Browse Source

Merge pull request #6318 from nocodb/fix/6306-ui-acl

Fix  : Broken UI ACL
pull/6320/head
Raju Udava 1 year ago committed by GitHub
parent
commit
cb77853517
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      packages/nocodb/src/cache/RedisCacheMgr.ts
  2. 2
      packages/nocodb/src/cache/RedisMockCacheMgr.ts
  3. 2
      packages/nocodb/src/controllers/tables.controller.ts
  4. 8
      packages/nocodb/src/models/ModelRoleVisibility.ts
  5. 30
      packages/nocodb/src/modules/jobs/jobs/at-import/at-import.processor.ts
  6. 4
      packages/nocodb/src/services/tables.service.ts
  7. 8
      packages/nocodb/src/services/views.service.ts

2
packages/nocodb/src/cache/RedisCacheMgr.ts vendored

@ -178,7 +178,7 @@ export default class RedisCacheMgr extends CacheMgr {
let getKey = `${this.prefix}:${scope}:${o.id}`;
// special case - MODEL_ROLE_VISIBILITY
if (scope === CacheScope.MODEL_ROLE_VISIBILITY) {
getKey = `${this.prefix}:${scope}:${o.id}:${o.role}`;
getKey = `${this.prefix}:${scope}:${o.fk_view_id}:${o.role}`;
}
// set Get Key
log(`RedisCacheMgr::setList: setting key ${getKey}`);

2
packages/nocodb/src/cache/RedisMockCacheMgr.ts vendored

@ -174,7 +174,7 @@ export default class RedisMockCacheMgr extends CacheMgr {
let getKey = `${this.prefix}:${scope}:${o.id}`;
// special case - MODEL_ROLE_VISIBILITY
if (scope === CacheScope.MODEL_ROLE_VISIBILITY) {
getKey = `${this.prefix}:${scope}:${o.id}:${o.role}`;
getKey = `${this.prefix}:${scope}:${o.fk_view_id}:${o.role}`;
}
// set Get Key
log(`RedisMockCacheMgr::setList: setting key ${getKey}`);

2
packages/nocodb/src/controllers/tables.controller.ts

@ -38,7 +38,7 @@ export class TablesController {
projectId,
baseId,
includeM2M: includeM2M === 'true',
roles: extractRolesObj(req.user.roles),
roles: extractRolesObj(req.user.project_roles),
}),
);
}

8
packages/nocodb/src/models/ModelRoleVisibility.ts

@ -147,17 +147,21 @@ export default class ModelRoleVisibility implements ModelRoleVisibilityType {
insertObj.base_id = view.base_id;
}
await ncMeta.metaInsert2(
const result = await ncMeta.metaInsert2(
null,
null,
MetaTable.MODEL_ROLE_VISIBILITY,
insertObj,
);
const key = `${CacheScope.MODEL_ROLE_VISIBILITY}:${body.fk_view_id}:${body.role}`;
insertObj.id = result.id;
await NocoCache.appendToList(
CacheScope.MODEL_ROLE_VISIBILITY,
[insertObj.project_id],
`${CacheScope.MODEL_ROLE_VISIBILITY}:${body.fk_view_id}:${body.role}`,
key,
);
return this.get(

30
packages/nocodb/src/modules/jobs/jobs/at-import/at-import.processor.ts

@ -113,7 +113,7 @@ export class AtImportProcessor {
await sMapEM.init();
const userRole = syncDB.user.roles
.split(',')
.reduce((rolesObj, role) => ({ [role]: true, ...rolesObj }), {});
.reduce((rolesObj, role) => ({ [role]: true, ...rolesObj }));
const sMap = {
// static mapping records between aTblId && ncId
@ -666,7 +666,12 @@ export class AtImportProcessor {
const view = { list: [] };
view['list'] = await this.viewsService.viewList({
tableId: table.id,
user: { roles: userRole },
user: {
roles: userRole,
project_roles: {
owner: true,
},
},
});
recordPerfStats(_perfStart, 'dbView.list');
@ -745,7 +750,7 @@ export class AtImportProcessor {
const srcTbl: any =
await this.tablesService.getTableWithAccessibleViews({
tableId: srcTableId,
user: syncDB.user,
user: { ...syncDB.user, project_roles: { owner: true } },
});
recordPerfStats(_perfStart, 'dbTable.read');
@ -829,7 +834,7 @@ export class AtImportProcessor {
const childTblSchema: any =
await this.tablesService.getTableWithAccessibleViews({
tableId: ncLinkMappingTable[x].nc.childId,
user: syncDB.user,
user: { ...syncDB.user, project_roles: { owner: true } },
});
recordPerfStats(_perfStart, 'dbTable.read');
@ -837,7 +842,7 @@ export class AtImportProcessor {
const parentTblSchema: any =
await this.tablesService.getTableWithAccessibleViews({
tableId: ncLinkMappingTable[x].nc.parentId,
user: syncDB.user,
user: { ...syncDB.user, project_roles: { owner: true } },
});
recordPerfStats(_perfStart, 'dbTable.read');
@ -1734,7 +1739,12 @@ export class AtImportProcessor {
const viewList = { list: [] };
viewList['list'] = await this.viewsService.viewList({
tableId: tblId,
user: { roles: userRole },
user: {
roles: userRole,
project_roles: {
owner: true,
},
} as any,
});
recordPerfStats(_perfStart, 'dbView.list');
@ -1854,7 +1864,7 @@ export class AtImportProcessor {
const _perfStart = recordPerfStart();
const ncTbl: any = await this.tablesService.getTableWithAccessibleViews({
tableId: tblId,
user: syncDB.user,
user: { ...syncDB.user, project_roles: { owner: true } },
});
recordPerfStats(_perfStart, 'dbTable.read');
@ -2328,7 +2338,7 @@ export class AtImportProcessor {
ncTblList['list'] = await this.tablesService.getAccessibleTables({
projectId: ncCreatedProjectSchema.id,
baseId: syncDB.baseId,
roles: userRole,
roles: { ...userRole, owner: true },
});
recordPerfStats(_perfStart, 'base.tableList');
@ -2348,7 +2358,7 @@ export class AtImportProcessor {
const ncTbl: any =
await this.tablesService.getTableWithAccessibleViews({
tableId: ncTblList.list[i].id,
user: syncDB.user,
user: { ...syncDB.user, project_roles: { owner: true } },
});
recordPerfStats(_perfStart, 'dbTable.read');
@ -2383,7 +2393,7 @@ export class AtImportProcessor {
const ncTbl: any =
await this.tablesService.getTableWithAccessibleViews({
tableId: ncTblList.list[i].id,
user: syncDB.user,
user: { ...syncDB.user, project_roles: { owner: true } },
});
rtc.data.nestedLinks += await importLTARData({

4
packages/nocodb/src/services/tables.service.ts

@ -1,6 +1,6 @@
import { Injectable } from '@nestjs/common';
import DOMPurify from 'isomorphic-dompurify';
import { isLinksOrLTAR, isVirtualCol, ModelTypes, UITypes } from 'nocodb-sdk';
import { isLinksOrLTAR, isVirtualCol, ModelTypes, ProjectRoles, UITypes } from 'nocodb-sdk'
import { AppEvents } from 'nocodb-sdk';
import { MetaDiffsService } from './meta-diffs.service';
import { ColumnsService } from './columns.service';
@ -328,7 +328,7 @@ export class TablesService {
const tableViewMapping = viewList.reduce((o, view: any) => {
o[view.fk_model_id] = o[view.fk_model_id] || 0;
if (
Object.keys(param.roles).some(
Object.values(ProjectRoles).some(
(role) => param.roles[role] && !view.disabled[role],
)
) {

8
packages/nocodb/src/services/views.service.ts

@ -1,5 +1,5 @@
import { Injectable } from '@nestjs/common';
import { AppEvents } from 'nocodb-sdk';
import { AppEvents, ProjectRoles } from 'nocodb-sdk';
import type {
SharedViewReqType,
UserType,
@ -70,6 +70,7 @@ export class ViewsService {
tableId: string;
user: {
roles: Record<string, boolean>;
project_roles: Record<string, boolean>;
};
}) {
const model = await Model.get(param.tableId);
@ -82,8 +83,9 @@ export class ViewsService {
// todo: user roles
//await View.list(param.tableId)
const filteredViewList = viewList.filter((view: any) => {
return Object.keys(param?.user?.roles).some(
(role) => param?.user?.roles[role] && !view.disabled[role],
return Object.values(ProjectRoles).some(
(role) =>
param?.user?.['project_roles']?.[role] && !view.disabled[role],
);
});

Loading…
Cancel
Save