Browse Source

Merge pull request #6318 from nocodb/fix/6306-ui-acl

Fix  : Broken UI ACL
pull/6320/head
Raju Udava 1 year ago committed by GitHub
parent
commit
cb77853517
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      packages/nocodb/src/cache/RedisCacheMgr.ts
  2. 2
      packages/nocodb/src/cache/RedisMockCacheMgr.ts
  3. 2
      packages/nocodb/src/controllers/tables.controller.ts
  4. 8
      packages/nocodb/src/models/ModelRoleVisibility.ts
  5. 30
      packages/nocodb/src/modules/jobs/jobs/at-import/at-import.processor.ts
  6. 4
      packages/nocodb/src/services/tables.service.ts
  7. 8
      packages/nocodb/src/services/views.service.ts

2
packages/nocodb/src/cache/RedisCacheMgr.ts vendored

@ -178,7 +178,7 @@ export default class RedisCacheMgr extends CacheMgr {
let getKey = `${this.prefix}:${scope}:${o.id}`; let getKey = `${this.prefix}:${scope}:${o.id}`;
// special case - MODEL_ROLE_VISIBILITY // special case - MODEL_ROLE_VISIBILITY
if (scope === CacheScope.MODEL_ROLE_VISIBILITY) { if (scope === CacheScope.MODEL_ROLE_VISIBILITY) {
getKey = `${this.prefix}:${scope}:${o.id}:${o.role}`; getKey = `${this.prefix}:${scope}:${o.fk_view_id}:${o.role}`;
} }
// set Get Key // set Get Key
log(`RedisCacheMgr::setList: setting key ${getKey}`); log(`RedisCacheMgr::setList: setting key ${getKey}`);

2
packages/nocodb/src/cache/RedisMockCacheMgr.ts vendored

@ -174,7 +174,7 @@ export default class RedisMockCacheMgr extends CacheMgr {
let getKey = `${this.prefix}:${scope}:${o.id}`; let getKey = `${this.prefix}:${scope}:${o.id}`;
// special case - MODEL_ROLE_VISIBILITY // special case - MODEL_ROLE_VISIBILITY
if (scope === CacheScope.MODEL_ROLE_VISIBILITY) { if (scope === CacheScope.MODEL_ROLE_VISIBILITY) {
getKey = `${this.prefix}:${scope}:${o.id}:${o.role}`; getKey = `${this.prefix}:${scope}:${o.fk_view_id}:${o.role}`;
} }
// set Get Key // set Get Key
log(`RedisMockCacheMgr::setList: setting key ${getKey}`); log(`RedisMockCacheMgr::setList: setting key ${getKey}`);

2
packages/nocodb/src/controllers/tables.controller.ts

@ -38,7 +38,7 @@ export class TablesController {
projectId, projectId,
baseId, baseId,
includeM2M: includeM2M === 'true', includeM2M: includeM2M === 'true',
roles: extractRolesObj(req.user.roles), roles: extractRolesObj(req.user.project_roles),
}), }),
); );
} }

8
packages/nocodb/src/models/ModelRoleVisibility.ts

@ -147,17 +147,21 @@ export default class ModelRoleVisibility implements ModelRoleVisibilityType {
insertObj.base_id = view.base_id; insertObj.base_id = view.base_id;
} }
await ncMeta.metaInsert2( const result = await ncMeta.metaInsert2(
null, null,
null, null,
MetaTable.MODEL_ROLE_VISIBILITY, MetaTable.MODEL_ROLE_VISIBILITY,
insertObj, insertObj,
); );
const key = `${CacheScope.MODEL_ROLE_VISIBILITY}:${body.fk_view_id}:${body.role}`;
insertObj.id = result.id;
await NocoCache.appendToList( await NocoCache.appendToList(
CacheScope.MODEL_ROLE_VISIBILITY, CacheScope.MODEL_ROLE_VISIBILITY,
[insertObj.project_id], [insertObj.project_id],
`${CacheScope.MODEL_ROLE_VISIBILITY}:${body.fk_view_id}:${body.role}`, key,
); );
return this.get( return this.get(

30
packages/nocodb/src/modules/jobs/jobs/at-import/at-import.processor.ts

@ -113,7 +113,7 @@ export class AtImportProcessor {
await sMapEM.init(); await sMapEM.init();
const userRole = syncDB.user.roles const userRole = syncDB.user.roles
.split(',') .split(',')
.reduce((rolesObj, role) => ({ [role]: true, ...rolesObj }), {}); .reduce((rolesObj, role) => ({ [role]: true, ...rolesObj }));
const sMap = { const sMap = {
// static mapping records between aTblId && ncId // static mapping records between aTblId && ncId
@ -666,7 +666,12 @@ export class AtImportProcessor {
const view = { list: [] }; const view = { list: [] };
view['list'] = await this.viewsService.viewList({ view['list'] = await this.viewsService.viewList({
tableId: table.id, tableId: table.id,
user: { roles: userRole }, user: {
roles: userRole,
project_roles: {
owner: true,
},
},
}); });
recordPerfStats(_perfStart, 'dbView.list'); recordPerfStats(_perfStart, 'dbView.list');
@ -745,7 +750,7 @@ export class AtImportProcessor {
const srcTbl: any = const srcTbl: any =
await this.tablesService.getTableWithAccessibleViews({ await this.tablesService.getTableWithAccessibleViews({
tableId: srcTableId, tableId: srcTableId,
user: syncDB.user, user: { ...syncDB.user, project_roles: { owner: true } },
}); });
recordPerfStats(_perfStart, 'dbTable.read'); recordPerfStats(_perfStart, 'dbTable.read');
@ -829,7 +834,7 @@ export class AtImportProcessor {
const childTblSchema: any = const childTblSchema: any =
await this.tablesService.getTableWithAccessibleViews({ await this.tablesService.getTableWithAccessibleViews({
tableId: ncLinkMappingTable[x].nc.childId, tableId: ncLinkMappingTable[x].nc.childId,
user: syncDB.user, user: { ...syncDB.user, project_roles: { owner: true } },
}); });
recordPerfStats(_perfStart, 'dbTable.read'); recordPerfStats(_perfStart, 'dbTable.read');
@ -837,7 +842,7 @@ export class AtImportProcessor {
const parentTblSchema: any = const parentTblSchema: any =
await this.tablesService.getTableWithAccessibleViews({ await this.tablesService.getTableWithAccessibleViews({
tableId: ncLinkMappingTable[x].nc.parentId, tableId: ncLinkMappingTable[x].nc.parentId,
user: syncDB.user, user: { ...syncDB.user, project_roles: { owner: true } },
}); });
recordPerfStats(_perfStart, 'dbTable.read'); recordPerfStats(_perfStart, 'dbTable.read');
@ -1734,7 +1739,12 @@ export class AtImportProcessor {
const viewList = { list: [] }; const viewList = { list: [] };
viewList['list'] = await this.viewsService.viewList({ viewList['list'] = await this.viewsService.viewList({
tableId: tblId, tableId: tblId,
user: { roles: userRole }, user: {
roles: userRole,
project_roles: {
owner: true,
},
} as any,
}); });
recordPerfStats(_perfStart, 'dbView.list'); recordPerfStats(_perfStart, 'dbView.list');
@ -1854,7 +1864,7 @@ export class AtImportProcessor {
const _perfStart = recordPerfStart(); const _perfStart = recordPerfStart();
const ncTbl: any = await this.tablesService.getTableWithAccessibleViews({ const ncTbl: any = await this.tablesService.getTableWithAccessibleViews({
tableId: tblId, tableId: tblId,
user: syncDB.user, user: { ...syncDB.user, project_roles: { owner: true } },
}); });
recordPerfStats(_perfStart, 'dbTable.read'); recordPerfStats(_perfStart, 'dbTable.read');
@ -2328,7 +2338,7 @@ export class AtImportProcessor {
ncTblList['list'] = await this.tablesService.getAccessibleTables({ ncTblList['list'] = await this.tablesService.getAccessibleTables({
projectId: ncCreatedProjectSchema.id, projectId: ncCreatedProjectSchema.id,
baseId: syncDB.baseId, baseId: syncDB.baseId,
roles: userRole, roles: { ...userRole, owner: true },
}); });
recordPerfStats(_perfStart, 'base.tableList'); recordPerfStats(_perfStart, 'base.tableList');
@ -2348,7 +2358,7 @@ export class AtImportProcessor {
const ncTbl: any = const ncTbl: any =
await this.tablesService.getTableWithAccessibleViews({ await this.tablesService.getTableWithAccessibleViews({
tableId: ncTblList.list[i].id, tableId: ncTblList.list[i].id,
user: syncDB.user, user: { ...syncDB.user, project_roles: { owner: true } },
}); });
recordPerfStats(_perfStart, 'dbTable.read'); recordPerfStats(_perfStart, 'dbTable.read');
@ -2383,7 +2393,7 @@ export class AtImportProcessor {
const ncTbl: any = const ncTbl: any =
await this.tablesService.getTableWithAccessibleViews({ await this.tablesService.getTableWithAccessibleViews({
tableId: ncTblList.list[i].id, tableId: ncTblList.list[i].id,
user: syncDB.user, user: { ...syncDB.user, project_roles: { owner: true } },
}); });
rtc.data.nestedLinks += await importLTARData({ rtc.data.nestedLinks += await importLTARData({

4
packages/nocodb/src/services/tables.service.ts

@ -1,6 +1,6 @@
import { Injectable } from '@nestjs/common'; import { Injectable } from '@nestjs/common';
import DOMPurify from 'isomorphic-dompurify'; import DOMPurify from 'isomorphic-dompurify';
import { isLinksOrLTAR, isVirtualCol, ModelTypes, UITypes } from 'nocodb-sdk'; import { isLinksOrLTAR, isVirtualCol, ModelTypes, ProjectRoles, UITypes } from 'nocodb-sdk'
import { AppEvents } from 'nocodb-sdk'; import { AppEvents } from 'nocodb-sdk';
import { MetaDiffsService } from './meta-diffs.service'; import { MetaDiffsService } from './meta-diffs.service';
import { ColumnsService } from './columns.service'; import { ColumnsService } from './columns.service';
@ -328,7 +328,7 @@ export class TablesService {
const tableViewMapping = viewList.reduce((o, view: any) => { const tableViewMapping = viewList.reduce((o, view: any) => {
o[view.fk_model_id] = o[view.fk_model_id] || 0; o[view.fk_model_id] = o[view.fk_model_id] || 0;
if ( if (
Object.keys(param.roles).some( Object.values(ProjectRoles).some(
(role) => param.roles[role] && !view.disabled[role], (role) => param.roles[role] && !view.disabled[role],
) )
) { ) {

8
packages/nocodb/src/services/views.service.ts

@ -1,5 +1,5 @@
import { Injectable } from '@nestjs/common'; import { Injectable } from '@nestjs/common';
import { AppEvents } from 'nocodb-sdk'; import { AppEvents, ProjectRoles } from 'nocodb-sdk';
import type { import type {
SharedViewReqType, SharedViewReqType,
UserType, UserType,
@ -70,6 +70,7 @@ export class ViewsService {
tableId: string; tableId: string;
user: { user: {
roles: Record<string, boolean>; roles: Record<string, boolean>;
project_roles: Record<string, boolean>;
}; };
}) { }) {
const model = await Model.get(param.tableId); const model = await Model.get(param.tableId);
@ -82,8 +83,9 @@ export class ViewsService {
// todo: user roles // todo: user roles
//await View.list(param.tableId) //await View.list(param.tableId)
const filteredViewList = viewList.filter((view: any) => { const filteredViewList = viewList.filter((view: any) => {
return Object.keys(param?.user?.roles).some( return Object.values(ProjectRoles).some(
(role) => param?.user?.roles[role] && !view.disabled[role], (role) =>
param?.user?.['project_roles']?.[role] && !view.disabled[role],
); );
}); });

Loading…
Cancel
Save