✨ feat(permissions): allow multiple permissions heirachy

dashpresshq · Dec 24, 2023 · f910d02 · f910d02
1 parent 00ce429
commit f910d02
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 57 deletions.
diff --git a/src/backend/dashboard-widgets/dashboard-widgets.service.ts b/src/backend/dashboard-widgets/dashboard-widgets.service.ts
@@ -65,10 +65,6 @@ export class DashboardWidgetsApiService implements IApplicationService {
     await this._dashboardWidgetsPersistenceService.setup();
   }
 
-  private getDataAccessInstance() {
-    return this._rDBMSApiDataService;
-  }
-
   async runScript(
     script$1: string,
     currentUser: IAccountProfile,
@@ -86,8 +82,10 @@ export class DashboardWidgetsApiService implements IApplicationService {
     return (
       (await runAsyncJavascriptString(script, {
         currentUser,
-        query: async (sql: string) =>
-          await this.getDataAccessInstance().runQuery(sql),
+        query: async (sql: string) => {
+          await RDBMSDataApiService.getInstance();
+          return await this._rDBMSApiDataService.runQuery(sql);
+        },
       })) || "{}"
     );
   }

diff --git a/src/backend/menu/menu.service.ts b/src/backend/menu/menu.service.ts
@@ -1,6 +1,5 @@
 import { IApplicationService } from "backend/types";
 import { nanoid } from "nanoid";
-import { canRoleDoThisSync } from "shared/logic/permissions";
 import {
   INavigationMenuItem,
   NavigationMenuItemType,
@@ -152,46 +151,30 @@ export class NavigationMenuApiService
 
   async filterOutUserMenuItems(
     userRole: string,
-    navItems: INavigationMenuItem[]
-  ) {
-    return this.filterMenuItemsBasedOnPermissions(
-      userRole,
-      navItems,
-      await this._rolesApiService.getRolePermissions(userRole)
-    );
-  }
-
-  private filterMenuItemsBasedOnPermissions(
-    userRole: string,
-    menuItems: INavigationMenuItem[],
-    userPermissions: string[]
-  ): INavigationMenuItem[] {
-    return menuItems.reduce((allowedMenuItems, menuItem) => {
+    menuItems: INavigationMenuItem[]
+  ): Promise<INavigationMenuItem[]> {
+    const allowedMenuItems: INavigationMenuItem[] = [];
+    for (const menuItem of menuItems) {
       if (menuItem.children) {
         // eslint-disable-next-line no-param-reassign
-        menuItem.children = this.filterMenuItemsBasedOnPermissions(
+        menuItem.children = await this.filterOutUserMenuItems(
           userRole,
-          menuItem.children,
-          userPermissions
+          menuItem.children
         );
       }
-      if (this.isMenuItemAllowed(menuItem, userRole, userPermissions)) {
-        return [...allowedMenuItems, menuItem];
+
+      if (await this.isMenuItemAllowed(menuItem, userRole)) {
+        allowedMenuItems.push(menuItem);
       }
-      return allowedMenuItems;
-    }, []);
+    }
+    return allowedMenuItems;
   }
 
   private async isMenuItemAllowed(
     menuItem: INavigationMenuItem,
-    userRole: string,
-    userPermissions: string[]
+    userRole: string
   ): Promise<boolean> {
-    const isMenuAllowed = await portalCheckIfIsMenuAllowed(
-      menuItem,
-      userRole,
-      userPermissions
-    );
+    const isMenuAllowed = await portalCheckIfIsMenuAllowed(menuItem, userRole);
 
     if (typeof isMenuAllowed === "boolean") {
       return isMenuAllowed;
@@ -201,20 +184,18 @@ export class NavigationMenuApiService
       case NavigationMenuItemType.Header:
         return true;
       case NavigationMenuItemType.System:
-        return canRoleDoThisSync(
+        return await this._rolesApiService.canRoleDoThis(
           userRole,
-          SYSTEM_LINKS_CONFIG_MAP[menuItem.link as SystemLinks].permission,
-          userPermissions
+          SYSTEM_LINKS_CONFIG_MAP[menuItem.link as SystemLinks].permission
         );
 
       case NavigationMenuItemType.Entities:
-        return canRoleDoThisSync(
+        return await this._rolesApiService.canRoleDoThis(
           userRole,
           META_USER_PERMISSIONS.APPLIED_CAN_ACCESS_ENTITY(
             menuItem.link,
             GranularEntityPermissions.Show
-          ),
-          userPermissions
+          )
         );
       default:
         return false;

diff --git a/src/backend/menu/portal/main.ts b/src/backend/menu/portal/main.ts
@@ -4,10 +4,9 @@ import { IBaseNavigationMenuApiService } from "../types";
 
 export const portalCheckIfIsMenuAllowed = async (
   menuItem: INavigationMenuItem,
-  userRole: string,
-  userPermissions: string[]
+  userRole: string
 ): Promise<boolean | undefined> => {
-  noop(menuItem, userRole, userPermissions);
+  noop(menuItem, userRole);
   return undefined;
 };
 

diff --git a/src/frontend/_layouts/app/LayoutImpl/constants.ts b/src/frontend/_layouts/app/LayoutImpl/constants.ts
@@ -1,5 +1,5 @@
 export const SIDE_BAR_WIDTH_VARIATIONS = {
-  full: 205,
+  full: 235,
   collapsed: 55,
 };
 

diff --git a/src/frontend/views/roles/Permissions/MutatePermission.tsx b/src/frontend/views/roles/Permissions/MutatePermission.tsx
@@ -43,19 +43,15 @@ export const getPermissionChildren = (
 ): string[] => {
   permissions.push(permission);
 
-  const permissionHeirachy = PERMISSION_HEIRACHIES.find(
+  const permissionHeirachies = PERMISSION_HEIRACHIES.filter(
     (value) => value[mainKey === 1 ? 0 : 1] === permission
   );
 
-  if (!permissionHeirachy) {
-    return permissions;
-  }
+  permissionHeirachies.forEach((permissionHeirachy) => {
+    getPermissionChildren(permissionHeirachy[mainKey], mainKey, permissions);
+  });
 
-  return getPermissionChildren(
-    permissionHeirachy[mainKey],
-    mainKey,
-    permissions
-  );
+  return permissions;
 };
 
 export function MutatePermission({

diff --git a/src/shared/constants/Icons.ts b/src/shared/constants/Icons.ts
@@ -23,6 +23,7 @@ export const SystemIcons = {
   Heart: `<path d="M20.84 4.61c-.995-.996-2.371-1.612-3.89-1.612s-2.895.616-3.89 1.612L12 5.67l-1.06-1.06a5.501 5.501 0 00-7.78 7.78L12 21.23l8.84-8.84c.996-.995 1.612-2.371 1.612-3.89s-.616-2.895-1.612-3.89h0z" />`,
   Home: `<path d="M3 9l9-7 9 7v11a2 2 0 01-2 2v0H5a2 2 0 01-2-2v0z" /><path d="M9 22V12h6v10" /><path d="M9 22V12h6v10" />`,
   Image: `<path d="M5 3h14a2 2 0 012 2v14a2 2 0 01-2 2H5a2 2 0 01-2-2V5a2 2 0 012-2z" /><path d="M10 8.5a1.5 1.5 0 11-3.001-.001A1.5 1.5 0 0110 8.5zM21 15l-5-5L5 21" />`,
+  Flow: `<path d="M21 18a3 3 0 11-6 0 3 3 0 016 0zM9 6a3 3 0 11-6 0 3 3 0 016 0z" /><path d="M13 6h3a2 2 0 012 2v7M6 9v12" />`,
   Info: `<path d="M22 12c0 5.523-4.477 10-10 10S2 17.523 2 12 6.477 2 12 2s10 4.477 10 10zM12 16v-4M12 8h.01" />`,
   Link: `<path d="M10 13a4.998 4.998 0 007.54.54l3-3a5 5 0 00-7.071-7.069l.001-.001-1.72 1.71" /><path d="M14 11a4.998 4.998 0 00-7.54-.54l-3 3a5 5 0 007.071 7.069l-.001.001 1.71-1.71" />`,
   Lock: `<path d="M5 11h14a2 2 0 012 2v7a2 2 0 01-2 2H5a2 2 0 01-2-2v-7a2 2 0 012-2zM7 11V7a5 5 0 0110 0v4" />`,

diff --git a/src/shared/constants/menu.ts b/src/shared/constants/menu.ts
@@ -1,13 +1,13 @@
 import { ActionIntegrationKeys } from "shared/types/actions";
 import { SystemLinks } from "shared/types/menu";
 import { NAVIGATION_LINKS } from "frontend/lib/routing/links";
-import { USER_PERMISSIONS } from "./user";
+import { META_USER_PERMISSIONS, USER_PERMISSIONS } from "./user";
 
 export const SYSTEM_LINKS_CONFIG_MAP: Record<
   SystemLinks,
   {
     link: string;
-    permission?: string;
+    permission: string;
   }
 > = {
   [SystemLinks.Settings]: {
@@ -16,6 +16,7 @@ export const SYSTEM_LINKS_CONFIG_MAP: Record<
   },
   [SystemLinks.Home]: {
     link: NAVIGATION_LINKS.DASHBOARD.HOME,
+    permission: META_USER_PERMISSIONS.NO_PERMISSION_REQUIRED,
   },
   [SystemLinks.Roles]: {
     link: NAVIGATION_LINKS.ROLES.LIST,