search

Budibase / budibase

Low code platform for building business apps and workflows in minutes. Supports PostgreSQL, MySQL, MariaDB, MSSQL, MongoDB, Rest API, Docker, K8s, and more 🚀
https://budibase.com
Other
22.75k stars 1.57k forks source link

Row action view security crud #14447

Closed adrinr closed 2 months ago

adrinr commented 2 months ago

Description

Allow CRUD for row action view security.

linear[bot] commented 2 months ago

BUDI-8429 Row action view security

adrinr commented 2 months ago

Is this the permissions stuff we were talking about this morning in standup? If so, is this still relevant or are we going to tie view action permissions to read permissions?

This is still required. Each row action will be created per table, but to trigger it from a view it will need to be explicitly toggled. My question during the standup was who can actually trigger it? In short, the flow will be as follows:

  1. A row action A is called via the view B
  2. First check: is row action A enabled for the view B (this is what this PR crud is about)
  3. Second check: does the user calling have enough permissions to trigger this action (how this is done is yet to be discussed and implement in a further PR)
adrinr commented 2 months ago

Looks good - just need to update the API authorization middlewares for the builder only endpoints.

This is done in here: https://github.com/Budibase/budibase/pull/14448