diff --git a/DOCS/Changelog.md b/DOCS/Changelog.md index 06e0a4b..d27467f 100644 --- a/DOCS/Changelog.md +++ b/DOCS/Changelog.md @@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - Extension somehow breaks other extensions install [#18](https://github.com/thetanz/OpenFeature-al/issues/18) +- InherentPermissions to simplify permissions [#13](https://github.com/thetanz/OpenFeature-al/issues/13) ### Added - @@ -22,7 +23,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - ### Removed -- +- `Basic_FF_TSL` permissions set extension now handled using InherentPermissions ### Security - diff --git a/MAIN/src/ConditionFunctions/CompanyFilterCondFunc.Codeunit.al b/MAIN/src/ConditionFunctions/CompanyFilterCondFunc.Codeunit.al index c63b486..2ac0dfc 100644 --- a/MAIN/src/ConditionFunctions/CompanyFilterCondFunc.Codeunit.al +++ b/MAIN/src/ConditionFunctions/CompanyFilterCondFunc.Codeunit.al @@ -1,6 +1,8 @@ codeunit 70254349 "CompanyFilterCondFunc_FF_TSL" implements IConditionFunction_FF_TSL { Access = Internal; + InherentEntitlements = X; + InherentPermissions = X; Permissions = tabledata Company = R; diff --git a/MAIN/src/ConditionFunctions/SecGroupFilterCondFunc.Codeunit.al b/MAIN/src/ConditionFunctions/SecGroupFilterCondFunc.Codeunit.al index 3dc8070..25ae232 100644 --- a/MAIN/src/ConditionFunctions/SecGroupFilterCondFunc.Codeunit.al +++ b/MAIN/src/ConditionFunctions/SecGroupFilterCondFunc.Codeunit.al @@ -1,6 +1,8 @@ codeunit 70254350 "SecGroupFilterCondFunc_FF_TSL" implements IConditionFunction_FF_TSL { Access = Internal; + InherentEntitlements = X; + InherentPermissions = X; Permissions = tabledata "Security Group Member Buffer" = R; diff --git a/MAIN/src/ConditionFunctions/UserFilterCondFunc.Codeunit.al b/MAIN/src/ConditionFunctions/UserFilterCondFunc.Codeunit.al index 29ccb22..d1add0b 100644 --- a/MAIN/src/ConditionFunctions/UserFilterCondFunc.Codeunit.al +++ b/MAIN/src/ConditionFunctions/UserFilterCondFunc.Codeunit.al @@ -1,6 +1,8 @@ codeunit 70254348 "UserFilterCondFunc_FF_TSL" implements IConditionFunction_FF_TSL { Access = Internal; + InherentEntitlements = X; + InherentPermissions = X; Permissions = tabledata User = R; diff --git a/MAIN/src/Conditions/Condition.Table.al b/MAIN/src/Conditions/Condition.Table.al index dfcdab0..141a671 100644 --- a/MAIN/src/Conditions/Condition.Table.al +++ b/MAIN/src/Conditions/Condition.Table.al @@ -5,6 +5,10 @@ table 70254347 "Condition_FF_TSL" DataPerCompany = false; Caption = 'Condition'; LookupPageId = Conditions_FF_TSL; + InherentEntitlements = RIMDX; + InherentPermissions = R; + Permissions = + tabledata FeatureCondition_FF_TSL = D; fields { diff --git a/MAIN/src/Conditions/Conditions.Page.al b/MAIN/src/Conditions/Conditions.Page.al index c985b37..82239ef 100644 --- a/MAIN/src/Conditions/Conditions.Page.al +++ b/MAIN/src/Conditions/Conditions.Page.al @@ -7,6 +7,8 @@ page 70254347 "Conditions_FF_TSL" DelayedInsert = true; RefreshOnActivate = true; Extensible = false; + InherentEntitlements = X; + InherentPermissions = X; layout { diff --git a/MAIN/src/FeatureConditions/ConditionsInUse.Query.al b/MAIN/src/FeatureConditions/ConditionsInUse.Query.al index 5f14b57..9a62153 100644 --- a/MAIN/src/FeatureConditions/ConditionsInUse.Query.al +++ b/MAIN/src/FeatureConditions/ConditionsInUse.Query.al @@ -3,9 +3,8 @@ query 70254345 "ConditionsInUse_FF_TSL" Access = Internal; QueryType = Normal; ReadState = ReadUncommitted; - Permissions = - tabledata Condition_FF_TSL = R, - tabledata FeatureCondition_FF_TSL = R; + InherentEntitlements = X; + InherentPermissions = X; elements { diff --git a/MAIN/src/FeatureConditions/FeatureCondFactbox.Page.al b/MAIN/src/FeatureConditions/FeatureCondFactbox.Page.al index f1fa0b8..0b7f4aa 100644 --- a/MAIN/src/FeatureConditions/FeatureCondFactbox.Page.al +++ b/MAIN/src/FeatureConditions/FeatureCondFactbox.Page.al @@ -6,6 +6,8 @@ page 70254348 "FeatureCondFactbox_FF_TSL" ApplicationArea = All; Caption = 'Conditions'; Extensible = false; + InherentEntitlements = X; + InherentPermissions = X; layout { diff --git a/MAIN/src/FeatureConditions/FeatureCondition.Table.al b/MAIN/src/FeatureConditions/FeatureCondition.Table.al index a984e72..0ad9528 100644 --- a/MAIN/src/FeatureConditions/FeatureCondition.Table.al +++ b/MAIN/src/FeatureConditions/FeatureCondition.Table.al @@ -5,16 +5,17 @@ table 70254348 "FeatureCondition_FF_TSL" DataPerCompany = false; LookupPageId = FeatureConditions_FF_TSL; Caption = 'Feature Flag Condition'; + InherentEntitlements = RIMDX; + InherentPermissions = R; fields { field(1; FeatureID; Code[50]) { - Caption = 'Feature Flag Key'; + Caption = 'Feature ID'; DataClassification = CustomerContent; NotBlank = true; TableRelation = Feature_FF_TSL; - ValidateTableRelation = false; } field(2; ConditionCode; Code[50]) { diff --git a/MAIN/src/FeatureConditions/FeatureConditions.Page.al b/MAIN/src/FeatureConditions/FeatureConditions.Page.al index 5bfd622..334fe1c 100644 --- a/MAIN/src/FeatureConditions/FeatureConditions.Page.al +++ b/MAIN/src/FeatureConditions/FeatureConditions.Page.al @@ -6,6 +6,8 @@ page 70254349 "FeatureConditions_FF_TSL" ApplicationArea = All; RefreshOnActivate = true; Extensible = false; + InherentEntitlements = X; + InherentPermissions = X; layout { diff --git a/MAIN/src/FeatureConditions/ValidFeatures.Query.al b/MAIN/src/FeatureConditions/ValidFeatures.Query.al index 06119a7..d9a9511 100644 --- a/MAIN/src/FeatureConditions/ValidFeatures.Query.al +++ b/MAIN/src/FeatureConditions/ValidFeatures.Query.al @@ -3,8 +3,8 @@ query 70254346 "ValidFeatures_FF_TSL" Access = Internal; QueryType = Normal; ReadState = ReadUncommitted; - Permissions = - tabledata FeatureCondition_FF_TSL = R; + InherentEntitlements = X; + InherentPermissions = X; elements { diff --git a/MAIN/src/Features/Feature.Table.al b/MAIN/src/Features/Feature.Table.al index aad0515..1402d27 100644 --- a/MAIN/src/Features/Feature.Table.al +++ b/MAIN/src/Features/Feature.Table.al @@ -5,7 +5,8 @@ table 70254345 "Feature_FF_TSL" DataPerCompany = false; Caption = 'Feature'; LookupPageId = Features_FF_TSL; - Permissions = tabledata Provider_FF_TSL = R; + InherentEntitlements = RIMDX; + InherentPermissions = R; fields { diff --git a/MAIN/src/Features/FeatureMgt.Codeunit.al b/MAIN/src/Features/FeatureMgt.Codeunit.al index d0d9bb8..bbed612 100644 --- a/MAIN/src/Features/FeatureMgt.Codeunit.al +++ b/MAIN/src/Features/FeatureMgt.Codeunit.al @@ -2,9 +2,9 @@ codeunit 70254347 "FeatureMgt_FF_TSL" { Access = Public; SingleInstance = true; + InherentEntitlements = X; + InherentPermissions = X; Permissions = - tabledata Provider_FF_TSL = RIM, - tabledata Feature_FF_TSL = RIM, tabledata User = R, tabledata "User Personalization" = R, tabledata "All Profile" = R, @@ -14,10 +14,9 @@ codeunit 70254347 "FeatureMgt_FF_TSL" TempGlobalFeature: Record Feature_FF_TSL temporary; TempUserSettings: Record "User Settings" temporary; ProviderData: Dictionary of [Text, JsonObject]; - GlobalContextAttributesContextID: Text; + GlobalContextAttributesContextID, EnabledFeatureIds : Text; GlobalContextAttributes: JsonObject; DefaultProfileID: Code[30]; - EnabledFeatureIds: Text; #region Library @@ -37,6 +36,7 @@ codeunit 70254347 "FeatureMgt_FF_TSL" end; [NonDebuggable] + [InherentPermissions(PermissionObjectType::TableData, Database::Provider_FF_TSL, 'IM')] internal procedure AddProvider(Code: Code[20]; Type: Enum ProviderType_FF_TSL; ConnectionInfo: JsonObject; CaptureEvents: JsonObject) Result: Boolean var Provider: Record Provider_FF_TSL; @@ -71,6 +71,7 @@ codeunit 70254347 "FeatureMgt_FF_TSL" exit(AddFeature(Feature, FeatureID, Description, ProviderCode)) end; + [InherentPermissions(PermissionObjectType::TableData, Database::Feature_FF_TSL, 'IM')] local procedure AddFeature(var Feature: Record Feature_FF_TSL; FeatureID: Code[50]; Description: Text; ProviderCode: Code[20]) Result: Boolean begin Feature.Init(); diff --git a/MAIN/src/Features/Features.Page.al b/MAIN/src/Features/Features.Page.al index a4df456..e2a54fb 100644 --- a/MAIN/src/Features/Features.Page.al +++ b/MAIN/src/Features/Features.Page.al @@ -10,6 +10,8 @@ page 70254345 "Features_FF_TSL" RefreshOnActivate = true; InsertAllowed = false; DeleteAllowed = false; + InherentEntitlements = X; + InherentPermissions = X; layout { diff --git a/MAIN/src/Install.Codeunit.al b/MAIN/src/Install.Codeunit.al index b20f210..ce7e368 100644 --- a/MAIN/src/Install.Codeunit.al +++ b/MAIN/src/Install.Codeunit.al @@ -2,6 +2,8 @@ codeunit 70254345 "Install_FF_TSL" { Access = Internal; Subtype = Install; + InherentEntitlements = X; + InherentPermissions = X; trigger OnInstallAppPerDatabase() var diff --git a/MAIN/src/Providers/ConditionProvider.Codeunit.al b/MAIN/src/Providers/ConditionProvider.Codeunit.al index 80f6b60..174a071 100644 --- a/MAIN/src/Providers/ConditionProvider.Codeunit.al +++ b/MAIN/src/Providers/ConditionProvider.Codeunit.al @@ -2,9 +2,10 @@ codeunit 70254351 "ConditionProvider_FF_TSL" implements IProvider_FF_TSL { Access = Public; SingleInstance = true; + InherentEntitlements = X; + InherentPermissions = X; Permissions = - tabledata Condition_FF_TSL = RI, - tabledata FeatureCondition_FF_TSL = RID; + tabledata User = R; var FeatureMgt: Codeunit FeatureMgt_FF_TSL; @@ -20,6 +21,7 @@ codeunit 70254351 "ConditionProvider_FF_TSL" implements IProvider_FF_TSL exit(FeatureMgt.AddFeature(FeatureID, Description, ConditionProviderCodeTxt)) end; + [InherentPermissions(PermissionObjectType::TableData, Database::Condition_FF_TSL, 'I')] procedure AddCondition(Code: Code[50]; Function: Enum ConditionFunction_FF_TSL; Argument: Text) Result: Boolean var Condition: Record Condition_FF_TSL; @@ -32,6 +34,7 @@ codeunit 70254351 "ConditionProvider_FF_TSL" implements IProvider_FF_TSL end end; + [InherentPermissions(PermissionObjectType::TableData, Database::FeatureCondition_FF_TSL, 'IM')] procedure AddFeatureCondition(FeatureID: Code[50]; ConditionCode: Code[50]) Result: Boolean var FeatureCondition: Record FeatureCondition_FF_TSL; @@ -86,6 +89,8 @@ codeunit 70254351 "ConditionProvider_FF_TSL" implements IProvider_FF_TSL StrmenuOptionLbl: Label '%1,Everyone', Comment = '%1 = User ID'; StrmenuResult: Integer; begin + if not FeatureCondition.WritePermission() then + exit; if not FeatureMgt.IsEnabled(FeatureID) then begin StrmenuResult := StrMenu(StrSubstNo(StrmenuOptionLbl, UserId()), 0, StrmenuInstructionLbl); if StrmenuResult > 0 then begin @@ -204,6 +209,7 @@ codeunit 70254351 "ConditionProvider_FF_TSL" implements IProvider_FF_TSL #region Subscribers [EventSubscriber(ObjectType::Table, Database::Feature_FF_TSL, OnAfterDeleteEvent, '', false, false)] + [InherentPermissions(PermissionObjectType::TableData, Database::FeatureCondition_FF_TSL, 'D')] local procedure OnDeleteFeature(var Rec: Record Feature_FF_TSL; RunTrigger: Boolean) var FeatureCondition: Record FeatureCondition_FF_TSL; diff --git a/MAIN/src/Providers/PostHogProvider.Codeunit.al b/MAIN/src/Providers/PostHogProvider.Codeunit.al index 904e02f..48e31cb 100644 --- a/MAIN/src/Providers/PostHogProvider.Codeunit.al +++ b/MAIN/src/Providers/PostHogProvider.Codeunit.al @@ -2,6 +2,8 @@ codeunit 70254353 "PostHogProvider_FF_TSL" implements IProvider_FF_TSL { Access = Public; SingleInstance = true; + InherentEntitlements = X; + InherentPermissions = X; Permissions = tabledata User = R; diff --git a/MAIN/src/Providers/Provider.Table.al b/MAIN/src/Providers/Provider.Table.al index a8e6b0e..0b9b93e 100644 --- a/MAIN/src/Providers/Provider.Table.al +++ b/MAIN/src/Providers/Provider.Table.al @@ -3,6 +3,8 @@ table 70254346 "Provider_FF_TSL" Access = Internal; DataClassification = SystemMetadata; DataPerCompany = false; + InherentEntitlements = RIMDX; + InherentPermissions = R; fields { diff --git a/MAIN/src/Upgrade.Codeunit.al b/MAIN/src/Upgrade.Codeunit.al index b1dc1cf..bf5ab44 100644 --- a/MAIN/src/Upgrade.Codeunit.al +++ b/MAIN/src/Upgrade.Codeunit.al @@ -2,6 +2,8 @@ codeunit 70254346 "Upgrade_FF_TSL" { Access = Internal; Subtype = Upgrade; + InherentEntitlements = X; + InherentPermissions = X; trigger OnUpgradePerDatabase() var diff --git a/MAIN/src/permissionsetextension/Admin.PermissionSetExt.al b/MAIN/src/permissionsetextension/Admin.PermissionSetExt.al index c29ad92..7d4cb2d 100644 --- a/MAIN/src/permissionsetextension/Admin.PermissionSetExt.al +++ b/MAIN/src/permissionsetextension/Admin.PermissionSetExt.al @@ -3,12 +3,6 @@ permissionsetextension 70254346 "Admin_FF_TSL" extends "Feature Mgt. - Admin" Permissions = // Conditions tabledata Condition_FF_TSL = RIMD, - page Conditions_FF_TSL = X, // FeatureConditions - page FeatureCondFactbox_FF_TSL = X, - tabledata FeatureCondition_FF_TSL = RIMD, - page FeatureConditions_FF_TSL = X, - // Features - tabledata Feature_FF_TSL = R, - page Features_FF_TSL = X; + tabledata FeatureCondition_FF_TSL = RIMD; } \ No newline at end of file diff --git a/MAIN/src/permissionsetextension/Basic.PermissionSetExt.al b/MAIN/src/permissionsetextension/Basic.PermissionSetExt.al deleted file mode 100644 index 39c647c..0000000 --- a/MAIN/src/permissionsetextension/Basic.PermissionSetExt.al +++ /dev/null @@ -1,28 +0,0 @@ -permissionsetextension 70254345 "Basic_FF_TSL" extends "System Execute - Basic" -{ - Permissions = - // ConditionFunctions - codeunit CompanyFilterCondFunc_FF_TSL = X, - codeunit UserFilterCondFunc_FF_TSL = X, - codeunit SecGroupFilterCondFunc_FF_TSL = X, - // Conditions - tabledata Condition_FF_TSL = ri, - table Condition_FF_TSL = X, - // FeatureConditions - query ConditionsInUse_FF_TSL = X, - tabledata FeatureCondition_FF_TSL = rimd, - table FeatureCondition_FF_TSL = X, - query ValidFeatures_FF_TSL = X, - // Features - tabledata Feature_FF_TSL = rimd, - table Feature_FF_TSL = X, - codeunit FeatureMgt_FF_TSL = X, - // Providers - codeunit ConditionProvider_FF_TSL = X, - codeunit PostHogProvider_FF_TSL = X, - tabledata Provider_FF_TSL = rimd, - table Provider_FF_TSL = X, - // Others - codeunit Install_FF_TSL = X, - codeunit Upgrade_FF_TSL = X; -} \ No newline at end of file