[field-level permissions] Upsert fieldPermission + use fieldPermission to compute permissions (#13050)
In this PR
- introduction of fieldPermission entity
- addition of upsertFieldPermission in role resolver
- computing of permissions taking fieldPermission into account. In order
to limit what is stored in Redis we only store fields restrictions. For
instance for objectMetadata with id XXX with a restriction on field with
id YYY we store:
`"XXX":{"canRead":true,"canUpdate":false,"canSoftDelete":false,"canDestroy":false,"restrictedFields":{"YYY":{"canRead":false,"canUpdate":null}}}`
---------
Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
This commit is contained in:
Marie
@ -678,6 +678,7 @@ export type FeatureFlagDto = {
|
||||
export enum FeatureFlagKey {
|
||||
IS_AIRTABLE_INTEGRATION_ENABLED = 'IS_AIRTABLE_INTEGRATION_ENABLED',
|
||||
IS_AI_ENABLED = 'IS_AI_ENABLED',
|
||||
IS_FIELDS_PERMISSIONS_ENABLED = 'IS_FIELDS_PERMISSIONS_ENABLED',
|
||||
IS_IMAP_ENABLED = 'IS_IMAP_ENABLED',
|
||||
IS_JSON_FILTER_ENABLED = 'IS_JSON_FILTER_ENABLED',
|
||||
IS_MORPH_RELATION_ENABLED = 'IS_MORPH_RELATION_ENABLED',
|
||||
@ -766,6 +767,23 @@ export enum FieldMetadataType {
|
||||
UUID = 'UUID'
|
||||
}
|
||||
|
||||
export type FieldPermission = {
|
||||
__typename?: 'FieldPermission';
|
||||
canReadFieldValue?: Maybe<Scalars['Boolean']>;
|
||||
canUpdateFieldValue?: Maybe<Scalars['Boolean']>;
|
||||
fieldMetadataId: Scalars['String'];
|
||||
id: Scalars['String'];
|
||||
objectMetadataId: Scalars['String'];
|
||||
roleId: Scalars['String'];
|
||||
};
|
||||
|
||||
export type FieldPermissionInput = {
|
||||
canReadFieldValue?: InputMaybe<Scalars['Boolean']>;
|
||||
canUpdateFieldValue?: InputMaybe<Scalars['Boolean']>;
|
||||
fieldMetadataId: Scalars['String'];
|
||||
objectMetadataId: Scalars['String'];
|
||||
};
|
||||
|
||||
export enum FileFolder {
|
||||
Attachment = 'Attachment',
|
||||
PersonPicture = 'PersonPicture',
|
||||
@ -1076,6 +1094,7 @@ export type Mutation = {
|
||||
uploadImage: SignedFileDto;
|
||||
uploadProfilePicture: SignedFileDto;
|
||||
uploadWorkspaceLogo: SignedFileDto;
|
||||
upsertFieldPermissions: Array<FieldPermission>;
|
||||
upsertObjectPermissions: Array<ObjectPermission>;
|
||||
upsertSettingPermissions: Array<SettingPermission>;
|
||||
userLookupAdminPanel: UserLookup;
|
||||
@ -1494,6 +1513,11 @@ export type MutationUploadWorkspaceLogoArgs = {
|
||||
};
|
||||
|
||||
|
||||
export type MutationUpsertFieldPermissionsArgs = {
|
||||
upsertFieldPermissionsInput: UpsertFieldPermissionsInput;
|
||||
};
|
||||
|
||||
|
||||
export type MutationUpsertObjectPermissionsArgs = {
|
||||
upsertObjectPermissionsInput: UpsertObjectPermissionsInput;
|
||||
};
|
||||
@ -2484,6 +2508,11 @@ export type UpdateWorkspaceInput = {
|
||||
subdomain?: InputMaybe<Scalars['String']>;
|
||||
};
|
||||
|
||||
export type UpsertFieldPermissionsInput = {
|
||||
fieldPermissions: Array<FieldPermissionInput>;
|
||||
roleId: Scalars['String'];
|
||||
};
|
||||
|
||||
export type UpsertObjectPermissionsInput = {
|
||||
objectPermissions: Array<ObjectPermissionInput>;
|
||||
roleId: Scalars['String'];
|
||||
|
||||
@ -642,6 +642,7 @@ export type FeatureFlagDto = {
|
||||
export enum FeatureFlagKey {
|
||||
IS_AIRTABLE_INTEGRATION_ENABLED = 'IS_AIRTABLE_INTEGRATION_ENABLED',
|
||||
IS_AI_ENABLED = 'IS_AI_ENABLED',
|
||||
IS_FIELDS_PERMISSIONS_ENABLED = 'IS_FIELDS_PERMISSIONS_ENABLED',
|
||||
IS_IMAP_ENABLED = 'IS_IMAP_ENABLED',
|
||||
IS_JSON_FILTER_ENABLED = 'IS_JSON_FILTER_ENABLED',
|
||||
IS_MORPH_RELATION_ENABLED = 'IS_MORPH_RELATION_ENABLED',
|
||||
@ -730,6 +731,23 @@ export enum FieldMetadataType {
|
||||
UUID = 'UUID'
|
||||
}
|
||||
|
||||
export type FieldPermission = {
|
||||
__typename?: 'FieldPermission';
|
||||
canReadFieldValue?: Maybe<Scalars['Boolean']>;
|
||||
canUpdateFieldValue?: Maybe<Scalars['Boolean']>;
|
||||
fieldMetadataId: Scalars['String'];
|
||||
id: Scalars['String'];
|
||||
objectMetadataId: Scalars['String'];
|
||||
roleId: Scalars['String'];
|
||||
};
|
||||
|
||||
export type FieldPermissionInput = {
|
||||
canReadFieldValue?: InputMaybe<Scalars['Boolean']>;
|
||||
canUpdateFieldValue?: InputMaybe<Scalars['Boolean']>;
|
||||
fieldMetadataId: Scalars['String'];
|
||||
objectMetadataId: Scalars['String'];
|
||||
};
|
||||
|
||||
export enum FileFolder {
|
||||
Attachment = 'Attachment',
|
||||
PersonPicture = 'PersonPicture',
|
||||
@ -1027,6 +1045,7 @@ export type Mutation = {
|
||||
uploadImage: SignedFileDto;
|
||||
uploadProfilePicture: SignedFileDto;
|
||||
uploadWorkspaceLogo: SignedFileDto;
|
||||
upsertFieldPermissions: Array<FieldPermission>;
|
||||
upsertObjectPermissions: Array<ObjectPermission>;
|
||||
upsertSettingPermissions: Array<SettingPermission>;
|
||||
userLookupAdminPanel: UserLookup;
|
||||
@ -1405,6 +1424,11 @@ export type MutationUploadWorkspaceLogoArgs = {
|
||||
};
|
||||
|
||||
|
||||
export type MutationUpsertFieldPermissionsArgs = {
|
||||
upsertFieldPermissionsInput: UpsertFieldPermissionsInput;
|
||||
};
|
||||
|
||||
|
||||
export type MutationUpsertObjectPermissionsArgs = {
|
||||
upsertObjectPermissionsInput: UpsertObjectPermissionsInput;
|
||||
};
|
||||
@ -2322,6 +2346,11 @@ export type UpdateWorkspaceInput = {
|
||||
subdomain?: InputMaybe<Scalars['String']>;
|
||||
};
|
||||
|
||||
export type UpsertFieldPermissionsInput = {
|
||||
fieldPermissions: Array<FieldPermissionInput>;
|
||||
roleId: Scalars['String'];
|
||||
};
|
||||
|
||||
export type UpsertObjectPermissionsInput = {
|
||||
objectPermissions: Array<ObjectPermissionInput>;
|
||||
roleId: Scalars['String'];
|
||||
|
||||
Reference in New Issue
Block a user