Merge pull request #6318 from nocodb/fix/6306-ui-acl

Fix  : Broken UI ACL

packages/nocodb/src/cache/RedisCacheMgr.ts

@@ -178,7 +178,7 @@ export default class RedisCacheMgr extends CacheMgr {
       let getKey = `${this.prefix}:${scope}:${o.id}`;
       // special case - MODEL_ROLE_VISIBILITY
       if (scope === CacheScope.MODEL_ROLE_VISIBILITY) {
-        getKey = `${this.prefix}:${scope}:${o.id}:${o.role}`;
+        getKey = `${this.prefix}:${scope}:${o.fk_view_id}:${o.role}`;
       }
       // set Get Key
       log(`RedisCacheMgr::setList: setting key ${getKey}`);

packages/nocodb/src/cache/RedisMockCacheMgr.ts

@@ -174,7 +174,7 @@ export default class RedisMockCacheMgr extends CacheMgr {
       let getKey = `${this.prefix}:${scope}:${o.id}`;
       // special case - MODEL_ROLE_VISIBILITY
       if (scope === CacheScope.MODEL_ROLE_VISIBILITY) {
-        getKey = `${this.prefix}:${scope}:${o.id}:${o.role}`;
+        getKey = `${this.prefix}:${scope}:${o.fk_view_id}:${o.role}`;
       }
       // set Get Key
       log(`RedisMockCacheMgr::setList: setting key ${getKey}`);

packages/nocodb/src/controllers/tables.controller.ts

@@ -38,7 +38,7 @@ export class TablesController {
         projectId,
         baseId,
         includeM2M: includeM2M === 'true',
-        roles: extractRolesObj(req.user.roles),
+        roles: extractRolesObj(req.user.project_roles),
       }),
     );
   }

packages/nocodb/src/models/ModelRoleVisibility.ts

@@ -147,17 +147,21 @@ export default class ModelRoleVisibility implements ModelRoleVisibilityType {
       insertObj.base_id = view.base_id;
     }
 
-    await ncMeta.metaInsert2(
+    const result = await ncMeta.metaInsert2(
       null,
       null,
       MetaTable.MODEL_ROLE_VISIBILITY,
       insertObj,
     );
 
+    const key = `${CacheScope.MODEL_ROLE_VISIBILITY}:${body.fk_view_id}:${body.role}`;
+
+    insertObj.id = result.id;
+
     await NocoCache.appendToList(
       CacheScope.MODEL_ROLE_VISIBILITY,
       [insertObj.project_id],
-      `${CacheScope.MODEL_ROLE_VISIBILITY}:${body.fk_view_id}:${body.role}`,
+      key,
     );
 
     return this.get(

packages/nocodb/src/modules/jobs/jobs/at-import/at-import.processor.ts

@@ -113,7 +113,7 @@ export class AtImportProcessor {
     await sMapEM.init();
     const userRole = syncDB.user.roles
       .split(',')
-      .reduce((rolesObj, role) => ({ [role]: true, ...rolesObj }), {});
+      .reduce((rolesObj, role) => ({ [role]: true, ...rolesObj }));
 
     const sMap = {
       // static mapping records between aTblId && ncId
@@ -666,7 +666,12 @@ export class AtImportProcessor {
         const view = { list: [] };
         view['list'] = await this.viewsService.viewList({
           tableId: table.id,
-          user: { roles: userRole },
+          user: {
+            roles: userRole,
+            project_roles: {
+              owner: true,
+            },
+          },
         });
         recordPerfStats(_perfStart, 'dbView.list');
 
@@ -745,7 +750,7 @@ export class AtImportProcessor {
               const srcTbl: any =
                 await this.tablesService.getTableWithAccessibleViews({
                   tableId: srcTableId,
-                  user: syncDB.user,
+                  user: { ...syncDB.user, project_roles: { owner: true } },
                 });
               recordPerfStats(_perfStart, 'dbTable.read');
 
@@ -829,7 +834,7 @@ export class AtImportProcessor {
               const childTblSchema: any =
                 await this.tablesService.getTableWithAccessibleViews({
                   tableId: ncLinkMappingTable[x].nc.childId,
-                  user: syncDB.user,
+                  user: { ...syncDB.user, project_roles: { owner: true } },
                 });
               recordPerfStats(_perfStart, 'dbTable.read');
 
@@ -837,7 +842,7 @@ export class AtImportProcessor {
               const parentTblSchema: any =
                 await this.tablesService.getTableWithAccessibleViews({
                   tableId: ncLinkMappingTable[x].nc.parentId,
-                  user: syncDB.user,
+                  user: { ...syncDB.user, project_roles: { owner: true } },
                 });
               recordPerfStats(_perfStart, 'dbTable.read');
 
@@ -1734,7 +1739,12 @@ export class AtImportProcessor {
           const viewList = { list: [] };
           viewList['list'] = await this.viewsService.viewList({
             tableId: tblId,
-            user: { roles: userRole },
+            user: {
+              roles: userRole,
+              project_roles: {
+                owner: true,
+              },
+            } as any,
           });
           recordPerfStats(_perfStart, 'dbView.list');
 
@@ -1854,7 +1864,7 @@ export class AtImportProcessor {
       const _perfStart = recordPerfStart();
       const ncTbl: any = await this.tablesService.getTableWithAccessibleViews({
         tableId: tblId,
-        user: syncDB.user,
+        user: { ...syncDB.user, project_roles: { owner: true } },
       });
       recordPerfStats(_perfStart, 'dbTable.read');
 
@@ -2328,7 +2338,7 @@ export class AtImportProcessor {
           ncTblList['list'] = await this.tablesService.getAccessibleTables({
             projectId: ncCreatedProjectSchema.id,
             baseId: syncDB.baseId,
-            roles: userRole,
+            roles: { ...userRole, owner: true },
           });
           recordPerfStats(_perfStart, 'base.tableList');
 
@@ -2348,7 +2358,7 @@ export class AtImportProcessor {
             const ncTbl: any =
               await this.tablesService.getTableWithAccessibleViews({
                 tableId: ncTblList.list[i].id,
-                user: syncDB.user,
+                user: { ...syncDB.user, project_roles: { owner: true } },
               });
             recordPerfStats(_perfStart, 'dbTable.read');
 
@@ -2383,7 +2393,7 @@ export class AtImportProcessor {
             const ncTbl: any =
               await this.tablesService.getTableWithAccessibleViews({
                 tableId: ncTblList.list[i].id,
-                user: syncDB.user,
+                user: { ...syncDB.user, project_roles: { owner: true } },
               });
 
             rtc.data.nestedLinks += await importLTARData({

packages/nocodb/src/services/tables.service.ts

@@ -1,6 +1,6 @@
 import { Injectable } from '@nestjs/common';
 import DOMPurify from 'isomorphic-dompurify';
-import { isLinksOrLTAR, isVirtualCol, ModelTypes, UITypes } from 'nocodb-sdk';
+import { isLinksOrLTAR, isVirtualCol, ModelTypes, ProjectRoles, UITypes } from 'nocodb-sdk'
 import { AppEvents } from 'nocodb-sdk';
 import { MetaDiffsService } from './meta-diffs.service';
 import { ColumnsService } from './columns.service';
@@ -328,7 +328,7 @@ export class TablesService {
     const tableViewMapping = viewList.reduce((o, view: any) => {
       o[view.fk_model_id] = o[view.fk_model_id] || 0;
       if (
-        Object.keys(param.roles).some(
+        Object.values(ProjectRoles).some(
           (role) => param.roles[role] && !view.disabled[role],
         )
       ) {

packages/nocodb/src/services/views.service.ts

@@ -1,5 +1,5 @@
 import { Injectable } from '@nestjs/common';
-import { AppEvents } from 'nocodb-sdk';
+import { AppEvents, ProjectRoles } from 'nocodb-sdk';
 import type {
   SharedViewReqType,
   UserType,
@@ -70,6 +70,7 @@ export class ViewsService {
     tableId: string;
     user: {
       roles: Record<string, boolean>;
+      project_roles: Record<string, boolean>;
     };
   }) {
     const model = await Model.get(param.tableId);
@@ -82,8 +83,9 @@ export class ViewsService {
     // todo: user roles
     //await View.list(param.tableId)
     const filteredViewList = viewList.filter((view: any) => {
-      return Object.keys(param?.user?.roles).some(
-        (role) => param?.user?.roles[role] && !view.disabled[role],
+      return Object.values(ProjectRoles).some(
+        (role) =>
+          param?.user?.['project_roles']?.[role] && !view.disabled[role],
       );
     });