yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-10-29 09:42:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-ui/src/main/resources/ui/src/utils/PermissionsUtils.ts
Ashish Gupta 7877d5c14c
Allow Asset add and remove operation for editTag permission user (#18786) 
* Allow Asset add and remove operation for editTag permission user

* remove edit all permission check in bulkAssetTag api for tag

* fix the permission check by checking specific and the index used to exclude

* check editTag permission before updating assets by bulkTagAsset api

* fix the button not visible for the non admin user

* added playwright for the limited user check aroud asset

* restrict add asset button in certification page

* minor fix

* cleanup aroud tag page and fix usertab count around Team page

* use entity type instead of search index

---------

Co-authored-by: sonikashah <sonikashah94@gmail.com>
Co-authored-by: karanh37 <karanh37@gmail.com>
2024-11-28 16:15:07 +05:30

152 lines
4.1 KiB
TypeScript
Raw Blame History

/*
* Copyright 2022 Collate.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import {
OperationPermission,
ResourceEntity,
UIPermission,
} from '../context/PermissionProvider/PermissionProvider.interface';
import {
Access,
Permission,
ResourcePermission,
} from '../generated/entity/policies/accessControl/resourcePermission';
import { Operation } from '../generated/entity/policies/policy';
/**
*
* @param operation operation like Edit, Delete
* @param resourceType Resource type like "bot", "table"
* @param permissions UIPermission
* @returns boolean - true/false
*/
export const checkPermission = (
operation: Operation,
resourceType: ResourceEntity,
permissions: UIPermission
) => {
const allResource = permissions?.all;
const entityResource = permissions?.[resourceType];
let hasPermission = false;
/**
* If allResource is present then check for permission and return it
*/
if (allResource && !hasPermission) {
hasPermission = allResource.All || allResource[operation];
}
hasPermission =
hasPermission || (entityResource && entityResource[operation]);
return hasPermission;
};
/**
*
* @param operation operation like Edit, Delete
* @param resourceType Resource type like "bot", "table"
* @param permissions UIPermission
* @param checkEditAllPermission boolean to check EditALL permission as well
* @returns boolean - true/false
*/
export const checkPermissionEntityResource = (
operation: Operation,
resourceType: ResourceEntity,
permissions: UIPermission,
checkEditAllPermission = false
) => {
const entityResource = permissions?.[resourceType];
let hasPermission = entityResource && entityResource[operation];
if (checkEditAllPermission) {
hasPermission =
hasPermission || (entityResource && entityResource[Operation.EditAll]);
}
return hasPermission;
};
/**
*
* @param permission ResourcePermission
* @returns OperationPermission - {Operation:true/false}
*/
export const getOperationPermissions = (
permission: ResourcePermission
): OperationPermission => {
return permission.permissions.reduce(
(acc: OperationPermission, curr: Permission) => {
return {
...acc,
[curr.operation as Operation]: curr.access === Access.Allow,
};
},
{} as OperationPermission
);
};
/**
*
* @param permissions Take ResourcePermission list
* @returns UIPermission
*/
export const getUIPermission = (
permissions: ResourcePermission[]
): UIPermission => {
return permissions.reduce((acc: UIPermission, curr: ResourcePermission) => {
return {
...acc,
[curr.resource as ResourceEntity]: getOperationPermissions(curr),
};
}, {} as UIPermission);
};
export const userPermissions = {
/* A util function's that checks if the user has permission to view the resource. */
hasViewPermissions: (
resourceEntityType: ResourceEntity,
permissions: UIPermission
) =>
checkPermission(Operation.ViewBasic, resourceEntityType, permissions) ||
checkPermission(Operation.ViewAll, resourceEntityType, permissions),
};
export const DEFAULT_ENTITY_PERMISSION = {
Create: false,
Delete: false,
EditAll: false,
EditCustomFields: false,
EditDataProfile: false,
EditDescription: false,
EditDisplayName: false,
EditLineage: false,
EditOwners: false,
EditQueries: false,
EditSampleData: false,
EditTags: false,
EditTests: false,
EditTier: false,
ViewAll: false,
ViewBasic: false,
ViewDataProfile: false,
ViewQueries: false,
ViewSampleData: false,
ViewTests: false,
ViewUsage: false,
} as OperationPermission;
export const LIST_CAP = 1;
export const ALL_TYPE_RESOURCE_LIST = ['all', 'All'];
Reference in New Issue View Git Blame Copy Permalink