2022-09-21 01:20:29 -07:00
|
|
|
/**
|
|
|
|
|
* Permissions table implementation
|
|
|
|
|
*
|
|
|
|
|
* @usage getCredentialPermissions(user, credential).isOwner;
|
|
|
|
|
*/
|
|
|
|
|
|
2023-04-24 03:18:24 -07:00
|
|
|
import type { IUser, ICredentialsResponse, IWorkflowDb } from '@/Interface';
|
2022-11-15 04:25:04 -08:00
|
|
|
import { EnterpriseEditionFeature, PLACEHOLDER_EMPTY_WORKFLOW_ID } from '@/constants';
|
2023-11-23 03:22:47 -08:00
|
|
|
import { useSettingsStore } from '@/stores/settings.store';
|
2023-12-08 03:52:25 -08:00
|
|
|
import { hasPermission } from './rbac/permissions';
|
2023-11-23 03:22:47 -08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Old permissions implementation
|
|
|
|
|
* @deprecated
|
|
|
|
|
*/
|
2022-09-21 01:20:29 -07:00
|
|
|
|
2023-04-21 04:23:15 -07:00
|
|
|
export const enum UserRole {
|
2022-09-21 01:20:29 -07:00
|
|
|
InstanceOwner = 'isInstanceOwner',
|
|
|
|
|
ResourceOwner = 'isOwner',
|
|
|
|
|
ResourceEditor = 'isEditor',
|
2022-12-21 07:42:07 -08:00
|
|
|
ResourceSharee = 'isSharee',
|
2022-09-21 01:20:29 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export type IPermissions = Record<string, boolean>;
|
|
|
|
|
|
|
|
|
|
type IPermissionsTableRowTestFn = (permissions: IPermissions) => boolean;
|
|
|
|
|
|
|
|
|
|
export interface IPermissionsTableRow {
|
|
|
|
|
name: string;
|
|
|
|
|
test: string[] | IPermissionsTableRowTestFn;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export type IPermissionsTable = IPermissionsTableRow[];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the permissions for the given user and resource
|
|
|
|
|
*
|
|
|
|
|
* @param user
|
|
|
|
|
* @param table
|
|
|
|
|
*/
|
2022-11-15 04:25:04 -08:00
|
|
|
export const parsePermissionsTable = (
|
|
|
|
|
user: IUser | null,
|
|
|
|
|
table: IPermissionsTable,
|
|
|
|
|
): IPermissions => {
|
2023-11-23 03:22:47 -08:00
|
|
|
const genericTable: IPermissionsTable = [
|
|
|
|
|
{ name: UserRole.InstanceOwner, test: () => !!user?.isOwner },
|
|
|
|
|
];
|
2022-09-21 01:20:29 -07:00
|
|
|
|
2023-11-23 03:22:47 -08:00
|
|
|
return [...genericTable, ...table].reduce(
|
|
|
|
|
(permissions: IPermissions, row: IPermissionsTableRow) => {
|
|
|
|
|
permissions[row.name] = Array.isArray(row.test)
|
|
|
|
|
? row.test.some((ability) => permissions[ability])
|
|
|
|
|
: row.test(permissions);
|
2022-09-21 01:20:29 -07:00
|
|
|
|
2023-11-23 03:22:47 -08:00
|
|
|
return permissions;
|
|
|
|
|
},
|
|
|
|
|
{},
|
|
|
|
|
);
|
2022-09-21 01:20:29 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* User permissions definition
|
|
|
|
|
*/
|
|
|
|
|
|
2022-11-15 04:25:04 -08:00
|
|
|
export const getCredentialPermissions = (user: IUser | null, credential: ICredentialsResponse) => {
|
2022-11-04 06:04:31 -07:00
|
|
|
const settingsStore = useSettingsStore();
|
2022-11-22 03:40:20 -08:00
|
|
|
const isSharingEnabled = settingsStore.isEnterpriseFeatureEnabled(
|
|
|
|
|
EnterpriseEditionFeature.Sharing,
|
|
|
|
|
);
|
|
|
|
|
|
2022-09-21 01:20:29 -07:00
|
|
|
const table: IPermissionsTable = [
|
2022-11-22 03:40:20 -08:00
|
|
|
{
|
|
|
|
|
name: UserRole.ResourceOwner,
|
2023-11-23 03:22:47 -08:00
|
|
|
test: () => !!(credential?.ownedBy?.id === user?.id) || !isSharingEnabled,
|
2022-11-15 04:25:04 -08:00
|
|
|
},
|
|
|
|
|
{
|
2022-12-21 07:42:07 -08:00
|
|
|
name: UserRole.ResourceSharee,
|
2022-11-15 04:25:04 -08:00
|
|
|
test: () => !!credential?.sharedWith?.find((sharee) => sharee.id === user?.id),
|
2022-09-21 01:20:29 -07:00
|
|
|
},
|
2023-11-28 02:44:55 -08:00
|
|
|
{
|
2023-12-08 03:52:25 -08:00
|
|
|
name: 'read',
|
|
|
|
|
test: (permissions) =>
|
|
|
|
|
hasPermission(['rbac'], { rbac: { scope: 'credential:read' } }) || !!permissions.isOwner,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: 'save',
|
|
|
|
|
test: (permissions) =>
|
|
|
|
|
hasPermission(['rbac'], { rbac: { scope: 'credential:create' } }) || !!permissions.isOwner,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: 'update',
|
2023-11-29 07:36:49 -08:00
|
|
|
test: (permissions) => !!permissions.isOwner,
|
2023-11-28 02:44:55 -08:00
|
|
|
},
|
2023-12-08 03:52:25 -08:00
|
|
|
{
|
|
|
|
|
name: 'share',
|
|
|
|
|
test: (permissions) =>
|
|
|
|
|
hasPermission(['rbac'], { rbac: { scope: 'credential:share' } }) || !!permissions.isOwner,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: 'delete',
|
|
|
|
|
test: (permissions) =>
|
|
|
|
|
hasPermission(['rbac'], { rbac: { scope: 'credential:delete' } }) || !!permissions.isOwner,
|
|
|
|
|
},
|
2023-12-14 04:36:36 -08:00
|
|
|
{
|
|
|
|
|
name: 'use',
|
|
|
|
|
test: (permissions) => !!permissions.isOwner || !!permissions.isSharee,
|
|
|
|
|
},
|
2022-09-21 01:20:29 -07:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
return parsePermissionsTable(user, table);
|
|
|
|
|
};
|
2022-10-18 06:28:21 -07:00
|
|
|
|
2022-11-15 04:25:04 -08:00
|
|
|
export const getWorkflowPermissions = (user: IUser | null, workflow: IWorkflowDb) => {
|
|
|
|
|
const settingsStore = useSettingsStore();
|
2022-11-22 03:40:20 -08:00
|
|
|
const isSharingEnabled = settingsStore.isEnterpriseFeatureEnabled(
|
2022-12-21 07:42:07 -08:00
|
|
|
EnterpriseEditionFeature.Sharing,
|
2022-11-22 03:40:20 -08:00
|
|
|
);
|
2022-11-15 04:25:04 -08:00
|
|
|
const isNewWorkflow = workflow.id === PLACEHOLDER_EMPTY_WORKFLOW_ID;
|
|
|
|
|
|
2022-10-18 06:28:21 -07:00
|
|
|
const table: IPermissionsTable = [
|
2022-11-22 03:40:20 -08:00
|
|
|
{
|
|
|
|
|
name: UserRole.ResourceOwner,
|
2023-11-23 03:22:47 -08:00
|
|
|
test: () => !!(isNewWorkflow || workflow?.ownedBy?.id === user?.id) || !isSharingEnabled,
|
2022-11-15 04:25:04 -08:00
|
|
|
},
|
|
|
|
|
{
|
2023-11-23 03:22:47 -08:00
|
|
|
name: 'updateSharing',
|
2023-12-08 03:52:25 -08:00
|
|
|
test: (permissions) =>
|
|
|
|
|
hasPermission(['rbac'], { rbac: { scope: 'workflow:share' } }) || !!permissions.isOwner,
|
2022-10-18 06:28:21 -07:00
|
|
|
},
|
|
|
|
|
{
|
2023-11-23 03:22:47 -08:00
|
|
|
name: 'delete',
|
2023-12-08 03:52:25 -08:00
|
|
|
test: (permissions) =>
|
|
|
|
|
hasPermission(['rbac'], { rbac: { scope: 'workflow:delete' } }) || !!permissions.isOwner,
|
2022-11-22 03:40:20 -08:00
|
|
|
},
|
2022-10-18 06:28:21 -07:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
return parsePermissionsTable(user, table);
|
|
|
|
|
};
|
2023-04-18 03:41:55 -07:00
|
|
|
|
|
|
|
|
export const getVariablesPermissions = (user: IUser | null) => {
|
|
|
|
|
const table: IPermissionsTable = [
|
2023-12-08 03:52:25 -08:00
|
|
|
{ name: 'create', test: () => hasPermission(['rbac'], { rbac: { scope: 'variable:create' } }) },
|
|
|
|
|
{ name: 'edit', test: () => hasPermission(['rbac'], { rbac: { scope: 'variable:update' } }) },
|
|
|
|
|
{ name: 'delete', test: () => hasPermission(['rbac'], { rbac: { scope: 'variable:delete' } }) },
|
|
|
|
|
{ name: 'use', test: () => hasPermission(['rbac'], { rbac: { scope: 'variable:read' } }) },
|
2023-04-18 03:41:55 -07:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
return parsePermissionsTable(user, table);
|
|
|
|
|
};
|
