly &&
       !readonlyMetaAllowedTypes.includes(param.column.uidt as UITypes)
     ) {
       NcError.sourceMetaReadOnly(source.alias);
@@ -2064,7 +2064,7 @@ export class ColumnsService {
 
     // check if source is readonly and column type is not allowed
     if (
-      source?.meta?.[SourceRestriction.META_READONLY] &&
+      source?.is_schema_readonly &&
       !readonlyMetaAllowedTypes.includes(column.uidt)
     ) {
       NcError.sourceMetaReadOnly(source.alias);
diff --git a/packages/nocodb/src/services/forms.service.ts b/packages/nocodb/src/services/forms.service.ts
index 9d8b7bb568..fe13a6371e 100644
--- a/packages/nocodb/src/services/forms.service.ts
+++ b/packages/nocodb/src/services/forms.service.ts
@@ -40,7 +40,7 @@ export class FormsService {
 
     const source = await Source.get(context, model.source_id);
 
-    if (source.meta?.[SourceRestriction.DATA_READONLY]) {
+    if (source.is_data_readonly) {
       NcError.sourceDataReadOnly(source.alias);
     }
 
diff --git a/packages/nocodb/src/services/public-datas.service.ts b/packages/nocodb/src/services/public-datas.service.ts
index 092b0074ff..eb9391d3d3 100644
--- a/packages/nocodb/src/services/public-datas.service.ts
+++ b/packages/nocodb/src/services/public-datas.service.ts
@@ -299,7 +299,7 @@ export class PublicDatasService {
 
     const source = await Source.get(context, model.source_id);
 
-    if (source?.meta?.[SourceRestriction.DATA_READONLY]) {
+    if (source?.is_data_readonly) {
       NcError.sourceDataReadOnly(source.alias);
     }
 
diff --git a/packages/nocodb/src/utils/acl.ts b/packages/nocodb/src/utils/acl.ts
index e048c70dbb..2d00d814eb 100644
--- a/packages/nocodb/src/utils/acl.ts
+++ b/packages/nocodb/src/utils/acl.ts
@@ -462,7 +462,7 @@ export const sourceRestrictions = {
     jsonImport: true,
     excelImport: true,
   },
-  [SourceRestriction.META_READONLY]: {
+  [SourceRestriction.SCHEMA_READONLY]: {
     tableCreate: true,
     tableRename: true,
     tableDelete: true,

From 4a308757de3174ddcb68b427b3febc8bdfcc63f8 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 14/28] feat: allow virtual column duplication(except LTAR and
 Links)

---
 .../components/smartsheet/header/Menu.vue     |  2 +-
 .../export-import/duplicate.controller.ts     | 21 ++++++++++++-------
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/packages/nc-gui/components/smartsheet/header/Menu.vue b/packages/nc-gui/components/smartsheet/header/Menu.vue
index 76955194b0..5f6a9a2c31 100644
--- a/packages/nc-gui/components/smartsheet/header/Menu.vue
+++ b/packages/nc-gui/components/smartsheet/header/Menu.vue
@@ -393,7 +393,7 @@ const isColumnCRUDAllowed = computed(() => {
           </div>
         </NcMenuItem>
         <NcMenuItem
-          v-if="isUIAllowed('duplicateColumn') && isExpandedForm && !column?.pk"
+          v-if="isUIAllowed('duplicateColumn') && isExpandedForm && !column?.pk && isColumnCRUDAllowed"
           :disabled="!isDuplicateAllowed"
           @click="openDuplicateDlg"
         >
diff --git a/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts b/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts
index 5a2aeda45e..3856142c22 100644
--- a/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts
+++ b/packages/nocodb/src/modules/jobs/jobs/export-import/duplicate.controller.ts
@@ -8,7 +8,12 @@ import {
   Req,
   UseGuards,
 } from '@nestjs/common';
-import { ProjectStatus, SourceRestriction } from 'nocodb-sdk';
+import {
+  ProjectStatus,
+  readonlyMetaAllowedTypes,
+  SourceRestriction,
+} from 'nocodb-sdk';
+import type { UITypes } from 'nocodb-sdk';
 import { GlobalGuard } from '~/guards/global/global.guard';
 import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware';
 import { BasesService } from '~/services/bases.service';
@@ -287,12 +292,14 @@ export class DuplicateController {
 
     const source = await Source.get(context, model.source_id);
 
-    // if data/schema is readonly, then restrict duplication
-    if (source.is_schema_readonly) {
-      NcError.sourceMetaReadOnly(source.alias);
-    }
-    if (source.is_data_readonly) {
-      NcError.sourceDataReadOnly(source.alias);
+    // check if source is readonly and column type is not allowed
+    if (!readonlyMetaAllowedTypes.includes(column.uidt as UITypes)) {
+      if (source.is_schema_readonly) {
+        NcError.sourceMetaReadOnly(source.alias);
+      }
+      if (source.is_data_readonly) {
+        NcError.sourceDataReadOnly(source.alias);
+      }
     }
 
     const job = await this.jobsService.add(JobTypes.DuplicateColumn, {

From c5f8e8a76298f9ef1cababddd69edc5a14d93f76 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 15/28] test: api tests

---
 .../extract-ids/extract-ids.middleware.ts     |   2 +-
 packages/nocodb/tests/unit/factory/base.ts    |   7 +-
 packages/nocodb/tests/unit/rest/index.test.ts |   2 +
 .../unit/rest/tests/readOnlySource.test.ts    | 153 ++++++++++++++++++
 4 files changed, 160 insertions(+), 4 deletions(-)
 create mode 100644 packages/nocodb/tests/unit/rest/tests/readOnlySource.test.ts

diff --git a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
index aba3d01af3..ad7bdaac30 100644
--- a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
+++ b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
@@ -484,7 +484,7 @@ export class AclMiddleware implements NestInterceptor {
         if (req.params.sourceId) {
           source = sources.find((s) => s.id === req.params.sourceId);
         } else {
-          source = sources.find((s) => s.isMeta());
+          source = sources.find((s) => s.isMeta()) || sources[0];
         }
       } else if (req.ncSourceId) {
         source = await Source.get(req.context, req.ncSourceId);
diff --git a/packages/nocodb/tests/unit/factory/base.ts b/packages/nocodb/tests/unit/factory/base.ts
index 3e7368c5fb..bd8dc857cc 100644
--- a/packages/nocodb/tests/unit/factory/base.ts
+++ b/packages/nocodb/tests/unit/factory/base.ts
@@ -7,7 +7,7 @@ interface ProjectArgs {
   type?: string;
 }
 
-const sakilaProjectConfig = (context) => {
+const sakilaProjectConfig = (context, additionalConfig = {}) => {
   let source;
 
   if (
@@ -38,6 +38,7 @@ const sakilaProjectConfig = (context) => {
     ...source,
     inflection_column: 'camelize',
     inflection_table: 'camelize',
+    ...additionalConfig,
   };
 
   return {
@@ -67,11 +68,11 @@ const createSharedBase = async (app, token, base, sharedBaseArgs = {}) => {
     });
 };
 
-const createSakilaProject = async (context) => {
+const createSakilaProject = async (context, additionalConfig = {}) => {
   const response = await request(context.app)
     .post('/api/v1/db/meta/projects/')
     .set('xc-auth', context.token)
-    .send(sakilaProjectConfig(context));
+    .send(sakilaProjectConfig(context, additionalConfig));
 
   return (await Base.getByTitleOrId(
     {
diff --git a/packages/nocodb/tests/unit/rest/index.test.ts b/packages/nocodb/tests/unit/rest/index.test.ts
index 21fcd08e16..c2315b8881 100644
--- a/packages/nocodb/tests/unit/rest/index.test.ts
+++ b/packages/nocodb/tests/unit/rest/index.test.ts
@@ -12,6 +12,7 @@ import newDataApisTest from './tests/newDataApis.test';
 import groupByTest from './tests/groupby.test';
 import formulaTests from './tests/formula.test';
 import typeCastsTest from './tests/typeCasts.test';
+import readOnlyTest from './tests/readOnlySource.test';
 
 let workspaceTest = () => {};
 let ssoTest = () => {};
@@ -41,6 +42,7 @@ function restTests() {
   ssoTest();
   cloudOrgTest();
   typeCastsTest();
+  readOnlyTest();
 
   // Enable for dashboard feature
   // widgetTest();
diff --git a/packages/nocodb/tests/unit/rest/tests/readOnlySource.test.ts b/packages/nocodb/tests/unit/rest/tests/readOnlySource.test.ts
new file mode 100644
index 0000000000..b19cb25f16
--- /dev/null
+++ b/packages/nocodb/tests/unit/rest/tests/readOnlySource.test.ts
@@ -0,0 +1,153 @@
+import 'mocha';
+import request from 'supertest';
+import { beforeEach } from 'mocha';
+import { Exception } from 'handlebars';
+import { expect } from 'chai';
+import { Base } from '../../../../src/models';
+import { createTable, getTable } from '../../factory/table';
+import init from '../../init';
+import {
+  createProject,
+  createSakilaProject,
+  createSharedBase,
+} from '../../factory/base';
+import { RootScopes } from '../../../../src/utils/globals';
+import { generateDefaultRowAttributes } from '../../factory/row';
+import { defaultColumns } from '../../factory/column';
+
+// Test case list
+// 1. Create data readonly source
+// 2. Create schema readonly source
+
+function sourceTest() {
+  let context;
+
+  beforeEach(async function () {
+    console.time('#### readonlySourceTest');
+    context = await init();
+    console.timeEnd('#### readonlySourceTest');
+  });
+
+  it('Readonly data', async () => {
+    const base = await createSakilaProject(context, {
+      is_schema_readonly: false,
+      is_data_readonly: true,
+    });
+
+    const countryTable = await getTable({
+      base,
+      name: 'country',
+    });
+
+    const sakilaCtx = {
+      workspace_id: base.fk_workspace_id,
+      base_id: base.id,
+    };
+
+    const countryColumns = await countryTable.getColumns(sakilaCtx);
+    const rowAttributes = Array(99)
+      .fill(0)
+      .map((index) =>
+        generateDefaultRowAttributes({ columns: countryColumns, index }),
+      );
+
+    await request(context.app)
+      .post(`/api/v1/db/data/bulk/noco/${base.id}/${countryTable.id}`)
+      .set('xc-auth', context.token)
+      .send(rowAttributes)
+      .expect(403);
+
+    await request(context.app)
+      .post(`/api/v1/db/meta/projects/${base.id}/tables`)
+      .set('xc-auth', context.token)
+      .send({
+        table_name: 'new_title',
+        title: 'new_title',
+        columns: defaultColumns(context),
+      })
+      .expect(200);
+  });
+
+  it('Readonly schema', async () => {
+    const base = await createSakilaProject(context, {
+      is_schema_readonly: true,
+      is_data_readonly: false,
+    });
+
+    const countryTable = await getTable({
+      base,
+      name: 'country',
+    });
+
+    const sakilaCtx = {
+      workspace_id: base.fk_workspace_id,
+      base_id: base.id,
+    };
+
+    const countryColumns = await countryTable.getColumns(sakilaCtx);
+    const rowAttributes = Array(99)
+      .fill(0)
+      .map((index) =>
+        generateDefaultRowAttributes({ columns: countryColumns, index }),
+      );
+
+    await request(context.app)
+      .post(`/api/v1/db/data/bulk/noco/${base.id}/${countryTable.id}`)
+      .set('xc-auth', context.token)
+      .send(rowAttributes)
+      .expect(200);
+
+    await request(context.app)
+      .post(`/api/v1/db/meta/projects/${base.id}/tables`)
+      .set('xc-auth', context.token)
+      .send({
+        table_name: 'new_title',
+        title: 'new_title',
+        columns: defaultColumns(context),
+      })
+      .expect(403);
+  });
+  it('Readonly schema & data', async () => {
+    const base = await createSakilaProject(context, {
+      is_schema_readonly: true,
+      is_data_readonly: true,
+    });
+
+    const countryTable = await getTable({
+      base,
+      name: 'country',
+    });
+
+    const sakilaCtx = {
+      workspace_id: base.fk_workspace_id,
+      base_id: base.id,
+    };
+
+    const countryColumns = await countryTable.getColumns(sakilaCtx);
+    const rowAttributes = Array(99)
+      .fill(0)
+      .map((index) =>
+        generateDefaultRowAttributes({ columns: countryColumns, index }),
+      );
+
+    await request(context.app)
+      .post(`/api/v1/db/data/bulk/noco/${base.id}/${countryTable.id}`)
+      .set('xc-auth', context.token)
+      .send(rowAttributes)
+      .expect(403);
+
+    await request(context.app)
+      .post(`/api/v1/db/meta/projects/${base.id}/tables`)
+      .set('xc-auth', context.token)
+      .send({
+        table_name: 'new_title',
+        title: 'new_title',
+        columns: defaultColumns(context),
+      })
+      .expect(403);
+  });
+}
+
+export default function () {
+  describe('SourceRestriction', sourceTest);
+}

From 234037d26c322d4263bb75b1be6c2ab467e53388 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 16/28] feat: handle in fields

---
 .../settings/data-sources/CreateBase.vue      | 353 +++++++++---------
 .../settings/data-sources/EditBase.vue        |   3 +-
 .../components/smartsheet/details/Fields.vue  |  15 +-
 .../components/smartsheet/header/Menu.vue     |   8 +-
 packages/nc-gui/lang/en.json                  |   1 +
 packages/nocodb-sdk/src/lib/UITypes.ts        |   4 +-
 .../unit/rest/tests/readOnlySource.test.ts    |   7 +-
 7 files changed, 206 insertions(+), 185 deletions(-)

diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index d828b8deb3..ae496e460f 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -1,7 +1,7 @@
 <script lang="ts" setup>
-import { Form, message } from 'ant-design-vue'
-import type { SelectHandler } from 'ant-design-vue/es/vc-select/Select'
-import { SourceRestriction } from 'nocodb-sdk'
+import {Form, message} from 'ant-design-vue'
+import type {SelectHandler} from 'ant-design-vue/es/vc-select/Select'
+import {SourceRestriction} from 'nocodb-sdk'
 import {
   type CertTypes,
   ClientType,
@@ -21,12 +21,12 @@ const vOpen = useVModel(props, 'open', emit)
 const connectionType = computed(() => props.connectionType ?? ClientType.MYSQL)
 
 const baseStore = useBase()
-const { loadProject } = useBases()
-const { base } = storeToRefs(baseStore)
+const {loadProject} = useBases()
+const {base} = storeToRefs(baseStore)
 
-const { loadProjectTables } = useTablesStore()
+const {loadProjectTables} = useTablesStore()
 
-const { refreshCommandPalette } = useCommandPalette()
+const {refreshCommandPalette} = useCommandPalette()
 
 const _projectId = inject(ProjectIdInj, undefined)
 const baseId = computed(() => _projectId?.value ?? base.value?.id)
@@ -39,17 +39,17 @@ const testingConnection = ref(false)
 
 const form = ref<typeof Form>()
 
-const { api } = useApi()
+const {api} = useApi()
 
-const { $e } = useNuxtApp()
+const {$e} = useNuxtApp()
 
-const { t } = useI18n()
+const {t} = useI18n()
 
 const creatingSource = ref(false)
 
 const formState = ref<ProjectCreateForm>({
   title: '',
-  dataSource: { ...getDefaultConnectionConfig(ClientType.MYSQL) },
+  dataSource: {...getDefaultConnectionConfig(ClientType.MYSQL)},
   inflection: {
     inflectionColumn: 'none',
     inflectionTable: 'none',
@@ -58,12 +58,12 @@ const formState = ref<ProjectCreateForm>({
   extraParameters: [],
   'is_schema_readonly': true,
   'is_data_readonly': false,
-  },
+},
 })
 
 const customFormState = ref<ProjectCreateForm>({
   title: '',
-  dataSource: { ...getDefaultConnectionConfig(ClientType.MYSQL) },
+  dataSource: {...getDefaultConnectionConfig(ClientType.MYSQL)},
   inflection: {
     inflectionColumn: 'none',
     inflectionTable: 'none',
@@ -123,14 +123,14 @@ const validators = computed(() => {
   }
 })
 
-const { validate, validateInfos } = useForm(formState.value, validators)
+const {validate, validateInfos} = useForm(formState.value, validators)
 
 const populateName = (v: string) => {
   formState.value.dataSource.connection.database = `${v.trim()}_noco`
 }
 
 const onClientChange = () => {
-  formState.value.dataSource = { ...getDefaultConnectionConfig(formState.value.dataSource.client) }
+  formState.value.dataSource = {...getDefaultConnectionConfig(formState.value.dataSource.client)}
   populateName(formState.value.title)
 }
 
@@ -171,7 +171,7 @@ const updateSSLUse = () => {
 }
 
 const addNewParam = () => {
-  formState.value.extraParameters.push({ key: '', value: '' })
+  formState.value.extraParameters.push({key: '', value: ''})
 }
 
 const removeParam = (index: number) => {
@@ -197,7 +197,7 @@ const onFileSelect = (key: CertTypes, el?: HTMLInputElement) => {
 }
 
 const sslFilesRequired = computed(
-  () => !!formState.value.sslUse && formState.value.sslUse !== SSLUsage.No && formState.value.sslUse !== SSLUsage.Allowed,
+    () => !!formState.value.sslUse && formState.value.sslUse !== SSLUsage.No && formState.value.sslUse !== SSLUsage.Allowed,
 )
 
 function getConnectionConfig() {
@@ -210,8 +210,8 @@ function getConnectionConfig() {
 
   if ('ssl' in connection && connection.ssl) {
     if (
-      formState.value.sslUse === SSLUsage.No ||
-      (typeof connection.ssl === 'object' && Object.values(connection.ssl).every((v) => v === null || v === undefined))
+        formState.value.sslUse === SSLUsage.No ||
+        (typeof connection.ssl === 'object' && Object.values(connection.ssl).every((v) => v === null || v === undefined))
     ) {
       delete connection.ssl
     }
@@ -223,7 +223,7 @@ const focusInvalidInput = () => {
   form.value?.$el.querySelector('.ant-form-item-explain-error')?.parentNode?.parentNode?.querySelector('input')?.focus()
 }
 
-const { $poller } = useNuxtApp()
+const {$poller} = useNuxtApp()
 
 const createSource = async () => {
   try {
@@ -240,7 +240,7 @@ const createSource = async () => {
 
     const connection = getConnectionConfig()
 
-    const config = { ...formState.value.dataSource, connection }
+    const config = {...formState.value.dataSource, connection}
 
     const jobData = await api.source.create(baseId.value, {
       alias: formState.value.title,
@@ -253,36 +253,36 @@ const createSource = async () => {
     })
 
     $poller.subscribe(
-      { id: jobData.id },
-      async (data: {
-        id: string
-        status?: string
-        data?: {
-          error?: {
-            message: string
+        {id: jobData.id},
+        async (data: {
+          id: string
+          status?: string
+          data?: {
+            error?: {
+              message: string
+            }
+            message?: string
+            result?: any
           }
-          message?: string
-          result?: any
-        }
-      }) => {
-        if (data.status !== 'close') {
-          if (data.status === JobStatus.COMPLETED) {
-            $e('a:base:create:extdb')
-
-            if (baseId.value) {
-              await loadProject(baseId.value, true)
-              await loadProjectTables(baseId.value, true)
+        }) => {
+          if (data.status !== 'close') {
+            if (data.status === JobStatus.COMPLETED) {
+              $e('a:base:create:extdb')
+
+              if (baseId.value) {
+                await loadProject(baseId.value, true)
+                await loadProjectTables(baseId.value, true)
+              }
+
+              emit('sourceCreated')
+              vOpen.value = false
+              creatingSource.value = false
+            } else if (status === JobStatus.FAILED) {
+              message.error('Failed to create base')
+              creatingSource.value = false
             }
-
-            emit('sourceCreated')
-            vOpen.value = false
-            creatingSource.value = false
-          } else if (status === JobStatus.FAILED) {
-            message.error('Failed to create base')
-            creatingSource.value = false
           }
-        }
-      },
+        },
     )
   } catch (e: any) {
     message.error(await extractSdkResponseErrorMsg(e))
@@ -339,11 +339,11 @@ const testConnection = async () => {
 const handleImportURL = async () => {
   if (!importURL.value || importURL.value === '') return
 
-  const connectionConfig = await api.utils.urlToConfig({ url: importURL.value })
+  const connectionConfig = await api.utils.urlToConfig({url: importURL.value})
 
   if (connectionConfig) {
     formState.value.dataSource.client = connectionConfig.client
-    formState.value.dataSource.connection = { ...connectionConfig.connection }
+    formState.value.dataSource.connection = {...connectionConfig.connection}
   } else {
     message.error(t('msg.error.invalidURL'))
   }
@@ -352,27 +352,27 @@ const handleImportURL = async () => {
 }
 
 const handleEditJSON = () => {
-  customFormState.value = { ...formState.value }
+  customFormState.value = {...formState.value}
   configEditDlg.value = true
 }
 
 const handleOk = () => {
-  formState.value = { ...customFormState.value }
+  formState.value = {...customFormState.value}
   configEditDlg.value = false
   updateSSLUse()
 }
 
 // reset test status on config change
 watch(
-  () => formState.value.dataSource,
-  () => (testSuccess.value = false),
-  { deep: true },
+    () => formState.value.dataSource,
+    () => (testSuccess.value = false),
+    {deep: true},
 )
 
 // populate database name based on title
 watch(
-  () => formState.value.title,
-  (v) => populateName(v),
+    () => formState.value.title,
+    (v) => populateName(v),
 )
 
 // select and focus title field on load
@@ -389,12 +389,12 @@ onMounted(async () => {
 })
 
 watch(
-  connectionType,
-  (v) => {
-    formState.value.dataSource.client = v
-    onClientChange()
-  },
-  { immediate: true },
+    connectionType,
+    (v) => {
+      formState.value.dataSource.client = v
+      onClientChange()
+    },
+    {immediate: true},
 )
 const toggleModal = (val: boolean) => {
   vOpen.value = val
@@ -404,6 +404,7 @@ const allowMetaWrite = computed({
   get: () => !formState.value.is_schema_readonly,
   set: (v) => {
     formState.value.is_schema_readonly = !v
+    $e('c:source:schema-write-toggle', {allowed: !v})
   },
 })
 
@@ -411,60 +412,61 @@ const allowDataWrite = computed({
   get: () => !formState.value.is_data_readonly,
   set: (v) => {
     formState.value.is_data_readonly = !v
+    $e('c:source:data-write-toggle', { allowed: !v })
   },
 })
 </script>
 
 <template>
   <GeneralModal
-    :visible="vOpen"
-    :closable="!creatingSource"
-    :keyboard="!creatingSource"
-    :mask-closable="false"
-    size="medium"
-    @update:visible="toggleModal"
+      :visible="vOpen"
+      :closable="!creatingSource"
+      :keyboard="!creatingSource"
+      :mask-closable="false"
+      size="medium"
+      @update:visible="toggleModal"
   >
     <div class="py-6 px-8">
       <div class="create-source bg-white relative flex flex-col justify-center gap-2 w-full">
         <h1 class="prose-xl font-bold self-start mb-4 flex items-center gap-2">
           {{ $t('title.newBase') }}
-          <DashboardSettingsDataSourcesInfo />
+          <DashboardSettingsDataSourcesInfo/>
           <span class="flex-grow"></span>
         </h1>
 
         <a-form
-          ref="form"
-          :model="formState"
-          name="external-base-create-form"
-          layout="horizontal"
-          no-style
-          :label-col="{ span: 8 }"
+            ref="form"
+            :model="formState"
+            name="external-base-create-form"
+            layout="horizontal"
+            no-style
+            :label-col="{ span: 8 }"
         >
           <div
-            class="nc-scrollbar-md"
-            :style="{
+              class="nc-scrollbar-md"
+              :style="{
               maxHeight: '60vh',
             }"
           >
             <a-form-item label="Source Name" v-bind="validateInfos.title">
-              <a-input v-model:value="formState.title" class="nc-extdb-proj-name" />
+              <a-input v-model:value="formState.title" class="nc-extdb-proj-name"/>
             </a-form-item>
 
             <a-form-item :label="$t('labels.dbType')" v-bind="validateInfos['dataSource.client']">
               <a-select
-                v-model:value="formState.dataSource.client"
-                class="nc-extdb-db-type"
-                dropdown-class-name="nc-dropdown-ext-db-type"
-                @change="onClientChange"
+                  v-model:value="formState.dataSource.client"
+                  class="nc-extdb-db-type"
+                  dropdown-class-name="nc-dropdown-ext-db-type"
+                  @change="onClientChange"
               >
                 <a-select-option v-for="client in clientTypes" :key="client.value" :value="client.value">
                   <div class="flex items-center gap-2 justify-between">
                     <div>{{ client.text }}</div>
                     <component
-                      :is="iconMap.check"
-                      v-if="formState.dataSource.client === client.value"
-                      id="nc-selected-item-icon"
-                      class="text-primary w-4 h-4"
+                        :is="iconMap.check"
+                        v-if="formState.dataSource.client === client.value"
+                        id="nc-selected-item-icon"
+                        class="text-primary w-4 h-4"
                     />
                   </div>
                 </a-select-option>
@@ -473,40 +475,41 @@ const allowDataWrite = computed({
 
             <!-- SQLite File -->
             <a-form-item
-              v-if="formState.dataSource.client === ClientType.SQLITE"
-              :label="$t('labels.sqliteFile')"
-              v-bind="validateInfos['dataSource.connection.connection.filename']"
+                v-if="formState.dataSource.client === ClientType.SQLITE"
+                :label="$t('labels.sqliteFile')"
+                v-bind="validateInfos['dataSource.connection.connection.filename']"
             >
-              <a-input v-model:value="(formState.dataSource.connection as SQLiteConnection).connection.filename" />
+              <a-input v-model:value="(formState.dataSource.connection as SQLiteConnection).connection.filename"/>
             </a-form-item>
 
             <template v-else>
               <!-- Host Address -->
               <a-form-item :label="$t('labels.hostAddress')" v-bind="validateInfos['dataSource.connection.host']">
                 <a-input
-                  v-model:value="(formState.dataSource.connection as DefaultConnection).host"
-                  class="nc-extdb-host-address"
+                    v-model:value="(formState.dataSource.connection as DefaultConnection).host"
+                    class="nc-extdb-host-address"
                 />
               </a-form-item>
 
               <!-- Port Number -->
               <a-form-item :label="$t('labels.port')" v-bind="validateInfos['dataSource.connection.port']">
                 <a-input-number
-                  v-model:value="(formState.dataSource.connection as DefaultConnection).port"
-                  class="!w-full nc-extdb-host-port"
+                    v-model:value="(formState.dataSource.connection as DefaultConnection).port"
+                    class="!w-full nc-extdb-host-port"
                 />
               </a-form-item>
 
               <!-- Username -->
               <a-form-item :label="$t('labels.username')" v-bind="validateInfos['dataSource.connection.user']">
-                <a-input v-model:value="(formState.dataSource.connection as DefaultConnection).user" class="nc-extdb-host-user" />
+                <a-input v-model:value="(formState.dataSource.connection as DefaultConnection).user"
+                         class="nc-extdb-host-user"/>
               </a-form-item>
 
               <!-- Password -->
               <a-form-item :label="$t('labels.password')">
                 <a-input-password
-                  v-model:value="(formState.dataSource.connection as DefaultConnection).password"
-                  class="nc-extdb-host-password"
+                    v-model:value="(formState.dataSource.connection as DefaultConnection).password"
+                    class="nc-extdb-host-password"
                 />
               </a-form-item>
 
@@ -514,19 +517,19 @@ const allowDataWrite = computed({
               <a-form-item :label="$t('labels.database')" v-bind="validateInfos['dataSource.connection.database']">
                 <!-- Database : create if not exists -->
                 <a-input
-                  v-model:value="formState.dataSource.connection.database"
-                  :placeholder="$t('labels.dbCreateIfNotExists')"
-                  class="nc-extdb-host-database"
+                    v-model:value="formState.dataSource.connection.database"
+                    :placeholder="$t('labels.dbCreateIfNotExists')"
+                    class="nc-extdb-host-database"
                 />
               </a-form-item>
 
               <!-- Schema name -->
               <a-form-item
-                v-if="[ClientType.MSSQL, ClientType.PG].includes(formState.dataSource.client) && formState.dataSource.searchPath"
-                :label="$t('labels.schemaName')"
-                v-bind="validateInfos['dataSource.searchPath.0']"
+                  v-if="[ClientType.MSSQL, ClientType.PG].includes(formState.dataSource.client) && formState.dataSource.searchPath"
+                  :label="$t('labels.schemaName')"
+                  v-bind="validateInfos['dataSource.searchPath.0']"
               >
-                <a-input v-model:value="formState.dataSource.searchPath[0]" />
+                <a-input v-model:value="formState.dataSource.searchPath[0]"/>
               </a-form-item>
               <a-form-item>
                 <template #label>
@@ -538,7 +541,7 @@ const allowDataWrite = computed({
                       <template #title>
                         <span>{{ $t('tooltip.allowMetaWrite') }}</span>
                       </template>
-                      <GeneralIcon class="text-gray-500" icon="info" />
+                      <GeneralIcon class="text-gray-500" icon="info"/>
                     </NcTooltip>
                   </div>
                 </template>
@@ -554,7 +557,7 @@ const allowDataWrite = computed({
                       <template #title>
                         <span>{{ $t('tooltip.allowDataWrite') }}</span>
                       </template>
-                      <GeneralIcon class="text-gray-500" icon="info" />
+                      <GeneralIcon class="text-gray-500" icon="info"/>
                     </NcTooltip>
                   </div>
                 </template>
@@ -563,7 +566,8 @@ const allowDataWrite = computed({
 
               <div class="flex items-right justify-end gap-2">
                 <!--                Use Connection URL -->
-                <NcButton type="ghost" size="small" class="nc-extdb-btn-import-url !rounded-md" @click.stop="importURLDlg = true">
+                <NcButton type="ghost" size="small" class="nc-extdb-btn-import-url !rounded-md"
+                          @click.stop="importURLDlg = true">
                   {{ $t('activity.useConnectionUrl') }}
                 </NcButton>
               </div>
@@ -575,18 +579,18 @@ const allowDataWrite = computed({
                   </template>
                   <a-form-item label="SSL mode">
                     <a-select
-                      v-model:value="formState.sslUse"
-                      dropdown-class-name="nc-dropdown-ssl-mode"
-                      @select="onSSLModeChange"
+                        v-model:value="formState.sslUse"
+                        dropdown-class-name="nc-dropdown-ssl-mode"
+                        @select="onSSLModeChange"
                     >
                       <a-select-option v-for="opt in Object.values(SSLUsage)" :key="opt" :value="opt">
                         <div class="flex items-center gap-2 justify-between">
                           <div>{{ opt }}</div>
                           <component
-                            :is="iconMap.check"
-                            v-if="formState?.sslUse === opt"
-                            id="nc-selected-item-icon"
-                            class="text-primary w-4 h-4"
+                              :is="iconMap.check"
+                              v-if="formState?.sslUse === opt"
+                              id="nc-selected-item-icon"
+                              class="text-primary w-4 h-4"
                           />
                         </div>
                       </a-select-option>
@@ -601,7 +605,8 @@ const allowDataWrite = computed({
                           <span>{{ $t('tooltip.clientCert') }}</span>
                         </template>
 
-                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow" @click="certFileInput?.click()">
+                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow"
+                                  @click="certFileInput?.click()">
                           {{ $t('labels.clientCert') }}
                         </NcButton>
                       </a-tooltip>
@@ -611,7 +616,8 @@ const allowDataWrite = computed({
                         <template #title>
                           <span>{{ $t('tooltip.clientKey') }}</span>
                         </template>
-                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow" @click="keyFileInput?.click()">
+                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow"
+                                  @click="keyFileInput?.click()">
                           {{ $t('labels.clientKey') }}
                         </NcButton>
                       </a-tooltip>
@@ -622,65 +628,69 @@ const allowDataWrite = computed({
                           <span>{{ $t('tooltip.clientCA') }}</span>
                         </template>
 
-                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow" @click="caFileInput?.click()">
+                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow"
+                                  @click="caFileInput?.click()">
                           {{ $t('labels.serverCA') }}
                         </NcButton>
                       </a-tooltip>
                     </div>
                   </a-form-item>
 
-                  <input ref="caFileInput" type="file" class="!hidden" @change="onFileSelect(CertTypes.ca, caFileInput)" />
+                  <input ref="caFileInput" type="file" class="!hidden"
+                         @change="onFileSelect(CertTypes.ca, caFileInput)"/>
 
-                  <input ref="certFileInput" type="file" class="!hidden" @change="onFileSelect(CertTypes.cert, certFileInput)" />
+                  <input ref="certFileInput" type="file" class="!hidden"
+                         @change="onFileSelect(CertTypes.cert, certFileInput)"/>
 
-                  <input ref="keyFileInput" type="file" class="!hidden" @change="onFileSelect(CertTypes.key, keyFileInput)" />
+                  <input ref="keyFileInput" type="file" class="!hidden"
+                         @change="onFileSelect(CertTypes.key, keyFileInput)"/>
 
-                  <a-divider />
+                  <a-divider/>
 
                   <!--            Extra connection parameters -->
                   <a-form-item
-                    class="mb-2"
-                    :label="$t('labels.extraConnectionParameters')"
-                    v-bind="validateInfos.extraParameters"
+                      class="mb-2"
+                      :label="$t('labels.extraConnectionParameters')"
+                      v-bind="validateInfos.extraParameters"
                   >
                     <a-card>
                       <div v-for="(item, index) of formState.extraParameters" :key="index">
                         <div class="flex py-1 items-center gap-1">
-                          <a-input v-model:value="item.key" />
+                          <a-input v-model:value="item.key"/>
 
                           <span>:</span>
 
-                          <a-input v-model:value="item.value" />
+                          <a-input v-model:value="item.value"/>
 
                           <component
-                            :is="iconMap.close"
-                            :style="{ 'font-size': '1.5em', 'color': 'red' }"
-                            @click="removeParam(index)"
+                              :is="iconMap.close"
+                              :style="{ 'font-size': '1.5em', 'color': 'red' }"
+                              @click="removeParam(index)"
                           />
                         </div>
                       </div>
                       <NcButton size="small" type="dashed" class="w-full caption mt-2" @click="addNewParam">
                         <div class="flex items-center justify-center">
-                          <component :is="iconMap.plus" />
+                          <component :is="iconMap.plus"/>
                         </div>
                       </NcButton>
                     </a-card>
                   </a-form-item>
 
-                  <a-divider />
+                  <a-divider/>
                   <a-form-item :label="$t('labels.inflection.tableName')">
                     <a-select
-                      v-model:value="formState.inflection.inflectionTable"
-                      dropdown-class-name="nc-dropdown-inflection-table-name"
+                        v-model:value="formState.inflection.inflectionTable"
+                        dropdown-class-name="nc-dropdown-inflection-table-name"
                     >
                       <a-select-option v-for="tp in inflectionTypes" :key="tp" :value="tp">
                         <div class="flex items-center gap-2 justify-between">
                           <div>{{ tp }}</div>
                           <component
-                            :is="iconMap.check"
-                            v-if="formState?.inflection?.inflectionTable === tp"
-                            id="nc-selected-item-icon"
-                            class="text-primary w-4 h-4"
+                              :is="iconMap.check"
+                              v-if="formState?.inflection?.inflectionTable === tp"
+                              id="nc-selected-item-icon"
+                              class="text-primary w-4 h-4"
                           />
                         </div>
                       </a-select-option>
@@ -689,17 +699,18 @@ const allowDataWrite = computed({
 
                   <a-form-item :label="$t('labels.inflection.columnName')">
                     <a-select
-                      v-model:value="formState.inflection.inflectionColumn"
-                      dropdown-class-name="nc-dropdown-inflection-column-name"
+                        v-model:value="formState.inflection.inflectionColumn"
+                        dropdown-class-name="nc-dropdown-inflection-column-name"
                     >
                       <a-select-option v-for="tp in inflectionTypes" :key="tp" :value="tp"
-                        ><div class="flex items-center gap-2 justify-between">
+                      >
+                        <div class="flex items-center gap-2 justify-between">
                           <div>{{ tp }}</div>
                           <component
-                            :is="iconMap.check"
-                            v-if="formState?.inflection?.inflectionColumn === tp"
-                            id="nc-selected-item-icon"
-                            class="text-primary w-4 h-4"
+                              :is="iconMap.check"
+                              v-if="formState?.inflection?.inflectionColumn === tp"
+                              id="nc-selected-item-icon"
+                              class="text-primary w-4 h-4"
                           />
                         </div>
                       </a-select-option>
@@ -720,23 +731,23 @@ const allowDataWrite = computed({
           <a-form-item class="flex justify-end !mt-5">
             <div class="flex justify-end gap-2">
               <NcButton
-                :type="testSuccess ? 'ghost' : 'primary'"
-                size="small"
-                class="nc-extdb-btn-test-connection !rounded-md"
-                :loading="testingConnection"
-                @click="testConnection"
+                  :type="testSuccess ? 'ghost' : 'primary'"
+                  size="small"
+                  class="nc-extdb-btn-test-connection !rounded-md"
+                  :loading="testingConnection"
+                  @click="testConnection"
               >
-                <GeneralIcon v-if="testSuccess" icon="circleCheck" class="text-primary mr-2" />
+                <GeneralIcon v-if="testSuccess" icon="circleCheck" class="text-primary mr-2"/>
                 {{ $t('activity.testDbConn') }}
               </NcButton>
 
               <NcButton
-                size="small"
-                type="primary"
-                :disabled="!testSuccess"
-                :loading="creatingSource"
-                class="nc-extdb-btn-submit !rounded-md"
-                @click="createSource"
+                  size="small"
+                  type="primary"
+                  :disabled="!testSuccess"
+                  :loading="creatingSource"
+                  class="nc-extdb-btn-submit !rounded-md"
+                  @click="createSource"
               >
                 {{ $t('general.submit') }}
               </NcButton>
@@ -745,26 +756,26 @@ const allowDataWrite = computed({
         </a-form>
 
         <a-modal
-          v-model:visible="configEditDlg"
-          :title="$t('activity.editConnJson')"
-          width="600px"
-          wrap-class-name="nc-modal-edit-connection-json"
-          @ok="handleOk"
+            v-model:visible="configEditDlg"
+            :title="$t('activity.editConnJson')"
+            width="600px"
+            wrap-class-name="nc-modal-edit-connection-json"
+            @ok="handleOk"
         >
-          <MonacoEditor v-if="configEditDlg" v-model="customFormState" class="h-[400px] w-full" />
+          <MonacoEditor v-if="configEditDlg" v-model="customFormState" class="h-[400px] w-full"/>
         </a-modal>
 
         <!--    Use Connection URL -->
         <a-modal
-          v-model:visible="importURLDlg"
-          :title="$t('activity.useConnectionUrl')"
-          width="500px"
-          :ok-text="$t('general.ok')"
-          :cancel-text="$t('general.cancel')"
-          wrap-class-name="nc-modal-connection-url"
-          @ok="handleImportURL"
+            v-model:visible="importURLDlg"
+            :title="$t('activity.useConnectionUrl')"
+            width="500px"
+            :ok-text="$t('general.ok')"
+            :cancel-text="$t('general.cancel')"
+            wrap-class-name="nc-modal-connection-url"
+            @ok="handleImportURL"
         >
-          <a-input v-model:value="importURL" />
+          <a-input v-model:value="importURL"/>
         </a-modal>
       </div>
     </div>
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
index 43a5a3368b..462f719cbf 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
@@ -1,6 +1,5 @@
 <script lang="ts" setup>
 import type { SourceType } from 'nocodb-sdk'
-import { SourceRestriction } from 'nocodb-sdk'
 import { Form, message } from 'ant-design-vue'
 import type { SelectHandler } from 'ant-design-vue/es/vc-select/Select'
 import {
@@ -370,6 +369,7 @@ const allowMetaWrite = computed({
   get: () => !formState.value.is_schema_readonly,
   set: (v) => {
     formState.value.is_schema_readonly = !v
+    $e('c:source:schema-write-toggle', { allowed: !v, edit: true })
   },
 })
 
@@ -377,6 +377,7 @@ const allowDataWrite = computed({
   get: () => !formState.value.is_data_readonly,
   set: (v) => {
     formState.value.is_data_readonly = !v
+    $e('c:source:data-write-toggle', { allowed: !v, edit: true })
   },
 })
 </script>
diff --git a/packages/nc-gui/components/smartsheet/details/Fields.vue b/packages/nc-gui/components/smartsheet/details/Fields.vue
index a491405d32..a2554e041a 100644
--- a/packages/nc-gui/components/smartsheet/details/Fields.vue
+++ b/packages/nc-gui/components/smartsheet/details/Fields.vue
@@ -1,7 +1,7 @@
 <script setup lang="ts">
 import { diff } from 'deep-object-diff'
 import { message } from 'ant-design-vue'
-import { UITypes, isLinksOrLTAR, isSystemColumn, isVirtualCol } from 'nocodb-sdk'
+import { UITypes, isLinksOrLTAR, isSystemColumn, isVirtualCol, readonlyMetaAllowedTypes } from 'nocodb-sdk'
 import type { ColumnType, FilterType, SelectOptionsType } from 'nocodb-sdk'
 import Draggable from 'vuedraggable'
 import { onKeyDown, useMagicKeys } from '@vueuse/core'
@@ -182,7 +182,18 @@ const setFieldMoveHook = (field: TableExplorerColumn, before = false) => {
   }
 }
 
+const { isMetaReadOnly } = useRoles()
+
+const isColumnUpdateAllowed = (column: ColumnType) => {
+  if (isMetaReadOnly.value && !readonlyMetaAllowedTypes.includes(column?.uidt)) return false
+  return true
+}
+
 const changeField = (field?: TableExplorerColumn, event?: MouseEvent) => {
+  if (!isColumnUpdateAllowed(field)) {
+    return message.info(t('msg.info.schemaReadOnly'))
+  }
+
   if (field && field?.pk) {
     // Editing primary key not supported
     message.info(t('msg.info.editingPKnotSupported'))
@@ -1003,7 +1014,7 @@ watch(
                 <div
                   v-if="field.title.toLowerCase().includes(searchQuery.toLowerCase()) && !field.pv"
                   class="flex px-2 hover:bg-gray-100 first:rounded-t-lg border-b-1 last:rounded-b-none border-gray-200 pl-5 group"
-                  :class="` ${compareCols(field, activeField) ? 'selected' : ''}`"
+                  :class="{ 'selected': compareCols(field, activeField), 'cursor-not-allowed': !isColumnUpdateAllowed(field) }"
                   :data-testid="`nc-field-item-${fieldState(field)?.title || field.title}`"
                   @click="changeField(field, $event)"
                 >
diff --git a/packages/nc-gui/components/smartsheet/header/Menu.vue b/packages/nc-gui/components/smartsheet/header/Menu.vue
index 5f6a9a2c31..0b8dfdc108 100644
--- a/packages/nc-gui/components/smartsheet/header/Menu.vue
+++ b/packages/nc-gui/components/smartsheet/header/Menu.vue
@@ -355,7 +355,7 @@ const filterOrGroupByThisField = (event: SmartsheetStoreEvents) => {
   isOpen.value = false
 }
 
-const isColumnCRUDAllowed = computed(() => {
+const isColumnUpdateAllowed = computed(() => {
   if (isMetaReadOnly.value && !readonlyMetaAllowedTypes.includes(column.value?.uidt)) return false
   return true
 })
@@ -382,7 +382,7 @@ const isColumnCRUDAllowed = computed(() => {
         }"
       >
         <NcMenuItem
-          v-if="isUIAllowed('fieldAlter') && isColumnCRUDAllowed"
+          v-if="isUIAllowed('fieldAlter') && isColumnUpdateAllowed"
           :disabled="column?.pk || isSystemColumn(column)"
           @click="onEditPress"
         >
@@ -393,7 +393,7 @@ const isColumnCRUDAllowed = computed(() => {
           </div>
         </NcMenuItem>
         <NcMenuItem
-          v-if="isUIAllowed('duplicateColumn') && isExpandedForm && !column?.pk && isColumnCRUDAllowed"
+          v-if="isUIAllowed('duplicateColumn') && isExpandedForm && !column?.pk && isColumnUpdateAllowed"
           :disabled="!isDuplicateAllowed"
           @click="openDuplicateDlg"
         >
@@ -532,7 +532,7 @@ const isColumnCRUDAllowed = computed(() => {
         <a-divider v-if="!column?.pv" class="!my-0" />
 
         <NcMenuItem
-          v-if="!column?.pv && isUIAllowed('fieldDelete') && isColumnCRUDAllowed"
+          v-if="!column?.pv && isUIAllowed('fieldDelete') && isColumnUpdateAllowed"
           :disabled="!isDeleteAllowed"
           class="!hover:bg-red-50"
           @click="handleDelete"
diff --git a/packages/nc-gui/lang/en.json b/packages/nc-gui/lang/en.json
index 22b2f94aa8..df5652ae2d 100644
--- a/packages/nc-gui/lang/en.json
+++ b/packages/nc-gui/lang/en.json
@@ -1264,6 +1264,7 @@
       }
     },
     "info": {
+      "schemaReadOnly": "Schema alterations are disabled for this source",
       "enterWorkspaceName": "Enter workspace name",
       "enterBaseName": "Enter base name",
       "idpPaste": "Paste these URL in your Identity Providers console",
diff --git a/packages/nocodb-sdk/src/lib/UITypes.ts b/packages/nocodb-sdk/src/lib/UITypes.ts
index 6dd66e20a4..eb5b9d7a2f 100644
--- a/packages/nocodb-sdk/src/lib/UITypes.ts
+++ b/packages/nocodb-sdk/src/lib/UITypes.ts
@@ -255,12 +255,10 @@ export const isSelectTypeCol = (
 };
 export default UITypes;
 
-
 export const readonlyMetaAllowedTypes = [
   UITypes.Lookup,
   UITypes.Rollup,
   UITypes.Formula,
   UITypes.Barcode,
   UITypes.QrCode,
-]
-
+];
diff --git a/packages/nocodb/tests/unit/rest/tests/readOnlySource.test.ts b/packages/nocodb/tests/unit/rest/tests/readOnlySource.test.ts
index b19cb25f16..dfd3ac4b97 100644
--- a/packages/nocodb/tests/unit/rest/tests/readOnlySource.test.ts
+++ b/packages/nocodb/tests/unit/rest/tests/readOnlySource.test.ts
@@ -44,7 +44,7 @@ function sourceTest() {
       base_id: base.id,
     };
 
-    const countryColumns = await countryTable.getColumns(sakilaCtx);
+    const countryColumns = (await countryTable.getColumns(sakilaCtx)).filter(c => !c.pk);
     const rowAttributes = Array(99)
       .fill(0)
       .map((index) =>
@@ -84,7 +84,7 @@ function sourceTest() {
       base_id: base.id,
     };
 
-    const countryColumns = await countryTable.getColumns(sakilaCtx);
+    const countryColumns = (await countryTable.getColumns(sakilaCtx)).filter(c => !c.pk);
     const rowAttributes = Array(99)
       .fill(0)
       .map((index) =>
@@ -96,7 +96,6 @@ function sourceTest() {
       .set('xc-auth', context.token)
       .send(rowAttributes)
       .expect(200);
-
     await request(context.app)
       .post(`/api/v1/db/meta/projects/${base.id}/tables`)
       .set('xc-auth', context.token)
@@ -123,7 +122,7 @@ function sourceTest() {
       base_id: base.id,
     };
 
-    const countryColumns = await countryTable.getColumns(sakilaCtx);
+    const countryColumns = (await countryTable.getColumns(sakilaCtx)).filter(c => !c.pk);
     const rowAttributes = Array(99)
       .fill(0)
       .map((index) =>

From f11734f967163955e363bc2e6b6a1b32165fa10b Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 17/28] refactor: review comments

---
 .../nc-gui/components/smartsheet/Details.vue  |  4 ++--
 .../components/smartsheet/grid/Table.vue      | 24 ++++++++++++-------
 .../components/smartsheet/header/Cell.vue     | 11 ++++++---
 .../components/smartsheet/header/Menu.vue     | 12 +++++-----
 .../smartsheet/header/VirtualCell.vue         | 10 ++++++--
 .../smartsheet/toolbar/ViewActionMenu.vue     |  4 ++--
 .../virtual-cell/components/LinkedItems.vue   |  4 +++-
 .../virtual-cell/components/UnLinkedItems.vue |  4 +++-
 .../composables/useMultiSelect/index.ts       | 10 +++++++-
 9 files changed, 57 insertions(+), 26 deletions(-)

diff --git a/packages/nc-gui/components/smartsheet/Details.vue b/packages/nc-gui/components/smartsheet/Details.vue
index c9ac4c421d..7c62c8480a 100644
--- a/packages/nc-gui/components/smartsheet/Details.vue
+++ b/packages/nc-gui/components/smartsheet/Details.vue
@@ -8,7 +8,7 @@ const { isLeftSidebarOpen } = storeToRefs(useSidebarStore())
 
 const { $e } = useNuxtApp()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed, isDataReadOnly } = useRoles()
 
 const { base } = storeToRefs(useBase())
 const meta = inject(MetaInj, ref())
@@ -85,7 +85,7 @@ watch(openedSubTab, () => {
         </div>
       </a-tab-pane>
 
-      <a-tab-pane v-if="isUIAllowed('hookList')" key="webhook">
+      <a-tab-pane v-if="isUIAllowed('hookList') && !isDataReadOnly" key="webhook">
         <template #tab>
           <div class="tab" data-testid="nc-webhooks-tab">
             <GeneralIcon icon="webhook" class="tab-icon" :class="{}" />
diff --git a/packages/nc-gui/components/smartsheet/grid/Table.vue b/packages/nc-gui/components/smartsheet/grid/Table.vue
index 6f28a12c13..62ad5a7e27 100644
--- a/packages/nc-gui/components/smartsheet/grid/Table.vue
+++ b/packages/nc-gui/components/smartsheet/grid/Table.vue
@@ -166,7 +166,7 @@ const isViewColumnsLoading = computed(() => _isViewColumnsLoading.value || !meta
 const resizingColumn = ref(false)
 
 // #Permissions
-const { isUIAllowed } = useRoles()
+const { isUIAllowed, isDataReadOnly } = useRoles()
 const hasEditPermission = computed(() => isUIAllowed('dataEdit'))
 const isAddingColumnAllowed = computed(() => !readOnly.value && !isLocked.value && isUIAllowed('fieldAdd') && !isSqlView.value)
 
@@ -233,7 +233,13 @@ const isKeyDown = ref(false)
 // #Cell - 1
 
 async function clearCell(ctx: { row: number; col: number } | null, skipUpdate = false) {
-  if (!ctx || !hasEditPermission.value || (!isLinksOrLTAR(fields.value[ctx.col]) && isVirtualCol(fields.value[ctx.col]))) return
+  if (
+    isDataReadOnly.value ||
+    !ctx ||
+    !hasEditPermission.value ||
+    (!isLinksOrLTAR(fields.value[ctx.col]) && isVirtualCol(fields.value[ctx.col]))
+  )
+    return
 
   // eslint-disable-next-line @typescript-eslint/no-use-before-define
   if (colMeta.value[ctx.col].isReadonly) return
@@ -916,7 +922,7 @@ const onNavigate = (dir: NavigateDir) => {
 // #Cell - 2
 
 async function clearSelectedRangeOfCells() {
-  if (!hasEditPermission.value) return
+  if (!hasEditPermission.value || isDataReadOnly.value) return
 
   const start = selectedRange.start
   const end = selectedRange.end
@@ -1278,6 +1284,7 @@ const selectedReadonly = computed(
 
 const showFillHandle = computed(
   () =>
+    !isDataReadOnly.value &&
     !readOnly.value &&
     !editEnabled.value &&
     (!selectedRange.isEmpty() || (activeCell.row !== null && activeCell.col !== null)) &&
@@ -2175,7 +2182,7 @@ onKeyStroke('ArrowDown', onDown)
             </NcMenuItem>
 
             <NcMenuItem
-              v-if="!contextMenuClosing && !contextMenuTarget && data.some((r) => r.rowMeta.selected)"
+              v-if="!contextMenuClosing && !contextMenuTarget && data.some((r) => r.rowMeta.selected) && !isDataReadOnly"
               class="nc-base-menu-item !text-red-600 !hover:bg-red-50"
               data-testid="nc-delete-row"
               @click="deleteSelectedRows"
@@ -2222,7 +2229,7 @@ onKeyStroke('ArrowDown', onDown)
             </NcMenuItem>
 
             <NcMenuItem
-              v-if="contextMenuTarget && hasEditPermission"
+              v-if="contextMenuTarget && hasEditPermission && !isDataReadOnly"
               class="nc-base-menu-item"
               data-testid="context-menu-item-paste"
               :disabled="selectedReadonly"
@@ -2241,7 +2248,8 @@ onKeyStroke('ArrowDown', onDown)
                 contextMenuTarget &&
                 hasEditPermission &&
                 selectedRange.isSingleCell() &&
-                (isLinksOrLTAR(fields[contextMenuTarget.col]) || !cellMeta[0]?.[contextMenuTarget.col].isVirtualCol)
+                (isLinksOrLTAR(fields[contextMenuTarget.col]) || !cellMeta[0]?.[contextMenuTarget.col].isVirtualCol) &&
+                !isDataReadOnly
               "
               class="nc-base-menu-item"
               :disabled="selectedReadonly"
@@ -2256,7 +2264,7 @@ onKeyStroke('ArrowDown', onDown)
 
             <!-- Clear cell -->
             <NcMenuItem
-              v-else-if="contextMenuTarget && hasEditPermission"
+              v-else-if="contextMenuTarget && hasEditPermission && !isDataReadOnly"
               class="nc-base-menu-item"
               :disabled="selectedReadonly"
               data-testid="context-menu-item-clear"
@@ -2278,7 +2286,7 @@ onKeyStroke('ArrowDown', onDown)
               </NcMenuItem>
             </template>
 
-            <template v-if="hasEditPermission">
+            <template v-if="hasEditPermission && !isDataReadOnly">
               <NcDivider v-if="!(!contextMenuClosing && !contextMenuTarget && data.some((r) => r.rowMeta.selected))" />
               <NcMenuItem
                 v-if="contextMenuTarget && (selectedRange.isSingleCell() || selectedRange.isSingleRow())"
diff --git a/packages/nc-gui/components/smartsheet/header/Cell.vue b/packages/nc-gui/components/smartsheet/header/Cell.vue
index cfffcd3e81..56b1f6c50a 100644
--- a/packages/nc-gui/components/smartsheet/header/Cell.vue
+++ b/packages/nc-gui/components/smartsheet/header/Cell.vue
@@ -1,5 +1,5 @@
 <script setup lang="ts">
-import type { ColumnReqType, ColumnType } from 'nocodb-sdk'
+import { type ColumnReqType, type ColumnType, readonlyMetaAllowedTypes } from 'nocodb-sdk'
 import { UITypes, UITypesName } from 'nocodb-sdk'
 
 interface Props {
@@ -32,7 +32,7 @@ const isDropDownOpen = ref(false)
 
 const column = toRef(props, 'column')
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed, isMetaReadOnly } = useRoles()
 
 provide(ColumnInj, column)
 
@@ -60,7 +60,12 @@ const closeAddColumnDropdown = () => {
 const openHeaderMenu = (e?: MouseEvent) => {
   if (isLocked.value || (isExpandedForm.value && e?.type === 'dblclick') || isExpandedBulkUpdateForm.value) return
 
-  if (!isForm.value && isUIAllowed('fieldEdit') && !isMobileMode.value) {
+  if (
+    !isForm.value &&
+    isUIAllowed('fieldEdit') &&
+    !isMobileMode.value &&
+    (!isMetaReadOnly.value || readonlyMetaAllowedTypes.includes(column.value.uidt))
+  ) {
     editColumnDropdown.value = true
   }
 }
diff --git a/packages/nc-gui/components/smartsheet/header/Menu.vue b/packages/nc-gui/components/smartsheet/header/Menu.vue
index 0b8dfdc108..1f1e4c4fa4 100644
--- a/packages/nc-gui/components/smartsheet/header/Menu.vue
+++ b/packages/nc-gui/components/smartsheet/header/Menu.vue
@@ -382,8 +382,8 @@ const isColumnUpdateAllowed = computed(() => {
         }"
       >
         <NcMenuItem
-          v-if="isUIAllowed('fieldAlter') && isColumnUpdateAllowed"
-          :disabled="column?.pk || isSystemColumn(column)"
+          v-if="isUIAllowed('fieldAlter')"
+          :disabled="column?.pk || isSystemColumn(column) || !isColumnUpdateAllowed"
           @click="onEditPress"
         >
           <div class="nc-column-edit nc-header-menu-item">
@@ -393,8 +393,8 @@ const isColumnUpdateAllowed = computed(() => {
           </div>
         </NcMenuItem>
         <NcMenuItem
-          v-if="isUIAllowed('duplicateColumn') && isExpandedForm && !column?.pk && isColumnUpdateAllowed"
-          :disabled="!isDuplicateAllowed"
+          v-if="isUIAllowed('duplicateColumn') && isExpandedForm && !column?.pk"
+          :disabled="!isDuplicateAllowed || !isColumnUpdateAllowed"
           @click="openDuplicateDlg"
         >
           <div v-e="['a:field:duplicate']" class="nc-column-duplicate nc-header-menu-item">
@@ -532,8 +532,8 @@ const isColumnUpdateAllowed = computed(() => {
         <a-divider v-if="!column?.pv" class="!my-0" />
 
         <NcMenuItem
-          v-if="!column?.pv && isUIAllowed('fieldDelete') && isColumnUpdateAllowed"
-          :disabled="!isDeleteAllowed"
+          v-if="!column?.pv && isUIAllowed('fieldDelete')"
+          :disabled="!isDeleteAllowed || !isColumnUpdateAllowed"
           class="!hover:bg-red-50"
           @click="handleDelete"
         >
diff --git a/packages/nc-gui/components/smartsheet/header/VirtualCell.vue b/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
index d0bbd6437e..9f788c1eaa 100644
--- a/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
+++ b/packages/nc-gui/components/smartsheet/header/VirtualCell.vue
@@ -7,6 +7,7 @@ import {
   type LookupType,
   type RollupType,
   isLinksOrLTAR,
+  readonlyMetaAllowedTypes,
 } from 'nocodb-sdk'
 import { RelationTypes, UITypes, UITypesName, substituteColumnIdWithAliasInFormula } from 'nocodb-sdk'
 
@@ -36,7 +37,7 @@ provide(ColumnInj, column)
 
 const { metas } = useMetas()
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed, isMetaReadOnly } = useRoles()
 
 const meta = inject(MetaInj, ref())
 
@@ -122,7 +123,12 @@ const closeAddColumnDropdown = () => {
 const openHeaderMenu = (e?: MouseEvent) => {
   if (isLocked.value || (isExpandedForm.value && e?.type === 'dblclick') || isExpandedBulkUpdateForm.value) return
 
-  if (!isForm.value && isUIAllowed('fieldEdit') && !isMobileMode.value) {
+  if (
+    !isForm.value &&
+    isUIAllowed('fieldEdit') &&
+    !isMobileMode.value &&
+    (!isMetaReadOnly.value || readonlyMetaAllowedTypes.includes(column.value.uidt))
+  ) {
     editColumnDropdown.value = true
   }
 }
diff --git a/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue b/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
index c26f6d8234..31b2686eb3 100644
--- a/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
+++ b/packages/nc-gui/components/smartsheet/toolbar/ViewActionMenu.vue
@@ -16,7 +16,7 @@ const props = withDefaults(
 
 const emits = defineEmits(['rename', 'closeModal', 'delete'])
 
-const { isUIAllowed } = useRoles()
+const { isUIAllowed, isDataReadOnly } = useRoles()
 
 const isPublicView = inject(IsPublicInj, ref(false))
 
@@ -193,7 +193,7 @@ const onDelete = async () => {
 
     <template v-if="view.type !== ViewTypes.FORM">
       <NcDivider />
-      <template v-if="isUIAllowed('csvTableImport') && !isPublicView">
+      <template v-if="isUIAllowed('csvTableImport') && !isPublicView && !isDataReadOnly">
         <NcSubMenu key="upload">
           <template #title>
             <div
diff --git a/packages/nc-gui/components/virtual-cell/components/LinkedItems.vue b/packages/nc-gui/components/virtual-cell/components/LinkedItems.vue
index 9c9a53d059..37f1782935 100644
--- a/packages/nc-gui/components/virtual-cell/components/LinkedItems.vue
+++ b/packages/nc-gui/components/virtual-cell/components/LinkedItems.vue
@@ -31,6 +31,8 @@ const readOnly = inject(ReadonlyInj, ref(false))
 
 const filterQueryRef = ref<HTMLInputElement>()
 
+const { isDataReadOnly } = useRoles()
+
 const { isSharedBase } = storeToRefs(useBase())
 
 const {
@@ -410,7 +412,7 @@ const onFilterChange = () => {
       <div class="nc-dropdown-link-record-footer bg-gray-100 p-2 rounded-b-xl flex items-center justify-between gap-3 min-h-11">
         <div class="flex items-center gap-2">
           <NcButton
-            v-if="!isPublic"
+            v-if="!isPublic && !isDataReadOnly"
             v-e="['c:row-expand:open']"
             size="small"
             class="!hover:(bg-white text-brand-500) !h-7 !text-small"
diff --git a/packages/nc-gui/components/virtual-cell/components/UnLinkedItems.vue b/packages/nc-gui/components/virtual-cell/components/UnLinkedItems.vue
index 4e3f75b727..3458bec1f9 100644
--- a/packages/nc-gui/components/virtual-cell/components/UnLinkedItems.vue
+++ b/packages/nc-gui/components/virtual-cell/components/UnLinkedItems.vue
@@ -21,6 +21,8 @@ const { t } = useI18n()
 
 const { $e } = useNuxtApp()
 
+const { isDataReadOnly } = useRoles()
+
 const {
   childrenExcludedList,
   isChildrenExcludedListLinked,
@@ -403,7 +405,7 @@ const onFilterChange = () => {
       <div class="nc-dropdown-link-record-footer bg-gray-100 p-2 rounded-b-xl flex items-center justify-between min-h-11">
         <div class="flex">
           <NcButton
-            v-if="!isPublic"
+            v-if="!isPublic && !isDataReadOnly"
             v-e="['c:row-expand:open']"
             size="small"
             class="!hover:(bg-white text-brand-500) !h-7 !text-small"
diff --git a/packages/nc-gui/composables/useMultiSelect/index.ts b/packages/nc-gui/composables/useMultiSelect/index.ts
index c4b40e49c2..af391fe04d 100644
--- a/packages/nc-gui/composables/useMultiSelect/index.ts
+++ b/packages/nc-gui/composables/useMultiSelect/index.ts
@@ -67,6 +67,8 @@ export function useMultiSelect(
 
   const { addUndo, clone, defineViewScope } = useUndoRedo()
 
+  const { isDataReadOnly } = useRoles()
+
   const editEnabled = ref(_editEnabled)
 
   const isMouseDown = ref(false)
@@ -611,7 +613,9 @@ export function useMultiSelect(
       case 'Delete':
       case 'Backspace':
         e.preventDefault()
-
+        if (isDataReadOnly.value) {
+          return
+        }
         if (selectedRange.isSingleCell()) {
           selectedRange.clear()
 
@@ -797,6 +801,10 @@ export function useMultiSelect(
   const clearSelectedRange = selectedRange.clear.bind(selectedRange)
 
   const handlePaste = async (e: ClipboardEvent) => {
+    if (isDataReadOnly.value) {
+      return
+    }
+
     if (isDrawerOrModalExist() || isExpandedCellInputExist()) {
       return
     }

From d62f2cccfc4cf4cbf2061323ff234d5c692d9984 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 18/28] tests: playwright

---
 .../dashboard/settings/DataSources.vue        |  8 +-
 .../settings/data-sources/CreateBase.vue      |  4 +-
 .../settings/data-sources/EditBase.vue        |  4 +-
 .../pages/Dashboard/Settings/Source.ts        | 44 ++++++++++
 .../pages/Dashboard/Settings/index.ts         |  3 +
 tests/playwright/pages/Dashboard/TreeView.ts  |  8 +-
 .../db/general/sourceRestrictions.spec.ts     | 83 +++++++++++++++++++
 7 files changed, 140 insertions(+), 14 deletions(-)
 create mode 100644 tests/playwright/pages/Dashboard/Settings/Source.ts
 create mode 100644 tests/playwright/tests/db/general/sourceRestrictions.spec.ts

diff --git a/packages/nc-gui/components/dashboard/settings/DataSources.vue b/packages/nc-gui/components/dashboard/settings/DataSources.vue
index ca1a0bde0b..9df14a0fa4 100644
--- a/packages/nc-gui/components/dashboard/settings/DataSources.vue
+++ b/packages/nc-gui/components/dashboard/settings/DataSources.vue
@@ -260,7 +260,7 @@ const openedTab = ref('erd')
 </script>
 
 <template>
-  <div class="flex flex-col h-full">
+  <div class="flex flex-col h-full" data-testid="nc-settings-datasources-tab">
     <div class="px-4 py-2 flex justify-between">
       <a-breadcrumb separator=">" class="w-full cursor-pointer font-weight-bold">
         <a-breadcrumb-item @click="activeSource = null">
@@ -307,7 +307,7 @@ const openedTab = ref('erd')
               <LazyDashboardSettingsBaseAudit :source-id="activeSource.id" />
             </div>
           </a-tab-pane>
-          <a-tab-pane v-if="!activeSource.is_meta && !activeSource.is_local" key="audit">
+          <a-tab-pane v-if="!activeSource.is_meta && !activeSource.is_local" key="edit">
             <template #tab>
               <div class="tab" data-testid="nc-connection-tab">
                 <div>{{ $t('labels.connectionDetails') }}</div>
@@ -397,7 +397,7 @@ const openedTab = ref('erd')
                     <NcButton
                       v-if="!sources[0].is_meta && !sources[0].is_local"
                       size="small"
-                      class="nc-action-btn cursor-pointer outline-0 !w-8 !px-1 !rounded-lg"
+                      class="nc-action-btn nc-edit-base cursor-pointer outline-0 !w-8 !px-1 !rounded-lg"
                       type="text"
                       @click.stop="baseAction(sources[0].id, DataSourcesSubTab.Edit)"
                     >
@@ -446,7 +446,7 @@ const openedTab = ref('erd')
                       <NcButton
                         v-if="!source.is_meta && !source.is_local"
                         size="small"
-                        class="nc-action-btn cursor-pointer outline-0 !w-8 !px-1 !rounded-lg"
+                        class="nc-action-btn nc-delete-base cursor-pointer outline-0 !w-8 !px-1 !rounded-lg"
                         type="text"
                         @click.stop="openDeleteBase(source)"
                       >
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index ae496e460f..0c7fad4a75 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -545,7 +545,7 @@ const allowDataWrite = computed({
                     </NcTooltip>
                   </div>
                 </template>
-                <a-switch v-model:checked="allowMetaWrite" size="small"></a-switch>
+                <a-switch v-model:checked="allowMetaWrite" data-testid="nc-allow-meta-write" size="small"></a-switch>
               </a-form-item>
               <a-form-item>
                 <template #label>
@@ -561,7 +561,7 @@ const allowDataWrite = computed({
                     </NcTooltip>
                   </div>
                 </template>
-                <a-switch v-model:checked="allowDataWrite" size="small"></a-switch>
+                <a-switch v-model:checked="allowDataWrite"  data-testid="nc-allow-data-write" size="small"></a-switch>
               </a-form-item>
 
               <div class="flex items-right justify-end gap-2">
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
index 462f719cbf..74b465fe50 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
@@ -563,7 +563,7 @@ const allowDataWrite = computed({
                 </NcTooltip>
               </div>
             </template>
-            <a-switch v-model:checked="allowMetaWrite" size="small"></a-switch>
+            <a-switch v-model:checked="allowMetaWrite" data-testid="nc-allow-meta-write" size="small"></a-switch>
           </a-form-item>
           <a-form-item>
             <template #label>
@@ -579,7 +579,7 @@ const allowDataWrite = computed({
                 </NcTooltip>
               </div>
             </template>
-            <a-switch v-model:checked="allowDataWrite" size="small"></a-switch>
+            <a-switch v-model:checked="allowDataWrite" data-testid="nc-allow-data-write" size="small"></a-switch>
           </a-form-item>
           <!--                Use Connection URL -->
           <div class="flex justify-end gap-2">
diff --git a/tests/playwright/pages/Dashboard/Settings/Source.ts b/tests/playwright/pages/Dashboard/Settings/Source.ts
new file mode 100644
index 0000000000..70d2456b14
--- /dev/null
+++ b/tests/playwright/pages/Dashboard/Settings/Source.ts
@@ -0,0 +1,44 @@
+import { expect } from '@playwright/test';
+import { SettingsPage } from '.';
+import BasePage from '../../Base';
+
+export class SourcePage extends BasePage {
+  private readonly settings: SettingsPage;
+
+  constructor(settings: SettingsPage) {
+    super(settings.rootPage);
+    this.settings = settings;
+  }
+
+  get() {
+    return this.rootPage.getByTestId('nc-settings-datasources');
+  }
+
+  async openEditWindow({ sourceName }: { sourceName: string }) {
+    await this.get().locator('.ds-table-row', { hasText: sourceName }).click();
+    await this.get().getByTestId('nc-connection-tab').click();
+  }
+
+  async updateSchemaReadOnly({ sourceName, readOnly }: { sourceName: string; readOnly: boolean }) {
+    await this.openEditWindow({ sourceName });
+    const switchBtn = this.get().getByTestId('nc-allow-meta-write');
+    if (switchBtn.getAttribute('checked') !== readOnly.toString()) {
+      await switchBtn.click();
+    }
+    await this.saveConnection();
+  }
+
+  async updateDataReadOnly({ sourceName, readOnly = true }: { sourceName: string; readOnly?: boolean }) {
+    await this.openEditWindow({ sourceName });
+    const switchBtn = this.get().getByTestId('nc-allow-data-write');
+    if (switchBtn.getAttribute('checked') !== readOnly.toString()) {
+      await switchBtn.click();
+    }
+    await this.saveConnection();
+  }
+
+  async saveConnection() {
+    await this.get().locator('.nc-extdb-btn-test-connection').click();
+    await this.get().locator('.nc-extdb-btn-submit:enabled').click();
+  }
+}
diff --git a/tests/playwright/pages/Dashboard/Settings/index.ts b/tests/playwright/pages/Dashboard/Settings/index.ts
index dfe12a127d..e2adc3329a 100644
--- a/tests/playwright/pages/Dashboard/Settings/index.ts
+++ b/tests/playwright/pages/Dashboard/Settings/index.ts
@@ -4,6 +4,7 @@ import { AuditSettingsPage } from './Audit';
 import { MiscSettingsPage } from './Miscellaneous';
 import { TeamsPage } from './Teams';
 import { DataSourcesPage } from './DataSources';
+import { SourcePage } from './Source';
 
 export enum SettingTab {
   TeamAuth = 'teamAndAuth',
@@ -20,6 +21,7 @@ export enum SettingsSubTab {
 
 export class SettingsPage extends BasePage {
   readonly audit: AuditSettingsPage;
+  readonly source: SourcePage;
   readonly miscellaneous: MiscSettingsPage;
   readonly dataSources: DataSourcesPage;
   readonly teams: TeamsPage;
@@ -30,6 +32,7 @@ export class SettingsPage extends BasePage {
     this.miscellaneous = new MiscSettingsPage(this);
     this.dataSources = new DataSourcesPage(this);
     this.teams = new TeamsPage(this);
+    this.source = new SourcePage(this);
   }
 
   get() {
diff --git a/tests/playwright/pages/Dashboard/TreeView.ts b/tests/playwright/pages/Dashboard/TreeView.ts
index b8e808eda3..d7847114e8 100644
--- a/tests/playwright/pages/Dashboard/TreeView.ts
+++ b/tests/playwright/pages/Dashboard/TreeView.ts
@@ -366,16 +366,12 @@ export class TreeViewPage extends BasePage {
     await this.rootPage.locator('div.ant-modal-content').locator(`button.ant-btn:has-text("Delete")`).click();
   }
 
-  async duplicateProject(param: { title: string; context: NcContext }) {
+  async openProjectSourceSettings(param: { title: string; context: NcContext }) {
     param.title = this.scopedProjectTitle({ title: param.title, context: param.context });
 
     await this.openProjectContextMenu({ baseTitle: param.title });
     const contextMenu = this.dashboard.get().locator('.ant-dropdown-menu.nc-scrollbar-md:visible');
     await contextMenu.waitFor();
-    await contextMenu.locator(`.ant-dropdown-menu-item:has-text("Duplicate")`).click();
-
-    await this.rootPage.locator('div.ant-modal-content').locator(`button.ant-btn:has-text("Confirm")`).click();
-
-    await this.rootPage.waitForTimeout(10000);
+    await contextMenu.locator(`.ant-dropdown-menu-item:has-text("Settings")`).click();
   }
 }
diff --git a/tests/playwright/tests/db/general/sourceRestrictions.spec.ts b/tests/playwright/tests/db/general/sourceRestrictions.spec.ts
new file mode 100644
index 0000000000..de6c1e00b1
--- /dev/null
+++ b/tests/playwright/tests/db/general/sourceRestrictions.spec.ts
@@ -0,0 +1,83 @@
+import { expect, test } from '@playwright/test';
+import { DashboardPage } from '../../../pages/Dashboard';
+import setup, { NcContext, unsetup } from '../../../setup';
+import { Api } from 'nocodb-sdk';
+import { SettingsPage } from '../../../pages/Dashboard/Settings';
+
+test.describe('Source Restrictions', () => {
+  let dashboard: DashboardPage;
+  let settingsPage: SettingsPage;
+  let context: NcContext;
+  let api: Api<any>;
+  test.setTimeout(150000);
+
+  test.beforeEach(async ({ page }) => {
+    page.setDefaultTimeout(70000);
+    context = await setup({ page });
+    dashboard = new DashboardPage(page, context.base);
+    settingsPage = new SettingsPage(dashboard);
+    api = new Api({
+      baseURL: `http://localhost:8080/`,
+      headers: {
+        'xc-auth': context.token,
+      },
+    });
+  });
+
+  test.afterEach(async () => {
+    await unsetup(context);
+  });
+
+  test('Readonly data source', async () => {
+    await dashboard.treeView.openProjectSourceSettings({ title: context.defaultProjectTitle, context });
+
+    await settingsPage.selectTab({ tab: 'dataSources' });
+    await dashboard.rootPage.waitForTimeout(300);
+
+    await settingsPage.source.updateDataReadOnly({ sourceName: 'Default', readOnly: true });
+    await settingsPage.close();
+
+    // reload page to reflect source changes
+    await dashboard.rootPage.reload();
+
+    await dashboard.treeView.verifyTable({ title: 'Actor' });
+
+    // open table and verify that it is readonly
+    await dashboard.treeView.openTable({ title: 'Actor' });
+    await expect(dashboard.grid.get().locator('.nc-grid-add-new-cell')).toHaveCount(0);
+
+    await dashboard.grid.get().getByTestId(`cell-FirstName-0`).click({
+      button: 'right',
+    });
+
+    await expect(dashboard.rootPage.locator('.ant-dropdown-menu-item:has-text("Copy")')).toHaveCount(1);
+    await expect(dashboard.rootPage.locator('.ant-dropdown-menu-item:has-text("Delete record")')).toHaveCount(0);
+  });
+
+  test('Readonly schema source', async () => {
+    await dashboard.treeView.openProjectSourceSettings({ title: context.defaultProjectTitle, context });
+
+    await settingsPage.selectTab({ tab: 'dataSources' });
+    await dashboard.rootPage.waitForTimeout(300);
+
+    await settingsPage.source.updateSchemaReadOnly({ sourceName: 'Default', readOnly: true });
+    await settingsPage.close();
+
+    // reload page to reflect source changes
+    await dashboard.rootPage.reload();
+
+    await dashboard.treeView.verifyTable({ title: 'Actor' });
+
+    // open table and verify that it is readonly
+    await dashboard.treeView.openTable({ title: 'Actor' });
+
+    await dashboard.grid
+      .get()
+      .locator(`th[data-title="LastName"]`)
+      .first()
+      .locator('.nc-ui-dt-dropdown')
+      .scrollIntoViewIfNeeded();
+    await dashboard.grid.get().locator(`th[data-title="LastName"]`).first().locator('.nc-ui-dt-dropdown').click();
+    await expect(await dashboard.rootPage.locator('li[role="menuitem"]:has-text("Edit"):visible').last()).toBeVisible();
+  });
+});

From 212488b1c1d73b8d27261b6f96b40807ff3cf774 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 19/28] fix: review comments

---
 .../settings/data-sources/CreateBase.vue      | 42 +++++++++++++++----
 .../settings/data-sources/EditBase.vue        | 18 +++++++-
 .../calendar/DayView/DateTimeField.vue        |  2 +-
 .../column/UITypesOptionsWithSearch.vue       |  2 +-
 .../components/smartsheet/grid/Table.vue      |  9 +++-
 .../components/smartsheet/header/Menu.vue     | 16 ++++---
 packages/nc-gui/lang/en.json                  |  5 ++-
 tests/playwright/pages/Dashboard/TreeView.ts  | 13 ++++++
 .../db/general/sourceRestrictions.spec.ts     | 10 ++++-
 9 files changed, 97 insertions(+), 20 deletions(-)

diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index 0c7fad4a75..7661d2c498 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -72,9 +72,20 @@ const customFormState = ref<ProjectCreateForm>({
   extraParameters: [],
 })
 
+const easterEgg = ref(false)
+
+const easterEggCount = ref(0)
+
+const onEasterEgg = () => {
+  easterEggCount.value += 1
+  if (easterEggCount.value >= 2) {
+    easterEgg.value = true
+  }
+}
+
 const clientTypes = computed(() => {
   return _clientTypes.filter((type) => {
-    return ![ClientType.SNOWFLAKE, ClientType.DATABRICKS].includes(type.value)
+    return ![ClientType.SNOWFLAKE, ClientType.DATABRICKS, ...(easterEgg.value ? [ClientType.MSSQL] : [])].includes(type.value)
   })
 })
 
@@ -404,7 +415,11 @@ const allowMetaWrite = computed({
   get: () => !formState.value.is_schema_readonly,
   set: (v) => {
     formState.value.is_schema_readonly = !v
-    $e('c:source:schema-write-toggle', {allowed: !v})
+    // if schema write is allowed, data write should be allowed too
+    if (v) {
+      formState.value.is_data_readonly = false
+    }
+    $e('c:source:schema-write-toggle', { allowed: !v, edit: true })
   },
 })
 
@@ -550,18 +565,30 @@ const allowDataWrite = computed({
               <a-form-item>
                 <template #label>
                   <div class="flex gap-1 justify-end">
-                    <span>
-                      {{ $t('labels.allowDataWrite') }}
-                    </span>
+                <span>
+                  {{ $t('labels.allowDataWrite') }}
+                </span>
                     <NcTooltip>
                       <template #title>
                         <span>{{ $t('tooltip.allowDataWrite') }}</span>
                       </template>
-                      <GeneralIcon class="text-gray-500" icon="info"/>
+                      <GeneralIcon class="text-gray-500" icon="info" />
                     </NcTooltip>
                   </div>
                 </template>
-                <a-switch v-model:checked="allowDataWrite"  data-testid="nc-allow-data-write" size="small"></a-switch>
+                <div class="flex justify-start">
+                  <NcTooltip :disabled="!allowMetaWrite" placement="topLeft">
+                    <template #title>
+                      {{ $t('tooltip.dataWriteOptionDisabled') }}
+                    </template>
+                    <a-switch
+                        v-model:checked="allowDataWrite"
+                        :disabled="allowMetaWrite"
+                        data-testid="nc-allow-data-write"
+                        size="small"
+                    ></a-switch>
+                  </NcTooltip>
+                </div>
               </a-form-item>
 
               <div class="flex items-right justify-end gap-2">
@@ -730,6 +757,7 @@ const allowDataWrite = computed({
 
           <a-form-item class="flex justify-end !mt-5">
             <div class="flex justify-end gap-2">
+              <div class="w-[15px] h-[15px] cursor-pointer" @dblclick="onEasterEgg"></div>
               <NcButton
                   :type="testSuccess ? 'ghost' : 'primary'"
                   size="small"
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
index 74b465fe50..e5d6893144 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
@@ -369,6 +369,10 @@ const allowMetaWrite = computed({
   get: () => !formState.value.is_schema_readonly,
   set: (v) => {
     formState.value.is_schema_readonly = !v
+    // if schema write is allowed, data write should be allowed too
+    if (v) {
+      formState.value.is_data_readonly = false
+    }
     $e('c:source:schema-write-toggle', { allowed: !v, edit: true })
   },
 })
@@ -579,7 +583,19 @@ const allowDataWrite = computed({
                 </NcTooltip>
               </div>
             </template>
-            <a-switch v-model:checked="allowDataWrite" data-testid="nc-allow-data-write" size="small"></a-switch>
+            <div class="flex justify-start">
+              <NcTooltip :disabled="!allowMetaWrite" placement="topLeft">
+                <template #title>
+                  {{ $t('tooltip.dataWriteOptionDisabled') }}
+                </template>
+                <a-switch
+                  v-model:checked="allowDataWrite"
+                  :disabled="allowMetaWrite"
+                  data-testid="nc-allow-data-write"
+                  size="small"
+                ></a-switch>
+              </NcTooltip>
+            </div>
           </a-form-item>
           <!--                Use Connection URL -->
           <div class="flex justify-end gap-2">
diff --git a/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue b/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
index 5701131615..28669b5669 100644
--- a/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
+++ b/packages/nc-gui/components/smartsheet/calendar/DayView/DateTimeField.vue
@@ -996,7 +996,7 @@ watch(
           </template>
         </NcDropdown>
         <NcButton
-          v-else-if="!isPublic"
+          v-else-if="!isPublic && isUIAllowed('dataEdit')"
           :class="{
             '!block': hour.isSame(selectedTime),
             '!hidden': !hour.isSame(selectedTime),
diff --git a/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue b/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
index 9c9574244f..91eabe6beb 100644
--- a/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
+++ b/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
@@ -27,7 +27,7 @@ const inputRef = ref()
 const activeFieldIndex = ref(-1)
 
 const onClick = (uidt: UITypes) => {
-  if (!uidt) return
+  if (!uidt || isDisabledUIType(uidt)) return
 
   emits('selected', uidt)
 }
diff --git a/packages/nc-gui/components/smartsheet/grid/Table.vue b/packages/nc-gui/components/smartsheet/grid/Table.vue
index 62ad5a7e27..6ba488f7c3 100644
--- a/packages/nc-gui/components/smartsheet/grid/Table.vue
+++ b/packages/nc-gui/components/smartsheet/grid/Table.vue
@@ -209,7 +209,10 @@ const isGridCellMouseDown = ref(false)
 // #Context Menu
 const _contextMenu = ref(false)
 const contextMenu = computed({
-  get: () => _contextMenu.value,
+  get: () => {
+    if (props.data?.some((r) => r.rowMeta.selected) && isDataReadOnly.value) return false
+    return _contextMenu.value
+  },
   set: (val) => {
     _contextMenu.value = val
   },
@@ -2172,7 +2175,9 @@ onKeyStroke('ArrowDown', onDown)
         <template #overlay>
           <NcMenu class="!rounded !py-0" @click="contextMenu = false">
             <NcMenuItem
-              v-if="isEeUI && !contextMenuClosing && !contextMenuTarget && data.some((r) => r.rowMeta.selected)"
+              v-if="
+                isEeUI && !contextMenuClosing && !contextMenuTarget && data.some((r) => r.rowMeta.selected) && !isDataReadOnly
+              "
               @click="emits('bulkUpdateDlg')"
             >
               <div v-e="['a:row:update-bulk']" class="flex gap-2 items-center">
diff --git a/packages/nc-gui/components/smartsheet/header/Menu.vue b/packages/nc-gui/components/smartsheet/header/Menu.vue
index 1f1e4c4fa4..69f4d407be 100644
--- a/packages/nc-gui/components/smartsheet/header/Menu.vue
+++ b/packages/nc-gui/components/smartsheet/header/Menu.vue
@@ -43,7 +43,7 @@ const { gridViewCols } = useViewColumnsOrThrow()
 
 const { fieldsToGroupBy, groupByLimit } = useViewGroupByOrThrow(view)
 
-const { isUIAllowed, isMetaReadOnly } = useRoles()
+const { isUIAllowed, isMetaReadOnly, isDataReadOnly } = useRoles()
 
 const isLoading = ref<'' | 'hideOrShow' | 'setDisplay'>('')
 
@@ -325,7 +325,11 @@ const isDeleteAllowed = computed(() => {
   return column?.value && !column.value.system
 })
 const isDuplicateAllowed = computed(() => {
-  return column?.value && !column.value.system
+  return (
+    column?.value &&
+    !column.value.system &&
+    ((!isMetaReadOnly.value && !isDataReadOnly.value) || readonlyMetaAllowedTypes.includes(column.value?.uidt))
+  )
 })
 const isFilterSupported = computed(
   () =>
@@ -394,7 +398,7 @@ const isColumnUpdateAllowed = computed(() => {
         </NcMenuItem>
         <NcMenuItem
           v-if="isUIAllowed('duplicateColumn') && isExpandedForm && !column?.pk"
-          :disabled="!isDuplicateAllowed || !isColumnUpdateAllowed"
+          :disabled="!isDuplicateAllowed"
           @click="openDuplicateDlg"
         >
           <div v-e="['a:field:duplicate']" class="nc-column-duplicate nc-header-menu-item">
@@ -530,14 +534,16 @@ const isColumnUpdateAllowed = computed(() => {
           </NcMenuItem>
         </template>
         <a-divider v-if="!column?.pv" class="!my-0" />
-
         <NcMenuItem
           v-if="!column?.pv && isUIAllowed('fieldDelete')"
           :disabled="!isDeleteAllowed || !isColumnUpdateAllowed"
           class="!hover:bg-red-50"
           @click="handleDelete"
         >
-          <div class="nc-column-delete nc-header-menu-item text-red-600">
+          <div
+            class="nc-column-delete nc-header-menu-item"
+            :class="{ ' text-red-600': isDeleteAllowed && isColumnUpdateAllowed }"
+          >
             <component :is="iconMap.delete" />
             <!-- Delete -->
             {{ $t('general.delete') }}
diff --git a/packages/nc-gui/lang/en.json b/packages/nc-gui/lang/en.json
index df5652ae2d..962708b384 100644
--- a/packages/nc-gui/lang/en.json
+++ b/packages/nc-gui/lang/en.json
@@ -456,8 +456,8 @@
     "looksLikeThisStackIsEmpty": "Looks like this stack does not have any records"
   },
   "labels": {
-    "allowMetaWrite" : "Allow Schema Change",
-    "allowDataWrite" : "Allow Data Write/Edit",
+    "allowMetaWrite" : "Allow Schema Edit",
+    "allowDataWrite" : "Allow Data Edit",
     "selectView": "Select a View",
     "connectionDetails": "Connection Details",
     "metaSync": "Meta Sync",
@@ -1040,6 +1040,7 @@
     "group": "Group"
   },
   "tooltip": {
+    "dataWriteOptionDisabled": "Data editing can disable only when ‘Schema edit’ is disabled and becomes enabled otherwise",
     "allowMetaWrite": "Enable this option to allow modifications to the database schema, including adding, altering, or deleting tables and columns. Use with caution, as changes may affect application functionality.",
     "allowDataWrite": "Enable this option to allow updating, deleting, or inserting data within the database tables. Ideal for administrative users who need to manage data directly.",
     "reachedSourceLimit": "Limited to only one data source for the moment",
diff --git a/tests/playwright/pages/Dashboard/TreeView.ts b/tests/playwright/pages/Dashboard/TreeView.ts
index d7847114e8..65e9450312 100644
--- a/tests/playwright/pages/Dashboard/TreeView.ts
+++ b/tests/playwright/pages/Dashboard/TreeView.ts
@@ -366,6 +366,19 @@ export class TreeViewPage extends BasePage {
     await this.rootPage.locator('div.ant-modal-content').locator(`button.ant-btn:has-text("Delete")`).click();
   }
 
+  async duplicateProject(param: { title: string; context: NcContext }) {
+    param.title = this.scopedProjectTitle({ title: param.title, context: param.context });
+
+    await this.openProjectContextMenu({ baseTitle: param.title });
+    const contextMenu = this.dashboard.get().locator('.ant-dropdown-menu.nc-scrollbar-md:visible');
+    await contextMenu.waitFor();
+    await contextMenu.locator(`.ant-dropdown-menu-item:has-text("Duplicate")`).click();
+
+    await this.rootPage.locator('div.ant-modal-content').locator(`button.ant-btn:has-text("Confirm")`).click();
+
+    await this.rootPage.waitForTimeout(10000);
+  }
+
   async openProjectSourceSettings(param: { title: string; context: NcContext }) {
     param.title = this.scopedProjectTitle({ title: param.title, context: param.context });
 
diff --git a/tests/playwright/tests/db/general/sourceRestrictions.spec.ts b/tests/playwright/tests/db/general/sourceRestrictions.spec.ts
index de6c1e00b1..8510170c14 100644
--- a/tests/playwright/tests/db/general/sourceRestrictions.spec.ts
+++ b/tests/playwright/tests/db/general/sourceRestrictions.spec.ts
@@ -34,6 +34,7 @@ test.describe('Source Restrictions', () => {
     await settingsPage.selectTab({ tab: 'dataSources' });
     await dashboard.rootPage.waitForTimeout(300);
 
+    await settingsPage.source.updateSchemaReadOnly({ sourceName: 'Default', readOnly: true });
     await settingsPage.source.updateDataReadOnly({ sourceName: 'Default', readOnly: true });
     await settingsPage.close();
 
@@ -78,6 +79,13 @@ test.describe('Source Restrictions', () => {
       .locator('.nc-ui-dt-dropdown')
       .scrollIntoViewIfNeeded();
     await dashboard.grid.get().locator(`th[data-title="LastName"]`).first().locator('.nc-ui-dt-dropdown').click();
-    await expect(await dashboard.rootPage.locator('li[role="menuitem"]:has-text("Edit"):visible').last()).toBeVisible();
+    for (const item of ['Edit', 'Delete', 'Duplicate']) {
+      await expect(
+        await dashboard.rootPage.locator(`li[role="menuitem"]:has-text("${item}"):visible`).last()
+      ).toBeVisible();
+      await expect(
+        await dashboard.rootPage.locator(`li[role="menuitem"]:has-text("${item}"):visible`).last()
+      ).toHaveClass(/ant-dropdown-menu-item-disabled/);
+    }
   });
 });

From 8cc39feb609ac62cea24a9d5174a0285648bf87d Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 20/28] fix: review comments

---
 .../settings/data-sources/CreateBase.vue          |  2 +-
 .../dashboard/settings/data-sources/EditBase.vue  | 15 +++++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index 7661d2c498..2193b8423c 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -85,7 +85,7 @@ const onEasterEgg = () => {
 
 const clientTypes = computed(() => {
   return _clientTypes.filter((type) => {
-    return ![ClientType.SNOWFLAKE, ClientType.DATABRICKS, ...(easterEgg.value ? [ClientType.MSSQL] : [])].includes(type.value)
+    return ![ClientType.SNOWFLAKE, ClientType.DATABRICKS, ...(easterEgg.value ? [] : [ClientType.MSSQL])].includes(type.value)
   })
 })
 
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
index e5d6893144..5a4438c35a 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
@@ -45,9 +45,20 @@ const { t } = useI18n()
 
 const editingSource = ref(false)
 
+const easterEgg = ref(false)
+
+const easterEggCount = ref(0)
+
+const onEasterEgg = () => {
+  easterEggCount.value += 1
+  if (easterEggCount.value >= 2) {
+    easterEgg.value = true
+  }
+}
+
 const clientTypes = computed(() => {
   return _clientTypes.filter((type) => {
-    return ![ClientType.SNOWFLAKE, ClientType.DATABRICKS].includes(type.value)
+    return ![ClientType.SNOWFLAKE, ClientType.DATABRICKS, ...(easterEgg.value ? [] : [ClientType.MSSQL])].includes(type.value)
   })
 })
 
@@ -400,7 +411,6 @@ const allowDataWrite = computed({
         <a-form-item label="Source Name" v-bind="validateInfos.title">
           <a-input v-model:value="formState.title" class="nc-extdb-proj-name" />
         </a-form-item>
-
         <a-form-item :label="$t('labels.dbType')" v-bind="validateInfos['dataSource.client']">
           <a-select
             v-model:value="formState.dataSource.client"
@@ -717,6 +727,7 @@ const allowDataWrite = computed({
 
       <a-form-item class="flex justify-end !mt-5">
         <div class="flex justify-end gap-2">
+          <div class="w-[15px] h-[15px] cursor-pointer" @dblclick="onEasterEgg"></div>
           <NcButton
             :type="testSuccess ? 'ghost' : 'primary'"
             size="small"

From 180c5206e66df53d50315f9f28ffd0459d513795 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:18 +0000
Subject: [PATCH 21/28] fix: if table list missing id fallback to the parameter
 value

---
 packages/nc-gui/composables/useMetas.ts | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/packages/nc-gui/composables/useMetas.ts b/packages/nc-gui/composables/useMetas.ts
index b59e94f2ff..518b40ef4a 100644
--- a/packages/nc-gui/composables/useMetas.ts
+++ b/packages/nc-gui/composables/useMetas.ts
@@ -79,13 +79,8 @@ export const useMetas = createSharedComposable(() => {
       if (!force && metas.value[tableIdOrTitle]) {
         return metas.value[tableIdOrTitle]
       }
-
-      const modelId = (tables.find((t) => t.id === tableIdOrTitle) || tables.find((t) => t.title === tableIdOrTitle))?.id
-
-      if (!modelId) {
-        console.warn(`Table '${tableIdOrTitle}' is not found in the table list`)
-        return null
-      }
+      const modelId =
+        (tables.find((t) => t.id === tableIdOrTitle) || tables.find((t) => t.title === tableIdOrTitle))?.id || tableIdOrTitle
 
       const model = await $api.dbTable.read(modelId)
       metas.value = {

From e1174bbf7274a6c207784d480d8b482572520d4a Mon Sep 17 00:00:00 2001
From: Raju Udava <86527202+dstala@users.noreply.github.com>
Date: Tue, 18 Jun 2024 19:06:19 +0000
Subject: [PATCH 22/28] chore: tooltip update

---
 packages/nc-gui/lang/en.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/nc-gui/lang/en.json b/packages/nc-gui/lang/en.json
index 962708b384..395b8aec47 100644
--- a/packages/nc-gui/lang/en.json
+++ b/packages/nc-gui/lang/en.json
@@ -1040,7 +1040,7 @@
     "group": "Group"
   },
   "tooltip": {
-    "dataWriteOptionDisabled": "Data editing can disable only when ‘Schema edit’ is disabled and becomes enabled otherwise",
+    "dataWriteOptionDisabled": "Data editing can only be disabled when 'Schema editing' is also disabled.",
     "allowMetaWrite": "Enable this option to allow modifications to the database schema, including adding, altering, or deleting tables and columns. Use with caution, as changes may affect application functionality.",
     "allowDataWrite": "Enable this option to allow updating, deleting, or inserting data within the database tables. Ideal for administrative users who need to manage data directly.",
     "reachedSourceLimit": "Limited to only one data source for the moment",

From 17bbfd35322672d6214998010db2863f30f9c5f7 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:19 +0000
Subject: [PATCH 23/28] fix: permission correction

---
 .../dashboard/TreeView/ProjectNode.vue        |   2 +-
 .../settings/data-sources/CreateBase.vue      | 366 +++++++++---------
 packages/nocodb/src/utils/acl.ts              |  38 +-
 3 files changed, 201 insertions(+), 205 deletions(-)

diff --git a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
index 2e583cfdb7..b277448459 100644
--- a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
@@ -104,7 +104,7 @@ const showBaseOption = (source: SourceType) => {
   return ['airtableImport', 'csvImport', 'jsonImport', 'excelImport'].some((permission) =>
     isUIAllowed(permission, { source }),
   )
-})
+}
 
 const enableEditMode = () => {
   editMode.value = true
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index 2193b8423c..2c4be3b64a 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -1,7 +1,7 @@
 <script lang="ts" setup>
-import {Form, message} from 'ant-design-vue'
-import type {SelectHandler} from 'ant-design-vue/es/vc-select/Select'
-import {SourceRestriction} from 'nocodb-sdk'
+import { Form, message } from 'ant-design-vue'
+import type { SelectHandler } from 'ant-design-vue/es/vc-select/Select'
+import { SourceRestriction } from 'nocodb-sdk'
 import {
   type CertTypes,
   ClientType,
@@ -21,12 +21,12 @@ const vOpen = useVModel(props, 'open', emit)
 const connectionType = computed(() => props.connectionType ?? ClientType.MYSQL)
 
 const baseStore = useBase()
-const {loadProject} = useBases()
-const {base} = storeToRefs(baseStore)
+const { loadProject } = useBases()
+const { base } = storeToRefs(baseStore)
 
-const {loadProjectTables} = useTablesStore()
+const { loadProjectTables } = useTablesStore()
 
-const {refreshCommandPalette} = useCommandPalette()
+const { refreshCommandPalette } = useCommandPalette()
 
 const _projectId = inject(ProjectIdInj, undefined)
 const baseId = computed(() => _projectId?.value ?? base.value?.id)
@@ -39,31 +39,30 @@ const testingConnection = ref(false)
 
 const form = ref<typeof Form>()
 
-const {api} = useApi()
+const { api } = useApi()
 
-const {$e} = useNuxtApp()
+const { $e } = useNuxtApp()
 
-const {t} = useI18n()
+const { t } = useI18n()
 
 const creatingSource = ref(false)
 
 const formState = ref<ProjectCreateForm>({
   title: '',
-  dataSource: {...getDefaultConnectionConfig(ClientType.MYSQL)},
+  dataSource: { ...getDefaultConnectionConfig(ClientType.MYSQL) },
   inflection: {
     inflectionColumn: 'none',
     inflectionTable: 'none',
   },
   sslUse: SSLUsage.No,
   extraParameters: [],
-  'is_schema_readonly': true,
-  'is_data_readonly': false,
-},
+  is_schema_readonly: true,
+  is_data_readonly: false,
 })
 
 const customFormState = ref<ProjectCreateForm>({
   title: '',
-  dataSource: {...getDefaultConnectionConfig(ClientType.MYSQL)},
+  dataSource: { ...getDefaultConnectionConfig(ClientType.MYSQL) },
   inflection: {
     inflectionColumn: 'none',
     inflectionTable: 'none',
@@ -134,14 +133,14 @@ const validators = computed(() => {
   }
 })
 
-const {validate, validateInfos} = useForm(formState.value, validators)
+const { validate, validateInfos } = useForm(formState.value, validators)
 
 const populateName = (v: string) => {
   formState.value.dataSource.connection.database = `${v.trim()}_noco`
 }
 
 const onClientChange = () => {
-  formState.value.dataSource = {...getDefaultConnectionConfig(formState.value.dataSource.client)}
+  formState.value.dataSource = { ...getDefaultConnectionConfig(formState.value.dataSource.client) }
   populateName(formState.value.title)
 }
 
@@ -182,7 +181,7 @@ const updateSSLUse = () => {
 }
 
 const addNewParam = () => {
-  formState.value.extraParameters.push({key: '', value: ''})
+  formState.value.extraParameters.push({ key: '', value: '' })
 }
 
 const removeParam = (index: number) => {
@@ -208,7 +207,7 @@ const onFileSelect = (key: CertTypes, el?: HTMLInputElement) => {
 }
 
 const sslFilesRequired = computed(
-    () => !!formState.value.sslUse && formState.value.sslUse !== SSLUsage.No && formState.value.sslUse !== SSLUsage.Allowed,
+  () => !!formState.value.sslUse && formState.value.sslUse !== SSLUsage.No && formState.value.sslUse !== SSLUsage.Allowed,
 )
 
 function getConnectionConfig() {
@@ -221,8 +220,8 @@ function getConnectionConfig() {
 
   if ('ssl' in connection && connection.ssl) {
     if (
-        formState.value.sslUse === SSLUsage.No ||
-        (typeof connection.ssl === 'object' && Object.values(connection.ssl).every((v) => v === null || v === undefined))
+      formState.value.sslUse === SSLUsage.No ||
+      (typeof connection.ssl === 'object' && Object.values(connection.ssl).every((v) => v === null || v === undefined))
     ) {
       delete connection.ssl
     }
@@ -234,7 +233,7 @@ const focusInvalidInput = () => {
   form.value?.$el.querySelector('.ant-form-item-explain-error')?.parentNode?.parentNode?.querySelector('input')?.focus()
 }
 
-const {$poller} = useNuxtApp()
+const { $poller } = useNuxtApp()
 
 const createSource = async () => {
   try {
@@ -251,7 +250,7 @@ const createSource = async () => {
 
     const connection = getConnectionConfig()
 
-    const config = {...formState.value.dataSource, connection}
+    const config = { ...formState.value.dataSource, connection }
 
     const jobData = await api.source.create(baseId.value, {
       alias: formState.value.title,
@@ -264,36 +263,36 @@ const createSource = async () => {
     })
 
     $poller.subscribe(
-        {id: jobData.id},
-        async (data: {
-          id: string
-          status?: string
-          data?: {
-            error?: {
-              message: string
-            }
-            message?: string
-            result?: any
+      { id: jobData.id },
+      async (data: {
+        id: string
+        status?: string
+        data?: {
+          error?: {
+            message: string
           }
-        }) => {
-          if (data.status !== 'close') {
-            if (data.status === JobStatus.COMPLETED) {
-              $e('a:base:create:extdb')
-
-              if (baseId.value) {
-                await loadProject(baseId.value, true)
-                await loadProjectTables(baseId.value, true)
-              }
-
-              emit('sourceCreated')
-              vOpen.value = false
-              creatingSource.value = false
-            } else if (status === JobStatus.FAILED) {
-              message.error('Failed to create base')
-              creatingSource.value = false
+          message?: string
+          result?: any
+        }
+      }) => {
+        if (data.status !== 'close') {
+          if (data.status === JobStatus.COMPLETED) {
+            $e('a:base:create:extdb')
+
+            if (baseId.value) {
+              await loadProject(baseId.value, true)
+              await loadProjectTables(baseId.value, true)
             }
+
+            emit('sourceCreated')
+            vOpen.value = false
+            creatingSource.value = false
+          } else if (status === JobStatus.FAILED) {
+            message.error('Failed to create base')
+            creatingSource.value = false
           }
-        },
+        }
+      },
     )
   } catch (e: any) {
     message.error(await extractSdkResponseErrorMsg(e))
@@ -350,11 +349,11 @@ const testConnection = async () => {
 const handleImportURL = async () => {
   if (!importURL.value || importURL.value === '') return
 
-  const connectionConfig = await api.utils.urlToConfig({url: importURL.value})
+  const connectionConfig = await api.utils.urlToConfig({ url: importURL.value })
 
   if (connectionConfig) {
     formState.value.dataSource.client = connectionConfig.client
-    formState.value.dataSource.connection = {...connectionConfig.connection}
+    formState.value.dataSource.connection = { ...connectionConfig.connection }
   } else {
     message.error(t('msg.error.invalidURL'))
   }
@@ -363,27 +362,27 @@ const handleImportURL = async () => {
 }
 
 const handleEditJSON = () => {
-  customFormState.value = {...formState.value}
+  customFormState.value = { ...formState.value }
   configEditDlg.value = true
 }
 
 const handleOk = () => {
-  formState.value = {...customFormState.value}
+  formState.value = { ...customFormState.value }
   configEditDlg.value = false
   updateSSLUse()
 }
 
 // reset test status on config change
 watch(
-    () => formState.value.dataSource,
-    () => (testSuccess.value = false),
-    {deep: true},
+  () => formState.value.dataSource,
+  () => (testSuccess.value = false),
+  { deep: true },
 )
 
 // populate database name based on title
 watch(
-    () => formState.value.title,
-    (v) => populateName(v),
+  () => formState.value.title,
+  (v) => populateName(v),
 )
 
 // select and focus title field on load
@@ -400,12 +399,12 @@ onMounted(async () => {
 })
 
 watch(
-    connectionType,
-    (v) => {
-      formState.value.dataSource.client = v
-      onClientChange()
-    },
-    {immediate: true},
+  connectionType,
+  (v) => {
+    formState.value.dataSource.client = v
+    onClientChange()
+  },
+  { immediate: true },
 )
 const toggleModal = (val: boolean) => {
   vOpen.value = val
@@ -434,54 +433,54 @@ const allowDataWrite = computed({
 
 <template>
   <GeneralModal
-      :visible="vOpen"
-      :closable="!creatingSource"
-      :keyboard="!creatingSource"
-      :mask-closable="false"
-      size="medium"
-      @update:visible="toggleModal"
+    :visible="vOpen"
+    :closable="!creatingSource"
+    :keyboard="!creatingSource"
+    :mask-closable="false"
+    size="medium"
+    @update:visible="toggleModal"
   >
     <div class="py-6 px-8">
       <div class="create-source bg-white relative flex flex-col justify-center gap-2 w-full">
         <h1 class="prose-xl font-bold self-start mb-4 flex items-center gap-2">
           {{ $t('title.newBase') }}
-          <DashboardSettingsDataSourcesInfo/>
+          <DashboardSettingsDataSourcesInfo />
           <span class="flex-grow"></span>
         </h1>
 
         <a-form
-            ref="form"
-            :model="formState"
-            name="external-base-create-form"
-            layout="horizontal"
-            no-style
-            :label-col="{ span: 8 }"
+          ref="form"
+          :model="formState"
+          name="external-base-create-form"
+          layout="horizontal"
+          no-style
+          :label-col="{ span: 8 }"
         >
           <div
-              class="nc-scrollbar-md"
-              :style="{
+            class="nc-scrollbar-md"
+            :style="{
               maxHeight: '60vh',
             }"
           >
             <a-form-item label="Source Name" v-bind="validateInfos.title">
-              <a-input v-model:value="formState.title" class="nc-extdb-proj-name"/>
+              <a-input v-model:value="formState.title" class="nc-extdb-proj-name" />
             </a-form-item>
 
             <a-form-item :label="$t('labels.dbType')" v-bind="validateInfos['dataSource.client']">
               <a-select
-                  v-model:value="formState.dataSource.client"
-                  class="nc-extdb-db-type"
-                  dropdown-class-name="nc-dropdown-ext-db-type"
-                  @change="onClientChange"
+                v-model:value="formState.dataSource.client"
+                class="nc-extdb-db-type"
+                dropdown-class-name="nc-dropdown-ext-db-type"
+                @change="onClientChange"
               >
                 <a-select-option v-for="client in clientTypes" :key="client.value" :value="client.value">
                   <div class="flex items-center gap-2 justify-between">
                     <div>{{ client.text }}</div>
                     <component
-                        :is="iconMap.check"
-                        v-if="formState.dataSource.client === client.value"
-                        id="nc-selected-item-icon"
-                        class="text-primary w-4 h-4"
+                      :is="iconMap.check"
+                      v-if="formState.dataSource.client === client.value"
+                      id="nc-selected-item-icon"
+                      class="text-primary w-4 h-4"
                     />
                   </div>
                 </a-select-option>
@@ -490,41 +489,40 @@ const allowDataWrite = computed({
 
             <!-- SQLite File -->
             <a-form-item
-                v-if="formState.dataSource.client === ClientType.SQLITE"
-                :label="$t('labels.sqliteFile')"
-                v-bind="validateInfos['dataSource.connection.connection.filename']"
+              v-if="formState.dataSource.client === ClientType.SQLITE"
+              :label="$t('labels.sqliteFile')"
+              v-bind="validateInfos['dataSource.connection.connection.filename']"
             >
-              <a-input v-model:value="(formState.dataSource.connection as SQLiteConnection).connection.filename"/>
+              <a-input v-model:value="(formState.dataSource.connection as SQLiteConnection).connection.filename" />
             </a-form-item>
 
             <template v-else>
               <!-- Host Address -->
               <a-form-item :label="$t('labels.hostAddress')" v-bind="validateInfos['dataSource.connection.host']">
                 <a-input
-                    v-model:value="(formState.dataSource.connection as DefaultConnection).host"
-                    class="nc-extdb-host-address"
+                  v-model:value="(formState.dataSource.connection as DefaultConnection).host"
+                  class="nc-extdb-host-address"
                 />
               </a-form-item>
 
               <!-- Port Number -->
               <a-form-item :label="$t('labels.port')" v-bind="validateInfos['dataSource.connection.port']">
                 <a-input-number
-                    v-model:value="(formState.dataSource.connection as DefaultConnection).port"
-                    class="!w-full nc-extdb-host-port"
+                  v-model:value="(formState.dataSource.connection as DefaultConnection).port"
+                  class="!w-full nc-extdb-host-port"
                 />
               </a-form-item>
 
               <!-- Username -->
               <a-form-item :label="$t('labels.username')" v-bind="validateInfos['dataSource.connection.user']">
-                <a-input v-model:value="(formState.dataSource.connection as DefaultConnection).user"
-                         class="nc-extdb-host-user"/>
+                <a-input v-model:value="(formState.dataSource.connection as DefaultConnection).user" class="nc-extdb-host-user" />
               </a-form-item>
 
               <!-- Password -->
               <a-form-item :label="$t('labels.password')">
                 <a-input-password
-                    v-model:value="(formState.dataSource.connection as DefaultConnection).password"
-                    class="nc-extdb-host-password"
+                  v-model:value="(formState.dataSource.connection as DefaultConnection).password"
+                  class="nc-extdb-host-password"
                 />
               </a-form-item>
 
@@ -532,19 +530,19 @@ const allowDataWrite = computed({
               <a-form-item :label="$t('labels.database')" v-bind="validateInfos['dataSource.connection.database']">
                 <!-- Database : create if not exists -->
                 <a-input
-                    v-model:value="formState.dataSource.connection.database"
-                    :placeholder="$t('labels.dbCreateIfNotExists')"
-                    class="nc-extdb-host-database"
+                  v-model:value="formState.dataSource.connection.database"
+                  :placeholder="$t('labels.dbCreateIfNotExists')"
+                  class="nc-extdb-host-database"
                 />
               </a-form-item>
 
               <!-- Schema name -->
               <a-form-item
-                  v-if="[ClientType.MSSQL, ClientType.PG].includes(formState.dataSource.client) && formState.dataSource.searchPath"
-                  :label="$t('labels.schemaName')"
-                  v-bind="validateInfos['dataSource.searchPath.0']"
+                v-if="[ClientType.MSSQL, ClientType.PG].includes(formState.dataSource.client) && formState.dataSource.searchPath"
+                :label="$t('labels.schemaName')"
+                v-bind="validateInfos['dataSource.searchPath.0']"
               >
-                <a-input v-model:value="formState.dataSource.searchPath[0]"/>
+                <a-input v-model:value="formState.dataSource.searchPath[0]" />
               </a-form-item>
               <a-form-item>
                 <template #label>
@@ -556,7 +554,7 @@ const allowDataWrite = computed({
                       <template #title>
                         <span>{{ $t('tooltip.allowMetaWrite') }}</span>
                       </template>
-                      <GeneralIcon class="text-gray-500" icon="info"/>
+                      <GeneralIcon class="text-gray-500" icon="info" />
                     </NcTooltip>
                   </div>
                 </template>
@@ -565,9 +563,9 @@ const allowDataWrite = computed({
               <a-form-item>
                 <template #label>
                   <div class="flex gap-1 justify-end">
-                <span>
-                  {{ $t('labels.allowDataWrite') }}
-                </span>
+                    <span>
+                      {{ $t('labels.allowDataWrite') }}
+                    </span>
                     <NcTooltip>
                       <template #title>
                         <span>{{ $t('tooltip.allowDataWrite') }}</span>
@@ -582,10 +580,10 @@ const allowDataWrite = computed({
                       {{ $t('tooltip.dataWriteOptionDisabled') }}
                     </template>
                     <a-switch
-                        v-model:checked="allowDataWrite"
-                        :disabled="allowMetaWrite"
-                        data-testid="nc-allow-data-write"
-                        size="small"
+                      v-model:checked="allowDataWrite"
+                      :disabled="allowMetaWrite"
+                      data-testid="nc-allow-data-write"
+                      size="small"
                     ></a-switch>
                   </NcTooltip>
                 </div>
@@ -593,8 +591,7 @@ const allowDataWrite = computed({
 
               <div class="flex items-right justify-end gap-2">
                 <!--                Use Connection URL -->
-                <NcButton type="ghost" size="small" class="nc-extdb-btn-import-url !rounded-md"
-                          @click.stop="importURLDlg = true">
+                <NcButton type="ghost" size="small" class="nc-extdb-btn-import-url !rounded-md" @click.stop="importURLDlg = true">
                   {{ $t('activity.useConnectionUrl') }}
                 </NcButton>
               </div>
@@ -606,18 +603,18 @@ const allowDataWrite = computed({
                   </template>
                   <a-form-item label="SSL mode">
                     <a-select
-                        v-model:value="formState.sslUse"
-                        dropdown-class-name="nc-dropdown-ssl-mode"
-                        @select="onSSLModeChange"
+                      v-model:value="formState.sslUse"
+                      dropdown-class-name="nc-dropdown-ssl-mode"
+                      @select="onSSLModeChange"
                     >
                       <a-select-option v-for="opt in Object.values(SSLUsage)" :key="opt" :value="opt">
                         <div class="flex items-center gap-2 justify-between">
                           <div>{{ opt }}</div>
                           <component
-                              :is="iconMap.check"
-                              v-if="formState?.sslUse === opt"
-                              id="nc-selected-item-icon"
-                              class="text-primary w-4 h-4"
+                            :is="iconMap.check"
+                            v-if="formState?.sslUse === opt"
+                            id="nc-selected-item-icon"
+                            class="text-primary w-4 h-4"
                           />
                         </div>
                       </a-select-option>
@@ -632,8 +629,7 @@ const allowDataWrite = computed({
                           <span>{{ $t('tooltip.clientCert') }}</span>
                         </template>
 
-                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow"
-                                  @click="certFileInput?.click()">
+                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow" @click="certFileInput?.click()">
                           {{ $t('labels.clientCert') }}
                         </NcButton>
                       </a-tooltip>
@@ -643,8 +639,7 @@ const allowDataWrite = computed({
                         <template #title>
                           <span>{{ $t('tooltip.clientKey') }}</span>
                         </template>
-                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow"
-                                  @click="keyFileInput?.click()">
+                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow" @click="keyFileInput?.click()">
                           {{ $t('labels.clientKey') }}
                         </NcButton>
                       </a-tooltip>
@@ -655,69 +650,65 @@ const allowDataWrite = computed({
                           <span>{{ $t('tooltip.clientCA') }}</span>
                         </template>
 
-                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow"
-                                  @click="caFileInput?.click()">
+                        <NcButton size="small" :disabled="!sslFilesRequired" class="shadow" @click="caFileInput?.click()">
                           {{ $t('labels.serverCA') }}
                         </NcButton>
                       </a-tooltip>
                     </div>
                   </a-form-item>
 
-                  <input ref="caFileInput" type="file" class="!hidden"
-                         @change="onFileSelect(CertTypes.ca, caFileInput)"/>
+                  <input ref="caFileInput" type="file" class="!hidden" @change="onFileSelect(CertTypes.ca, caFileInput)" />
 
-                  <input ref="certFileInput" type="file" class="!hidden"
-                         @change="onFileSelect(CertTypes.cert, certFileInput)"/>
+                  <input ref="certFileInput" type="file" class="!hidden" @change="onFileSelect(CertTypes.cert, certFileInput)" />
 
-                  <input ref="keyFileInput" type="file" class="!hidden"
-                         @change="onFileSelect(CertTypes.key, keyFileInput)"/>
+                  <input ref="keyFileInput" type="file" class="!hidden" @change="onFileSelect(CertTypes.key, keyFileInput)" />
 
-                  <a-divider/>
+                  <a-divider />
 
                   <!--            Extra connection parameters -->
                   <a-form-item
-                      class="mb-2"
-                      :label="$t('labels.extraConnectionParameters')"
-                      v-bind="validateInfos.extraParameters"
+                    class="mb-2"
+                    :label="$t('labels.extraConnectionParameters')"
+                    v-bind="validateInfos.extraParameters"
                   >
                     <a-card>
                       <div v-for="(item, index) of formState.extraParameters" :key="index">
                         <div class="flex py-1 items-center gap-1">
-                          <a-input v-model:value="item.key"/>
+                          <a-input v-model:value="item.key" />
 
                           <span>:</span>
 
-                          <a-input v-model:value="item.value"/>
+                          <a-input v-model:value="item.value" />
 
                           <component
-                              :is="iconMap.close"
-                              :style="{ 'font-size': '1.5em', 'color': 'red' }"
-                              @click="removeParam(index)"
+                            :is="iconMap.close"
+                            :style="{ 'font-size': '1.5em', 'color': 'red' }"
+                            @click="removeParam(index)"
                           />
                         </div>
                       </div>
                       <NcButton size="small" type="dashed" class="w-full caption mt-2" @click="addNewParam">
                         <div class="flex items-center justify-center">
-                          <component :is="iconMap.plus"/>
+                          <component :is="iconMap.plus" />
                         </div>
                       </NcButton>
                     </a-card>
                   </a-form-item>
 
-                  <a-divider/>
+                  <a-divider />
                   <a-form-item :label="$t('labels.inflection.tableName')">
                     <a-select
-                        v-model:value="formState.inflection.inflectionTable"
-                        dropdown-class-name="nc-dropdown-inflection-table-name"
+                      v-model:value="formState.inflection.inflectionTable"
+                      dropdown-class-name="nc-dropdown-inflection-table-name"
                     >
                       <a-select-option v-for="tp in inflectionTypes" :key="tp" :value="tp">
                         <div class="flex items-center gap-2 justify-between">
                           <div>{{ tp }}</div>
                           <component
-                              :is="iconMap.check"
-                              v-if="formState?.inflection?.inflectionTable === tp"
-                              id="nc-selected-item-icon"
-                              class="text-primary w-4 h-4"
+                            :is="iconMap.check"
+                            v-if="formState?.inflection?.inflectionTable === tp"
+                            id="nc-selected-item-icon"
+                            class="text-primary w-4 h-4"
                           />
                         </div>
                       </a-select-option>
@@ -726,18 +717,17 @@ const allowDataWrite = computed({
 
                   <a-form-item :label="$t('labels.inflection.columnName')">
                     <a-select
-                        v-model:value="formState.inflection.inflectionColumn"
-                        dropdown-class-name="nc-dropdown-inflection-column-name"
+                      v-model:value="formState.inflection.inflectionColumn"
+                      dropdown-class-name="nc-dropdown-inflection-column-name"
                     >
-                      <a-select-option v-for="tp in inflectionTypes" :key="tp" :value="tp"
-                      >
+                      <a-select-option v-for="tp in inflectionTypes" :key="tp" :value="tp">
                         <div class="flex items-center gap-2 justify-between">
                           <div>{{ tp }}</div>
                           <component
-                              :is="iconMap.check"
-                              v-if="formState?.inflection?.inflectionColumn === tp"
-                              id="nc-selected-item-icon"
-                              class="text-primary w-4 h-4"
+                            :is="iconMap.check"
+                            v-if="formState?.inflection?.inflectionColumn === tp"
+                            id="nc-selected-item-icon"
+                            class="text-primary w-4 h-4"
                           />
                         </div>
                       </a-select-option>
@@ -759,23 +749,23 @@ const allowDataWrite = computed({
             <div class="flex justify-end gap-2">
               <div class="w-[15px] h-[15px] cursor-pointer" @dblclick="onEasterEgg"></div>
               <NcButton
-                  :type="testSuccess ? 'ghost' : 'primary'"
-                  size="small"
-                  class="nc-extdb-btn-test-connection !rounded-md"
-                  :loading="testingConnection"
-                  @click="testConnection"
+                :type="testSuccess ? 'ghost' : 'primary'"
+                size="small"
+                class="nc-extdb-btn-test-connection !rounded-md"
+                :loading="testingConnection"
+                @click="testConnection"
               >
-                <GeneralIcon v-if="testSuccess" icon="circleCheck" class="text-primary mr-2"/>
+                <GeneralIcon v-if="testSuccess" icon="circleCheck" class="text-primary mr-2" />
                 {{ $t('activity.testDbConn') }}
               </NcButton>
 
               <NcButton
-                  size="small"
-                  type="primary"
-                  :disabled="!testSuccess"
-                  :loading="creatingSource"
-                  class="nc-extdb-btn-submit !rounded-md"
-                  @click="createSource"
+                size="small"
+                type="primary"
+                :disabled="!testSuccess"
+                :loading="creatingSource"
+                class="nc-extdb-btn-submit !rounded-md"
+                @click="createSource"
               >
                 {{ $t('general.submit') }}
               </NcButton>
@@ -784,26 +774,26 @@ const allowDataWrite = computed({
         </a-form>
 
         <a-modal
-            v-model:visible="configEditDlg"
-            :title="$t('activity.editConnJson')"
-            width="600px"
-            wrap-class-name="nc-modal-edit-connection-json"
-            @ok="handleOk"
+          v-model:visible="configEditDlg"
+          :title="$t('activity.editConnJson')"
+          width="600px"
+          wrap-class-name="nc-modal-edit-connection-json"
+          @ok="handleOk"
         >
-          <MonacoEditor v-if="configEditDlg" v-model="customFormState" class="h-[400px] w-full"/>
+          <MonacoEditor v-if="configEditDlg" v-model="customFormState" class="h-[400px] w-full" />
         </a-modal>
 
         <!--    Use Connection URL -->
         <a-modal
-            v-model:visible="importURLDlg"
-            :title="$t('activity.useConnectionUrl')"
-            width="500px"
-            :ok-text="$t('general.ok')"
-            :cancel-text="$t('general.cancel')"
-            wrap-class-name="nc-modal-connection-url"
-            @ok="handleImportURL"
+          v-model:visible="importURLDlg"
+          :title="$t('activity.useConnectionUrl')"
+          width="500px"
+          :ok-text="$t('general.ok')"
+          :cancel-text="$t('general.cancel')"
+          wrap-class-name="nc-modal-connection-url"
+          @ok="handleImportURL"
         >
-          <a-input v-model:value="importURL"/>
+          <a-input v-model:value="importURL" />
         </a-modal>
       </div>
     </div>
diff --git a/packages/nocodb/src/utils/acl.ts b/packages/nocodb/src/utils/acl.ts
index 2d00d814eb..a9184eb5fb 100644
--- a/packages/nocodb/src/utils/acl.ts
+++ b/packages/nocodb/src/utils/acl.ts
@@ -450,28 +450,34 @@ Object.values(rolePermissions).forEach((role) => {
   }
 });
 
-// excluded/restricted permissions at source level based on source restriction
+// Excluded permissions for source restrictions
 // `true` means permission is restricted and `false`/missing means permission is allowed
 export const sourceRestrictions = {
-  [SourceRestriction.DATA_READONLY]: {
-    dataInsert: true,
-    dataEdit: true,
-    dataDelete: true,
-    airtableImport: true,
-    csvImport: true,
-    jsonImport: true,
-    excelImport: true,
-  },
   [SourceRestriction.SCHEMA_READONLY]: {
     tableCreate: true,
-    tableRename: true,
     tableDelete: true,
-    tableDuplicate: true,
-    airtableImport: true,
-    csvImport: true,
-    jsonImport: true,
-    excelImport: true,
+    tableUpdate: true,
+    // columnAdd: true,
+    // columnDelete: true,
+    // columnUpdate: true,
+    columnBulk: true,
+  },
+  [SourceRestriction.DATA_READONLY]: {
+    dataUpdate: true,
+    dataDelete: true,
+    dataInsert: true,
+    bulkDataInsert: true,
+    bulkDataUpdate: true,
+    bulkDataUpdateAll: true,
+    bulkDataDelete: true,
+    bulkDataDeleteAll: true,
+    relationDataRemove: true,
+    relationDataAdd: true,
+    nestedDataListCopyPasteOrDeleteAll: true,
+    nestedDataUnlink: true,
+    nestedDataLink: true,
   },
 };
 
+
 export default rolePermissions;

From 652a1676d8204965c09c71f9cec24afe6e4318dd Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:19 +0000
Subject: [PATCH 24/28] test: extract title from base in context

---
 packages/nc-gui/lib/acl.ts                                   | 2 --
 packages/nocodb/src/utils/acl.ts                             | 4 ----
 tests/playwright/tests/db/general/sourceRestrictions.spec.ts | 4 ++--
 3 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/packages/nc-gui/lib/acl.ts b/packages/nc-gui/lib/acl.ts
index d0124c0853..6755e87024 100644
--- a/packages/nc-gui/lib/acl.ts
+++ b/packages/nc-gui/lib/acl.ts
@@ -143,8 +143,6 @@ export const sourceRestrictions = {
     csvImport: true,
     jsonImport: true,
     excelImport: true,
-    fieldAdd: true,
-    fieldAlter: true,
     duplicateColumn: true,
     duplicateModel: true,
   },
diff --git a/packages/nocodb/src/utils/acl.ts b/packages/nocodb/src/utils/acl.ts
index a9184eb5fb..5111c5c595 100644
--- a/packages/nocodb/src/utils/acl.ts
+++ b/packages/nocodb/src/utils/acl.ts
@@ -457,9 +457,6 @@ export const sourceRestrictions = {
     tableCreate: true,
     tableDelete: true,
     tableUpdate: true,
-    // columnAdd: true,
-    // columnDelete: true,
-    // columnUpdate: true,
     columnBulk: true,
   },
   [SourceRestriction.DATA_READONLY]: {
@@ -479,5 +476,4 @@ export const sourceRestrictions = {
   },
 };
 
-
 export default rolePermissions;
diff --git a/tests/playwright/tests/db/general/sourceRestrictions.spec.ts b/tests/playwright/tests/db/general/sourceRestrictions.spec.ts
index 8510170c14..c218a81642 100644
--- a/tests/playwright/tests/db/general/sourceRestrictions.spec.ts
+++ b/tests/playwright/tests/db/general/sourceRestrictions.spec.ts
@@ -29,7 +29,7 @@ test.describe('Source Restrictions', () => {
   });
 
   test('Readonly data source', async () => {
-    await dashboard.treeView.openProjectSourceSettings({ title: context.defaultProjectTitle, context });
+    await dashboard.treeView.openProjectSourceSettings({ title: context.base.title, context });
 
     await settingsPage.selectTab({ tab: 'dataSources' });
     await dashboard.rootPage.waitForTimeout(300);
@@ -56,7 +56,7 @@ test.describe('Source Restrictions', () => {
   });
 
   test('Readonly schema source', async () => {
-    await dashboard.treeView.openProjectSourceSettings({ title: context.defaultProjectTitle, context });
+    await dashboard.treeView.openProjectSourceSettings({ title: context.base.title, context });
 
     await settingsPage.selectTab({ tab: 'dataSources' });
     await dashboard.rootPage.waitForTimeout(300);

From 091ec733b4dc077afcc2e912203f304638256ca5 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:19 +0000
Subject: [PATCH 25/28] test: disable datatype in dropdown if schema RO

---
 packages/nc-gui/components/smartsheet/column/EditOrAdd.vue | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue b/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
index 4e4629f9b0..93f78f0888 100644
--- a/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
+++ b/packages/nc-gui/components/smartsheet/column/EditOrAdd.vue
@@ -424,6 +424,7 @@ const filterOption = (input: string, option: { value: UITypes }) => {
               v-for="opt of uiTypesOptions"
               :key="opt.name"
               :value="opt.name"
+              :disabled="isMetaReadOnly && !readonlyMetaAllowedTypes.includes(opt.name)"
               v-bind="validateInfos.uidt"
               :class="{
                 'ant-select-item-option-active-selected': showHoverEffectOnSelectedType && formState.uidt === opt.name,
@@ -432,7 +433,11 @@ const filterOption = (input: string, option: { value: UITypes }) => {
             >
               <div class="w-full flex gap-2 items-center justify-between" :data-testid="opt.name">
                 <div class="flex gap-2 items-center">
-                  <component :is="opt.icon" class="text-gray-700 w-4 h-4" />
+                  <component
+                    :is="opt.icon"
+                    class="w-4 h-4"
+                    :class="isMetaReadOnly && !readonlyMetaAllowedTypes.includes(opt.name) ? 'text-gray-300' : 'text-gray-700'"
+                  />
                   <div class="flex-1">{{ UITypesName[opt.name] }}</div>
                   <span v-if="opt.deprecated" class="!text-xs !text-gray-300">({{ $t('general.deprecated') }})</span>
                 </div>

From c5a1047d0bdbf0ba38b93708f5a8c9e843f62ad0 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:19 +0000
Subject: [PATCH 26/28] fix: show RO option for all type of sources

---
 .../settings/data-sources/CreateBase.vue      | 89 ++++++++++---------
 .../settings/data-sources/EditBase.vue        | 89 ++++++++++---------
 2 files changed, 96 insertions(+), 82 deletions(-)

diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
index 2c4be3b64a..588ed3b996 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/CreateBase.vue
@@ -544,51 +544,58 @@ const allowDataWrite = computed({
               >
                 <a-input v-model:value="formState.dataSource.searchPath[0]" />
               </a-form-item>
-              <a-form-item>
-                <template #label>
-                  <div class="flex gap-1 justify-end">
-                    <span>
-                      {{ $t('labels.allowMetaWrite') }}
-                    </span>
-                    <NcTooltip>
-                      <template #title>
-                        <span>{{ $t('tooltip.allowMetaWrite') }}</span>
-                      </template>
-                      <GeneralIcon class="text-gray-500" icon="info" />
-                    </NcTooltip>
-                  </div>
-                </template>
-                <a-switch v-model:checked="allowMetaWrite" data-testid="nc-allow-meta-write" size="small"></a-switch>
-              </a-form-item>
-              <a-form-item>
-                <template #label>
-                  <div class="flex gap-1 justify-end">
-                    <span>
-                      {{ $t('labels.allowDataWrite') }}
-                    </span>
-                    <NcTooltip>
-                      <template #title>
-                        <span>{{ $t('tooltip.allowDataWrite') }}</span>
-                      </template>
-                      <GeneralIcon class="text-gray-500" icon="info" />
-                    </NcTooltip>
-                  </div>
-                </template>
-                <div class="flex justify-start">
-                  <NcTooltip :disabled="!allowMetaWrite" placement="topLeft">
+            </template>
+            <a-form-item>
+              <template #label>
+                <div class="flex gap-1 justify-end">
+                  <span>
+                    {{ $t('labels.allowMetaWrite') }}
+                  </span>
+                  <NcTooltip>
                     <template #title>
-                      {{ $t('tooltip.dataWriteOptionDisabled') }}
+                      <span>{{ $t('tooltip.allowMetaWrite') }}</span>
                     </template>
-                    <a-switch
-                      v-model:checked="allowDataWrite"
-                      :disabled="allowMetaWrite"
-                      data-testid="nc-allow-data-write"
-                      size="small"
-                    ></a-switch>
+                    <GeneralIcon class="text-gray-500" icon="info" />
                   </NcTooltip>
                 </div>
-              </a-form-item>
-
+              </template>
+              <a-switch v-model:checked="allowMetaWrite" data-testid="nc-allow-meta-write" size="small"></a-switch>
+            </a-form-item>
+            <a-form-item>
+              <template #label>
+                <div class="flex gap-1 justify-end">
+                  <span>
+                    {{ $t('labels.allowDataWrite') }}
+                  </span>
+                  <NcTooltip>
+                    <template #title>
+                      <span>{{ $t('tooltip.allowDataWrite') }}</span>
+                    </template>
+                    <GeneralIcon class="text-gray-500" icon="info" />
+                  </NcTooltip>
+                </div>
+              </template>
+              <div class="flex justify-start">
+                <NcTooltip :disabled="!allowMetaWrite" placement="topLeft">
+                  <template #title>
+                    {{ $t('tooltip.dataWriteOptionDisabled') }}
+                  </template>
+                  <a-switch
+                    v-model:checked="allowDataWrite"
+                    :disabled="allowMetaWrite"
+                    data-testid="nc-allow-data-write"
+                    size="small"
+                  ></a-switch>
+                </NcTooltip>
+              </div>
+            </a-form-item>
+            <template
+              v-if="
+                formState.dataSource.client !== ClientType.SQLITE &&
+                formState.dataSource.client !== ClientType.DATABRICKS &&
+                formState.dataSource.client !== ClientType.SNOWFLAKE
+              "
+            >
               <div class="flex items-right justify-end gap-2">
                 <!--                Use Connection URL -->
                 <NcButton type="ghost" size="small" class="nc-extdb-btn-import-url !rounded-md" @click.stop="importURLDlg = true">
diff --git a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
index 5a4438c35a..221f2dd9c6 100644
--- a/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
+++ b/packages/nc-gui/components/dashboard/settings/data-sources/EditBase.vue
@@ -562,51 +562,58 @@ const allowDataWrite = computed({
           >
             <a-input v-model:value="formState.dataSource.searchPath[0]" />
           </a-form-item>
-
-          <a-form-item>
-            <template #label>
-              <div class="flex gap-1 justify-end">
-                <span>
-                  {{ $t('labels.allowMetaWrite') }}
-                </span>
-                <NcTooltip>
-                  <template #title>
-                    <span>{{ $t('tooltip.allowMetaWrite') }}</span>
-                  </template>
-                  <GeneralIcon class="text-gray-500" icon="info" />
-                </NcTooltip>
-              </div>
-            </template>
-            <a-switch v-model:checked="allowMetaWrite" data-testid="nc-allow-meta-write" size="small"></a-switch>
-          </a-form-item>
-          <a-form-item>
-            <template #label>
-              <div class="flex gap-1 justify-end">
-                <span>
-                  {{ $t('labels.allowDataWrite') }}
-                </span>
-                <NcTooltip>
-                  <template #title>
-                    <span>{{ $t('tooltip.allowDataWrite') }}</span>
-                  </template>
-                  <GeneralIcon class="text-gray-500" icon="info" />
-                </NcTooltip>
-              </div>
-            </template>
-            <div class="flex justify-start">
-              <NcTooltip :disabled="!allowMetaWrite" placement="topLeft">
+        </template>
+        <a-form-item>
+          <template #label>
+            <div class="flex gap-1 justify-end">
+              <span>
+                {{ $t('labels.allowMetaWrite') }}
+              </span>
+              <NcTooltip>
                 <template #title>
-                  {{ $t('tooltip.dataWriteOptionDisabled') }}
+                  <span>{{ $t('tooltip.allowMetaWrite') }}</span>
                 </template>
-                <a-switch
-                  v-model:checked="allowDataWrite"
-                  :disabled="allowMetaWrite"
-                  data-testid="nc-allow-data-write"
-                  size="small"
-                ></a-switch>
+                <GeneralIcon class="text-gray-500" icon="info" />
               </NcTooltip>
             </div>
-          </a-form-item>
+          </template>
+          <a-switch v-model:checked="allowMetaWrite" data-testid="nc-allow-meta-write" size="small"></a-switch>
+        </a-form-item>
+        <a-form-item>
+          <template #label>
+            <div class="flex gap-1 justify-end">
+              <span>
+                {{ $t('labels.allowDataWrite') }}
+              </span>
+              <NcTooltip>
+                <template #title>
+                  <span>{{ $t('tooltip.allowDataWrite') }}</span>
+                </template>
+                <GeneralIcon class="text-gray-500" icon="info" />
+              </NcTooltip>
+            </div>
+          </template>
+          <div class="flex justify-start">
+            <NcTooltip :disabled="!allowMetaWrite" placement="topLeft">
+              <template #title>
+                {{ $t('tooltip.dataWriteOptionDisabled') }}
+              </template>
+              <a-switch
+                v-model:checked="allowDataWrite"
+                :disabled="allowMetaWrite"
+                data-testid="nc-allow-data-write"
+                size="small"
+              ></a-switch>
+            </NcTooltip>
+          </div>
+        </a-form-item>
+        <template
+          v-if="
+            formState.dataSource.client !== ClientType.SQLITE &&
+            formState.dataSource.client !== ClientType.DATABRICKS &&
+            formState.dataSource.client !== ClientType.SNOWFLAKE
+          "
+        >
           <!--                Use Connection URL -->
           <div class="flex justify-end gap-2">
             <NcButton size="small" type="ghost" class="nc-extdb-btn-import-url !rounded-md" @click.stop="importURLDlg = true">

From e125832a1b95f37097e0faadadebce3c16b13dbe Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:19 +0000
Subject: [PATCH 27/28] refactor: add tooltip for disabled ui datatype

---
 .../column/UITypesOptionsWithSearch.vue       | 50 +++++++++++--------
 packages/nc-gui/lang/en.json                  |  1 +
 2 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue b/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
index 91eabe6beb..29e4751df3 100644
--- a/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
+++ b/packages/nc-gui/components/smartsheet/column/UITypesOptionsWithSearch.vue
@@ -101,31 +101,39 @@ const isDisabledUIType = (type: UITypes) => {
         {{ options.length ? $t('title.noResultsMatchedYourSearch') : 'The list is empty' }}
       </div>
 
-      <div
+      <NcTooltip
         v-for="(option, index) in filteredOptions"
         :key="index"
-        class="flex w-full py-2 items-center justify-between px-2 rounded-md"
-        :class="[
-          `nc-column-list-option-${index}`,
-          {
-            'hover:bg-gray-100 cursor-pointer': !isDisabledUIType(option.name),
-            'bg-gray-100 nc-column-list-option-active': activeFieldIndex === index && !isDisabledUIType(option.name),
-            '!text-gray-400 cursor-not-allowed': isDisabledUIType(option.name),
-          },
-        ]"
-        :data-testid="option.name"
-        @click="onClick(option.name)"
+        :disabled="!isDisabledUIType(option.name)"
+        placement="left"
       >
-        <div class="flex gap-2 items-center">
-          <component
-            :is="option.icon"
-            class="w-4 h-4"
-            :class="isDisabledUIType(option.name) ? '!text-gray-400' : 'text-gray-700'"
-          />
-          <div class="flex-1 text-sm">{{ UITypesName[option.name] }}</div>
-          <span v-if="option.deprecated" class="!text-xs !text-gray-300">({{ $t('general.deprecated') }})</span>
+        <template #title>
+          {{ $t('tooltip.typeNotAllowed') }}
+        </template>
+        <div
+          class="flex w-full py-2 items-center justify-between px-2 rounded-md"
+          :class="[
+            `nc-column-list-option-${index}`,
+            {
+              'hover:bg-gray-100 cursor-pointer': !isDisabledUIType(option.name),
+              'bg-gray-100 nc-column-list-option-active': activeFieldIndex === index && !isDisabledUIType(option.name),
+              '!text-gray-400 cursor-not-allowed': isDisabledUIType(option.name),
+            },
+          ]"
+          :data-testid="option.name"
+          @click="onClick(option.name)"
+        >
+          <div class="flex gap-2 items-center">
+            <component
+              :is="option.icon"
+              class="w-4 h-4"
+              :class="isDisabledUIType(option.name) ? '!text-gray-400' : 'text-gray-700'"
+            />
+            <div class="flex-1 text-sm">{{ UITypesName[option.name] }}</div>
+            <span v-if="option.deprecated" class="!text-xs !text-gray-300">({{ $t('general.deprecated') }})</span>
+          </div>
         </div>
-      </div>
+      </NcTooltip>
     </div>
   </div>
 </template>
diff --git a/packages/nc-gui/lang/en.json b/packages/nc-gui/lang/en.json
index 395b8aec47..15f83db5d7 100644
--- a/packages/nc-gui/lang/en.json
+++ b/packages/nc-gui/lang/en.json
@@ -1040,6 +1040,7 @@
     "group": "Group"
   },
   "tooltip": {
+    "typeNotAllowed": "This datatype is not allowed due to restricted schema alterations for this source.",
     "dataWriteOptionDisabled": "Data editing can only be disabled when 'Schema editing' is also disabled.",
     "allowMetaWrite": "Enable this option to allow modifications to the database schema, including adding, altering, or deleting tables and columns. Use with caution, as changes may affect application functionality.",
     "allowDataWrite": "Enable this option to allow updating, deleting, or inserting data within the database tables. Ideal for administrative users who need to manage data directly.",

From cd735c9be364284cd5596f8dfcd9c1e6d0b00d27 Mon Sep 17 00:00:00 2001
From: Pranav C <pranavxc@gmail.com>
Date: Tue, 18 Jun 2024 19:06:19 +0000
Subject: [PATCH 28/28] fix: pass source reference

---
 .../components/dashboard/TreeView/BaseOptions.vue      |  6 +++++-
 .../components/dashboard/TreeView/ProjectNode.vue      | 10 ++++++----
 .../nc-gui/components/dashboard/TreeView/index.vue     |  1 +
 packages/nc-gui/components/project/AllTables.vue       |  4 ++--
 4 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue b/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue
index 0c04553bcc..2c81f96fab 100644
--- a/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/BaseOptions.vue
@@ -80,7 +80,11 @@ function openQuickImportDialog(type: string) {
       </div>
     </NcMenuItem>
 
-    <NcMenuItem v-if="isUIAllowed('csvImport', { roles: baseRole })" key="quick-import-csv" @click="openQuickImportDialog('csv')">
+    <NcMenuItem
+      v-if="isUIAllowed('csvImport', { roles: baseRole, source })"
+      key="quick-import-csv"
+      @click="openQuickImportDialog('csv')"
+    >
       <div v-e="['c:import:csv']" class="flex gap-2 items-center">
         <GeneralIcon icon="csv" class="w-4 group-hover:text-black" />
         {{ $t('labels.csvFile') }}
diff --git a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
index b277448459..7475944d01 100644
--- a/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/ProjectNode.vue
@@ -101,9 +101,7 @@ const baseViewOpen = computed(() => {
 })
 
 const showBaseOption = (source: SourceType) => {
-  return ['airtableImport', 'csvImport', 'jsonImport', 'excelImport'].some((permission) =>
-    isUIAllowed(permission, { source }),
-  )
+  return ['airtableImport', 'csvImport', 'jsonImport', 'excelImport'].some((permission) => isUIAllowed(permission, { source }))
 }
 
 const enableEditMode = () => {
@@ -823,7 +821,11 @@ const getSource = (sourceId: string) => {
                                     </div>
                                   </NcMenuItem>
 
-                                  <DashboardTreeViewBaseOptions v-if="showBaseOption(source)" v-model:base="base" :source="source" />
+                                  <DashboardTreeViewBaseOptions
+                                    v-if="showBaseOption(source)"
+                                    v-model:base="base"
+                                    :source="source"
+                                  />
                                 </NcMenu>
                               </template>
                             </NcDropdown>
diff --git a/packages/nc-gui/components/dashboard/TreeView/index.vue b/packages/nc-gui/components/dashboard/TreeView/index.vue
index 84220e5466..d5af29babd 100644
--- a/packages/nc-gui/components/dashboard/TreeView/index.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/index.vue
@@ -100,6 +100,7 @@ const duplicateTable = async (table: TableType) => {
 
 const isCreateTableAllowed = computed(
   () =>
+    base.value?.sources?.[0] &&
     isUIAllowed('tableCreate', { source: base.value?.sources?.[0] }) &&
     route.value.name !== 'index' &&
     route.value.name !== 'index-index' &&
diff --git a/packages/nc-gui/components/project/AllTables.vue b/packages/nc-gui/components/project/AllTables.vue
index 66fc484752..57f8c66c75 100644
--- a/packages/nc-gui/components/project/AllTables.vue
+++ b/packages/nc-gui/components/project/AllTables.vue
@@ -76,7 +76,7 @@ function openTableCreateDialog(baseIndex?: number | undefined) {
       }"
     >
       <div
-        v-if="isUIAllowed('tableCreate', { source: openedProject?.sources?.[0] })"
+        v-if="isUIAllowed('tableCreate', { source: base?.sources?.[0] })"
         role="button"
         class="nc-base-view-all-table-btn"
         data-testid="proj-view-btn__add-new-table"
@@ -86,7 +86,7 @@ function openTableCreateDialog(baseIndex?: number | undefined) {
         <div class="label">{{ $t('general.new') }} {{ $t('objects.table') }}</div>
       </div>
       <div
-        v-if="isUIAllowed('tableCreate', { source: openedProject?.sources?.[0] })"
+        v-if="isUIAllowed('tableCreate', { source: base?.sources?.[0] })"
         v-e="['c:table:import']"
         role="button"
         class="nc-base-view-all-table-btn"