From ee40f32b0c64d3d15c047d323734cabc7d7dc3db Mon Sep 17 00:00:00 2001 From: "SPRINX0\\prochazka" Date: Fri, 22 Aug 2025 10:33:01 +0200 Subject: [PATCH] SYNC: fixed permission check, new permission test --- e2e-tests/cypress/e2e/team.cy.js | 23 ++++++++++++++ packages/api/src/utility/hasPermission.js | 30 ++++++++++++++----- packages/web/src/elements/TableControl.svelte | 1 + 3 files changed, 46 insertions(+), 8 deletions(-) diff --git a/e2e-tests/cypress/e2e/team.cy.js b/e2e-tests/cypress/e2e/team.cy.js index 074f3b7fc..3321e22c4 100644 --- a/e2e-tests/cypress/e2e/team.cy.js +++ b/e2e-tests/cypress/e2e/team.cy.js @@ -119,4 +119,27 @@ describe('Team edition tests', () => { cy.contains('Exporting query').click(); cy.themeshot('auditlog'); }); + + it('Edit database permissions', () => { + cy.testid('LoginPage_linkAdmin').click(); + cy.testid('LoginPage_password').type('adminpwd'); + cy.testid('LoginPage_submitLogin').click(); + + cy.testid('AdminMenuWidget_itemRoles').click(); + cy.testid('AdminRolesTab_table').contains('superadmin').click(); + cy.testid('AdminRolesTab_databases').click(); + + cy.testid('AdminDatabasesPermissionsGrid_addButton').click(); + cy.testid('AdminDatabasesPermissionsGrid_addButton').click(); + cy.testid('AdminDatabasesPermissionsGrid_addButton').click(); + + cy.testid('AdminListOrRegexEditor_1_regexInput').type('^Chinook[\\d]*$'); + cy.testid('AdminListOrRegexEditor_2_listSwitch').click(); + cy.testid('AdminListOrRegexEditor_2_listInput').type('Nortwind\nSales'); + cy.testid('AdminDatabasesPermissionsGrid_roleSelect_0').select('-2'); + cy.testid('AdminDatabasesPermissionsGrid_roleSelect_1').select('-3'); + cy.testid('AdminDatabasesPermissionsGrid_roleSelect_2').select('-4'); + + cy.themeshot('dbpermissions'); + }); }); diff --git a/packages/api/src/utility/hasPermission.js b/packages/api/src/utility/hasPermission.js index 043d44fb0..316e46810 100644 --- a/packages/api/src/utility/hasPermission.js +++ b/packages/api/src/utility/hasPermission.js @@ -48,11 +48,14 @@ async function testConnectionPermission(connection, req, loadedPermissions) { return; } const conid = _.isString(connection) ? connection : connection?._id; + if (hasPermission('internal-storage', loadedPermissions) && conid == '__storage') { + return; + } const authProvider = getAuthProviderFromReq(req); if (!req) { return; } - if (!await authProvider.checkCurrentConnectionPermission(req, conid)) { + if (!(await authProvider.checkCurrentConnectionPermission(req, conid))) { throw new Error('Connection permission not granted'); } } else { @@ -215,11 +218,23 @@ const TABLE_SCOPE_ID_NAMES = { '-9': 'collections', }; -function getTablePermissionRole(conid, database, objectTypeField, schemaName, pureName, loadedTablePermissions, databasePermissionRole) { - let res = databasePermissionRole == 'read_content' ? 'read' : - databasePermissionRole == 'write_data' ? 'create_update_delete' : - databasePermissionRole == 'run_script' ? 'run_script' : - 'deny'; +function getTablePermissionRole( + conid, + database, + objectTypeField, + schemaName, + pureName, + loadedTablePermissions, + databasePermissionRole +) { + let res = + databasePermissionRole == 'read_content' + ? 'read' + : databasePermissionRole == 'write_data' + ? 'create_update_delete' + : databasePermissionRole == 'run_script' + ? 'run_script' + : 'deny'; for (const permissionRow of loadedTablePermissions) { if (!matchDatabasePermissionRow(conid, database, permissionRow)) { continue; @@ -286,7 +301,6 @@ async function testDatabaseRolePermission(conid, database, requiredRole, req) { } } - module.exports = { hasPermission, connectionHasPermission, @@ -298,5 +312,5 @@ module.exports = { getTablePermissionRole, testStandardPermission, testDatabaseRolePermission, - getTablePermissionRoleLevelIndex + getTablePermissionRoleLevelIndex, }; diff --git a/packages/web/src/elements/TableControl.svelte b/packages/web/src/elements/TableControl.svelte index f760c30b9..ab0544281 100644 --- a/packages/web/src/elements/TableControl.svelte +++ b/packages/web/src/elements/TableControl.svelte @@ -199,6 +199,7 @@ tabindex={selectable ? -1 : undefined} on:keydown={handleKeyDown} class:stickyHeader + data-testid={$$props['data-testid']} >