fix: pass source reference where it's missing

2 weeks ago · 76ff5594d1
8 changed files with 30 additions and 11 deletions
--- a/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/AddNewTableNode.vue
@ -112,11 +112,15 @@ function openTableCreateMagicDialog(sourceId?: string) {
    close(1000)
  }
 }
+
+const source = computed(() => {
+  return base.value?.sources?.[props.sourceIndex]
+})
 </script>

 <template>
  <div
-    v-if="isUIAllowed('tableCreate', { roles: baseRole })"
+    v-if="isUIAllowed('tableCreate', { roles: baseRole, source })"
    class="group flex items-center gap-2 pl-2 pr-4.75 py-1 text-primary/70 hover:(text-primary/100) cursor-pointer select-none"
    @click="emit('openTableCreateDialog')"
  >
--- a/packages/nc-gui/components/dashboard/TreeView/index.vue
+++ b/packages/nc-gui/components/dashboard/TreeView/index.vue
@ -15,7 +15,7 @@ const basesStore = useBases()

 const { createProject: _createProject, updateProject } = basesStore

-const { bases, basesList, activeProjectId } = storeToRefs(basesStore)
+const { bases, basesList, activeProjectId, b } = storeToRefs(basesStore)

 const { isWorkspaceLoading } = storeToRefs(useWorkspace())

@ -23,7 +23,7 @@ const baseCreateDlg = ref(false)

 const baseStore = useBase()

-const { isSharedBase } = storeToRefs(baseStore)
+const { isSharedBase, base } = storeToRefs(baseStore)

 const { activeTable: _activeTable } = storeToRefs(useTablesStore())

@ -100,7 +100,7 @@ const duplicateTable = async (table: TableType) => {

 const isCreateTableAllowed = computed(
  () =>
-    isUIAllowed('tableCreate') &&
+    isUIAllowed('tableCreate', { source: base.value?.sources?.[0] }) &&
    route.value.name !== 'index' &&
    route.value.name !== 'index-index' &&
    route.value.name !== 'index-index-create' &&
--- a/packages/nc-gui/composables/useCalendarViewStore.ts
+++ b/packages/nc-gui/composables/useCalendarViewStore.ts
@ -558,7 +558,7 @@ const [useProvideCalendarViewStore, useCalendarViewStore] = useInjectionState(
    }

    async function updateCalendarMeta(updateObj: Partial<CalendarType>) {
-      if (!viewMeta?.value?.id || !isUIAllowed('dataEdit') || isPublic.value) return
+      if (!viewMeta?.value?.id || !isUIAllowed('dataEdit', { skipSourceCheck: true }) || isPublic.value) return

      const updateValue = {
        ...(typeof calendarMetaData.value.meta === 'string'
--- a/packages/nc-gui/composables/useKanbanViewStore.ts
+++ b/packages/nc-gui/composables/useKanbanViewStore.ts
@ -312,7 +312,13 @@ const [useProvideKanbanViewStore, useKanbanViewStore] = useInjectionState(
    }

    async function updateKanbanMeta(updateObj: Partial<KanbanType>) {
-      if (!viewMeta?.value?.id || !isUIAllowed('dataEdit')) return
+      if (
+        !viewMeta?.value?.id ||
+        !isUIAllowed('dataEdit', {
+          skipSourceCheck: true,
+        })
+      )
+        return
      await $api.dbView.kanbanUpdate(viewMeta.value.id, updateObj)
    }

--- a/packages/nc-gui/composables/useMapViewDataStore.ts
+++ b/packages/nc-gui/composables/useMapViewDataStore.ts
@ -84,7 +84,7 @@ const [useProvideMapViewStore, useMapViewStore] = useInjectionState(
    }

    async function updateMapMeta(updateObj: Partial<MapType>) {
-      if (!viewMeta?.value?.id || !isUIAllowed('dataEdit')) return
+      if (!viewMeta?.value?.id || !isUIAllowed('dataEdit', { skipSourceCheck: true })) return
      await $api.dbView.mapUpdate(viewMeta.value.id, updateObj)
    }

--- a/packages/nc-gui/context/index.ts
+++ b/packages/nc-gui/context/index.ts
@ -60,6 +60,10 @@ export const JsonExpandInj: InjectionKey<Ref<boolean>> = Symbol('json-expand-inj
 export const AllFiltersInj: InjectionKey<Ref<Record<string, FilterType[]>>> = Symbol('all-filters-injection')

 export const IsAdminPanelInj: InjectionKey<Ref<boolean>> = Symbol('is-admin-panel-injection')
+/**
+ * `ActiveSourceInj` is an injection key for providing the active source context to Vue components.
+ * This is mainly used in useRoles composable to get source level restriction configuration in GUI.
+ */
 export const ActiveSourceInj: InjectionKey<
  ComputedRef<
    SourceType & {
--- a/packages/nocodb/src/helpers/catchError.ts
+++ b/packages/nocodb/src/helpers/catchError.ts
@ -810,11 +810,11 @@ export class NcError {
    throw new MetaError(param);
  }

-  static sourceDataReadOnly(name: any) {
+  static sourceDataReadOnly(name: string) {
    NcError.forbidden(`Source '${name}' is read-only`);
  }

-  static sourceMetaReadOnly(name: any) {
+  static sourceMetaReadOnly(name: string) {
    NcError.forbidden(`Source '${name}' schema is read-only`);
  }
 }
--- a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
+++ b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
@ -75,13 +75,18 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
    // extract base id based on request path params
    if (params.baseName) {
      const base = await Base.getByTitleOrId(context, params.baseName);
+
+      if (!base) {
+        NcError.baseNotFound(params.baseName);
+      }
+
      if (base) {
        req.ncBaseId = base.id;
-        if (req.params.tableName) {
+        if (params.tableName) {
          // extract model and then source id from model
          const model = await Model.getByAliasOrId(context, {
            base_id: base.id,
-            aliasOrId: req.params.tableName,
+            aliasOrId: params.tableName,
          });

          if (!model) {