SYNC: Merge pull request #9 from dbgate/feature/apps

2026-04-19 22:26:01 +00:00 · 2025-09-11 13:10:36 +02:00
parent ef15f299d2
commit 11a4f0ef32
40 changed files with 1770 additions and 754 deletions
--- a/packages/api/src/utility/hasPermission.js
+++ b/packages/api/src/utility/hasPermission.js
@@ -85,6 +85,16 @@ async function loadTablePermissionsFromRequest(req) {
  return tablePermissions;
 }

+async function loadFilePermissionsFromRequest(req) {
+  const authProvider = getAuthProviderFromReq(req);
+  if (!req) {
+    return null;
+  }
+
+  const filePermissions = await authProvider.getCurrentFilePermissions(req);
+  return filePermissions;
+}
+
 function matchDatabasePermissionRow(conid, database, permissionRow) {
  if (permissionRow.connection_id) {
    if (conid != permissionRow.connection_id) {
@@ -135,6 +145,27 @@ function matchTablePermissionRow(objectTypeField, schemaName, pureName, permissi
  return true;
 }

+function matchFilePermissionRow(folder, file, permissionRow) {
+  if (permissionRow.folder_name) {
+    if (folder != permissionRow.folder_name) {
+      return false;
+    }
+  }
+  if (permissionRow.file_names_list) {
+    const items = permissionRow.file_names_list.split('\n');
+    if (!items.find(item => item.trim()?.toLowerCase() === file?.toLowerCase())) {
+      return false;
+    }
+  }
+  if (permissionRow.file_names_regex) {
+    const regex = new RegExp(permissionRow.file_names_regex, 'i');
+    if (!regex.test(file)) {
+      return false;
+    }
+  }
+  return true;
+}
+
 const DATABASE_ROLE_ID_NAMES = {
  '-1': 'view',
  '-2': 'read_content',
@@ -143,6 +174,11 @@ const DATABASE_ROLE_ID_NAMES = {
  '-5': 'deny',
 };

+const FILE_ROLE_ID_NAMES = {
+  '-1': 'allow',
+  '-2': 'deny',
+};
+
 function getDatabaseRoleLevelIndex(roleName) {
  if (!roleName) {
    return 6;
@@ -198,6 +234,17 @@ function getDatabasePermissionRole(conid, database, loadedDatabasePermissions) {
  return res;
 }

+function getFilePermissionRole(folder, file, loadedFilePermissions) {
+  let res = 'deny';
+  for (const permissionRow of loadedFilePermissions) {
+    if (!matchFilePermissionRow(folder, file, permissionRow)) {
+      continue;
+    }
+    res = FILE_ROLE_ID_NAMES[permissionRow.file_permission_role_id];
+  }
+  return res;
+}
+
 const TABLE_ROLE_ID_NAMES = {
  '-1': 'read',
  '-2': 'update_only',
@@ -308,8 +355,10 @@ module.exports = {
  loadPermissionsFromRequest,
  loadDatabasePermissionsFromRequest,
  loadTablePermissionsFromRequest,
+  loadFilePermissionsFromRequest,
  getDatabasePermissionRole,
  getTablePermissionRole,
+  getFilePermissionRole,
  testStandardPermission,
  testDatabaseRolePermission,
  getTablePermissionRoleLevelIndex,