SYNC: fixed permission check, new permission test

e2e-tests/cypress/e2e/team.cy.js

@@ -119,4 +119,27 @@ describe('Team edition tests', () => {
     cy.contains('Exporting query').click();
     cy.themeshot('auditlog');
   });
+
+  it('Edit database permissions', () => {
+    cy.testid('LoginPage_linkAdmin').click();
+    cy.testid('LoginPage_password').type('adminpwd');
+    cy.testid('LoginPage_submitLogin').click();
+
+    cy.testid('AdminMenuWidget_itemRoles').click();
+    cy.testid('AdminRolesTab_table').contains('superadmin').click();
+    cy.testid('AdminRolesTab_databases').click();
+
+    cy.testid('AdminDatabasesPermissionsGrid_addButton').click();
+    cy.testid('AdminDatabasesPermissionsGrid_addButton').click();
+    cy.testid('AdminDatabasesPermissionsGrid_addButton').click();
+    
+    cy.testid('AdminListOrRegexEditor_1_regexInput').type('^Chinook[\\d]*$');
+    cy.testid('AdminListOrRegexEditor_2_listSwitch').click();
+    cy.testid('AdminListOrRegexEditor_2_listInput').type('Nortwind\nSales');
+    cy.testid('AdminDatabasesPermissionsGrid_roleSelect_0').select('-2');
+    cy.testid('AdminDatabasesPermissionsGrid_roleSelect_1').select('-3');
+    cy.testid('AdminDatabasesPermissionsGrid_roleSelect_2').select('-4');
+
+    cy.themeshot('dbpermissions');
+  });
 });

packages/api/src/utility/hasPermission.js

@@ -48,11 +48,14 @@ async function testConnectionPermission(connection, req, loadedPermissions) {
       return;
     }
     const conid = _.isString(connection) ? connection : connection?._id;
+    if (hasPermission('internal-storage', loadedPermissions) && conid == '__storage') {
+      return;
+    }
     const authProvider = getAuthProviderFromReq(req);
     if (!req) {
       return;
     }
-    if (!await authProvider.checkCurrentConnectionPermission(req, conid)) {
+    if (!(await authProvider.checkCurrentConnectionPermission(req, conid))) {
       throw new Error('Connection permission not granted');
     }
   } else {
@@ -215,11 +218,23 @@ const TABLE_SCOPE_ID_NAMES = {
   '-9': 'collections',
 };
 
-function getTablePermissionRole(conid, database, objectTypeField, schemaName, pureName, loadedTablePermissions, databasePermissionRole) {
+function getTablePermissionRole(
-  let res = databasePermissionRole == 'read_content' ? 'read' :
+  conid,
-    databasePermissionRole == 'write_data' ? 'create_update_delete' :
+  database,
-      databasePermissionRole == 'run_script' ? 'run_script' :
+  objectTypeField,
-        'deny';
+  schemaName,
+  pureName,
+  loadedTablePermissions,
+  databasePermissionRole
+) {
+  let res =
+    databasePermissionRole == 'read_content'
+      ? 'read'
+      : databasePermissionRole == 'write_data'
+      ? 'create_update_delete'
+      : databasePermissionRole == 'run_script'
+      ? 'run_script'
+      : 'deny';
   for (const permissionRow of loadedTablePermissions) {
     if (!matchDatabasePermissionRow(conid, database, permissionRow)) {
       continue;
@@ -286,7 +301,6 @@ async function testDatabaseRolePermission(conid, database, requiredRole, req) {
   }
 }
 
-
 module.exports = {
   hasPermission,
   connectionHasPermission,
@@ -298,5 +312,5 @@ module.exports = {
   getTablePermissionRole,
   testStandardPermission,
   testDatabaseRolePermission,
-  getTablePermissionRoleLevelIndex
+  getTablePermissionRoleLevelIndex,
 };

packages/web/src/elements/TableControl.svelte

@@ -199,6 +199,7 @@
   tabindex={selectable ? -1 : undefined}
   on:keydown={handleKeyDown}
   class:stickyHeader
+  data-testid={$$props['data-testid']}
 >
   <thead class:stickyHeader>
     <tr>