budibase icon indicating copy to clipboard operation
budibase copied to clipboard

Published 20 hours ago • verified publisher icon Budibase

Row action view security crud

Open adrinr opened this issue 1 year ago • 1 comments

Description

Allow CRUD for row action view security.

adrinr avatar Aug 26 '24 10:08 adrinr

BUDI-8429 Row action view security

linear[bot] avatar Aug 26 '24 10:08 linear[bot]

Is this the permissions stuff we were talking about this morning in standup? If so, is this still relevant or are we going to tie view action permissions to read permissions?

This is still required. Each row action will be created per table, but to trigger it from a view it will need to be explicitly toggled. My question during the standup was who can actually trigger it? In short, the flow will be as follows:

  1. A row action A is called via the view B
  2. First check: is row action A enabled for the view B (this is what this PR crud is about)
  3. Second check: does the user calling have enough permissions to trigger this action (how this is done is yet to be discussed and implement in a further PR)

adrinr avatar Aug 29 '24 14:08 adrinr

Looks good - just need to update the API authorization middlewares for the builder only endpoints.

This is done in here: https://github.com/Budibase/budibase/pull/14448

adrinr avatar Aug 29 '24 15:08 adrinr