WIP - permissions progress

backend/src/models/field-definition.model.ts

@@ -74,5 +74,13 @@ export class FieldDefinition extends BaseModel {
         to: 'object_definitions.id',
       },
     },
+    rolePermissions: {
+      relation: BaseModel.HasManyRelation,
+      modelClass: () => require('./role-field-permission.model').RoleFieldPermission,
+      join: {
+        from: 'field_definitions.id',
+        to: 'role_field_permissions.fieldDefinitionId',
+      },
+    },
   };
 }

backend/src/models/object-definition.model.ts

@@ -10,8 +10,11 @@ export class ObjectDefinition extends BaseModel {
   description?: string;
   isSystem: boolean;
   isCustom: boolean;
+  orgWideDefault: 'private' | 'public_read' | 'public_read_write';
   createdAt: Date;
   updatedAt: Date;
+  fields?: any[];
+  rolePermissions?: any[];
 
   static get jsonSchema() {
     return {
@@ -25,12 +28,14 @@ export class ObjectDefinition extends BaseModel {
         description: { type: 'string' },
         isSystem: { type: 'boolean' },
         isCustom: { type: 'boolean' },
+        orgWideDefault: { type: 'string', enum: ['private', 'public_read', 'public_read_write'] },
       },
     };
   }
 
   static get relationMappings() {
     const { FieldDefinition } = require('./field-definition.model');
+    const { RoleObjectPermission } = require('./role-object-permission.model');
 
     return {
       fields: {
@@ -41,6 +46,14 @@ export class ObjectDefinition extends BaseModel {
           to: 'field_definitions.objectDefinitionId',
         },
       },
+      rolePermissions: {
+        relation: BaseModel.HasManyRelation,
+        modelClass: RoleObjectPermission,
+        join: {
+          from: 'object_definitions.id',
+          to: 'role_object_permissions.objectDefinitionId',
+        },
+      },
     };
   }
 }

backend/src/models/record-share.model.ts

@@ -0,0 +1,77 @@
+import { BaseModel } from './base.model';
+
+export interface RecordShareAccessLevel {
+  canRead: boolean;
+  canEdit: boolean;
+  canDelete: boolean;
+}
+
+export class RecordShare extends BaseModel {
+  static tableName = 'record_shares';
+
+  id!: string;
+  objectDefinitionId!: string;
+  recordId!: string;
+  granteeUserId!: string;
+  grantedByUserId!: string;
+  accessLevel!: RecordShareAccessLevel;
+  expiresAt?: Date;
+  revokedAt?: Date;
+  createdAt!: Date;
+
+  static get jsonSchema() {
+    return {
+      type: 'object',
+      required: ['objectDefinitionId', 'recordId', 'granteeUserId', 'grantedByUserId', 'accessLevel'],
+      properties: {
+        id: { type: 'string' },
+        objectDefinitionId: { type: 'string' },
+        recordId: { type: 'string' },
+        granteeUserId: { type: 'string' },
+        grantedByUserId: { type: 'string' },
+        accessLevel: {
+          type: 'object',
+          properties: {
+            canRead: { type: 'boolean' },
+            canEdit: { type: 'boolean' },
+            canDelete: { type: 'boolean' },
+          },
+        },
+        expiresAt: { type: 'string', format: 'date-time' },
+        revokedAt: { type: 'string', format: 'date-time' },
+      },
+    };
+  }
+
+  static get relationMappings() {
+    const { ObjectDefinition } = require('./object-definition.model');
+    const { User } = require('./user.model');
+
+    return {
+      objectDefinition: {
+        relation: BaseModel.BelongsToOneRelation,
+        modelClass: ObjectDefinition,
+        join: {
+          from: 'record_shares.objectDefinitionId',
+          to: 'object_definitions.id',
+        },
+      },
+      granteeUser: {
+        relation: BaseModel.BelongsToOneRelation,
+        modelClass: User,
+        join: {
+          from: 'record_shares.granteeUserId',
+          to: 'users.id',
+        },
+      },
+      grantedByUser: {
+        relation: BaseModel.BelongsToOneRelation,
+        modelClass: User,
+        join: {
+          from: 'record_shares.grantedByUserId',
+          to: 'users.id',
+        },
+      },
+    };
+  }
+}

backend/src/models/role-field-permission.model.ts

@@ -0,0 +1,51 @@
+import { BaseModel } from './base.model';
+
+export class RoleFieldPermission extends BaseModel {
+  static tableName = 'role_field_permissions';
+
+  id!: string;
+  roleId!: string;
+  fieldDefinitionId!: string;
+  canRead!: boolean;
+  canEdit!: boolean;
+  createdAt!: Date;
+  updatedAt!: Date;
+
+  static get jsonSchema() {
+    return {
+      type: 'object',
+      required: ['roleId', 'fieldDefinitionId'],
+      properties: {
+        id: { type: 'string' },
+        roleId: { type: 'string' },
+        fieldDefinitionId: { type: 'string' },
+        canRead: { type: 'boolean' },
+        canEdit: { type: 'boolean' },
+      },
+    };
+  }
+
+  static get relationMappings() {
+    const { Role } = require('./role.model');
+    const { FieldDefinition } = require('./field-definition.model');
+
+    return {
+      role: {
+        relation: BaseModel.BelongsToOneRelation,
+        modelClass: Role,
+        join: {
+          from: 'role_field_permissions.roleId',
+          to: 'roles.id',
+        },
+      },
+      fieldDefinition: {
+        relation: BaseModel.BelongsToOneRelation,
+        modelClass: FieldDefinition,
+        join: {
+          from: 'role_field_permissions.fieldDefinitionId',
+          to: 'field_definitions.id',
+        },
+      },
+    };
+  }
+}

backend/src/models/role-object-permission.model.ts

@@ -0,0 +1,59 @@
+import { BaseModel } from './base.model';
+
+export class RoleObjectPermission extends BaseModel {
+  static tableName = 'role_object_permissions';
+
+  id!: string;
+  roleId!: string;
+  objectDefinitionId!: string;
+  canCreate!: boolean;
+  canRead!: boolean;
+  canEdit!: boolean;
+  canDelete!: boolean;
+  canViewAll!: boolean;
+  canModifyAll!: boolean;
+  createdAt!: Date;
+  updatedAt!: Date;
+
+  static get jsonSchema() {
+    return {
+      type: 'object',
+      required: ['roleId', 'objectDefinitionId'],
+      properties: {
+        id: { type: 'string' },
+        roleId: { type: 'string' },
+        objectDefinitionId: { type: 'string' },
+        canCreate: { type: 'boolean' },
+        canRead: { type: 'boolean' },
+        canEdit: { type: 'boolean' },
+        canDelete: { type: 'boolean' },
+        canViewAll: { type: 'boolean' },
+        canModifyAll: { type: 'boolean' },
+      },
+    };
+  }
+
+  static get relationMappings() {
+    const { Role } = require('./role.model');
+    const { ObjectDefinition } = require('./object-definition.model');
+
+    return {
+      role: {
+        relation: BaseModel.BelongsToOneRelation,
+        modelClass: Role,
+        join: {
+          from: 'role_object_permissions.roleId',
+          to: 'roles.id',
+        },
+      },
+      objectDefinition: {
+        relation: BaseModel.BelongsToOneRelation,
+        modelClass: ObjectDefinition,
+        join: {
+          from: 'role_object_permissions.objectDefinitionId',
+          to: 'object_definitions.id',
+        },
+      },
+    };
+  }
+}

backend/src/models/role.model.ts

@@ -27,6 +27,8 @@ export class Role extends BaseModel {
     const { RolePermission } = require('./role-permission.model');
     const { Permission } = require('./permission.model');
     const { User } = require('./user.model');
+    const { RoleObjectPermission } = require('./role-object-permission.model');
+    const { RoleFieldPermission } = require('./role-field-permission.model');
 
     return {
       rolePermissions: {
@@ -61,6 +63,22 @@ export class Role extends BaseModel {
           to: 'users.id',
         },
       },
+      objectPermissions: {
+        relation: BaseModel.HasManyRelation,
+        modelClass: RoleObjectPermission,
+        join: {
+          from: 'roles.id',
+          to: 'role_object_permissions.roleId',
+        },
+      },
+      fieldPermissions: {
+        relation: BaseModel.HasManyRelation,
+        modelClass: RoleFieldPermission,
+        join: {
+          from: 'roles.id',
+          to: 'role_field_permissions.roleId',
+        },
+      },
     };
   }
 }