WIp - manage role permissions per object

2025-12-30 06:16:54 +01:00
parent d15fc918d1
commit 3086f78d34
4 changed files with 316 additions and 59 deletions
--- a/backend/src/object/object.service.ts
+++ b/backend/src/object/object.service.ts
@@ -794,4 +794,109 @@ export class ObjectService {
    
    return { success: true };
  }
+
+  async getObjectPermissions(
+    tenantId: string,
+    objectApiName: string,
+    roleId: string,
+  ) {
+    const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
+    const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
+    
+    // Get object definition
+    const objectDef = await ObjectDefinition.query(knex)
+      .findOne({ apiName: objectApiName });
+    
+    if (!objectDef) {
+      throw new NotFoundException(`Object ${objectApiName} not found`);
+    }
+    
+    // Get role object permissions
+    const permission = await knex('role_object_permissions')
+      .where({ roleId, objectDefinitionId: objectDef.id })
+      .first();
+    
+    if (!permission) {
+      // Return default permissions (all false)
+      return {
+        canCreate: false,
+        canRead: false,
+        canEdit: false,
+        canDelete: false,
+        canViewAll: false,
+        canModifyAll: false,
+      };
+    }
+    
+    return {
+      canCreate: Boolean(permission.canCreate),
+      canRead: Boolean(permission.canRead),
+      canEdit: Boolean(permission.canEdit),
+      canDelete: Boolean(permission.canDelete),
+      canViewAll: Boolean(permission.canViewAll),
+      canModifyAll: Boolean(permission.canModifyAll),
+    };
+  }
+
+  async updateObjectPermissions(
+    tenantId: string,
+    objectApiName: string,
+    data: {
+      roleId: string;
+      canCreate: boolean;
+      canRead: boolean;
+      canEdit: boolean;
+      canDelete: boolean;
+      canViewAll: boolean;
+      canModifyAll: boolean;
+    },
+  ) {
+    const resolvedTenantId = await this.tenantDbService.resolveTenantId(tenantId);
+    const knex = await this.tenantDbService.getTenantKnexById(resolvedTenantId);
+    
+    // Get object definition
+    const objectDef = await ObjectDefinition.query(knex)
+      .findOne({ apiName: objectApiName });
+    
+    if (!objectDef) {
+      throw new NotFoundException(`Object ${objectApiName} not found`);
+    }
+    
+    // Check if permission already exists
+    const existing = await knex('role_object_permissions')
+      .where({ roleId: data.roleId, objectDefinitionId: objectDef.id })
+      .first();
+    
+    if (existing) {
+      // Update existing permission
+      await knex('role_object_permissions')
+        .where({ roleId: data.roleId, objectDefinitionId: objectDef.id })
+        .update({
+          canCreate: data.canCreate,
+          canRead: data.canRead,
+          canEdit: data.canEdit,
+          canDelete: data.canDelete,
+          canViewAll: data.canViewAll,
+          canModifyAll: data.canModifyAll,
+          updated_at: knex.fn.now(),
+        });
+    } else {
+      // Create new permission
+      await knex('role_object_permissions').insert({
+        id: knex.raw('(UUID())'),
+        roleId: data.roleId,
+        objectDefinitionId: objectDef.id,
+        canCreate: data.canCreate,
+        canRead: data.canRead,
+        canEdit: data.canEdit,
+        canDelete: data.canDelete,
+        canViewAll: data.canViewAll,
+        canModifyAll: data.canModifyAll,
+        created_at: knex.fn.now(),
+        updated_at: knex.fn.now(),
+      });
+    }
+    
+    return { success: true };
+  }
 }