From d54aee2557f0f17532f08bf6e73e489fb732f668 Mon Sep 17 00:00:00 2001 From: Vlad Leonov Date: Wed, 5 Jul 2023 11:37:24 +1200 Subject: [PATCH] InherentPermissions #13 --- DOCS/Changelog.md | 3 +- .../CompanyFilterCondFunc.Codeunit.al | 2 ++ .../SecGroupFilterCondFunc.Codeunit.al | 2 ++ .../UserFilterCondFunc.Codeunit.al | 2 ++ MAIN/src/Conditions/Condition.Table.al | 4 +++ MAIN/src/Conditions/Conditions.Page.al | 2 ++ .../ConditionsInUse.Query.al | 5 ++-- .../FeatureCondFactbox.Page.al | 2 ++ .../FeatureCondition.Table.al | 5 ++-- .../FeatureConditions.Page.al | 2 ++ .../FeatureConditions/ValidFeatures.Query.al | 4 +-- MAIN/src/Features/Feature.Table.al | 3 +- MAIN/src/Features/FeatureMgt.Codeunit.al | 9 +++--- MAIN/src/Features/Features.Page.al | 2 ++ MAIN/src/Install.Codeunit.al | 2 ++ .../Providers/ConditionProvider.Codeunit.al | 10 +++++-- .../src/Providers/PostHogProvider.Codeunit.al | 2 ++ MAIN/src/Providers/Provider.Table.al | 2 ++ MAIN/src/Upgrade.Codeunit.al | 2 ++ .../Admin.PermissionSetExt.al | 8 +----- .../Basic.PermissionSetExt.al | 28 ------------------- 21 files changed, 51 insertions(+), 50 deletions(-) delete mode 100644 MAIN/src/permissionsetextension/Basic.PermissionSetExt.al diff --git a/DOCS/Changelog.md b/DOCS/Changelog.md index 06e0a4b..d27467f 100644 --- a/DOCS/Changelog.md +++ b/DOCS/Changelog.md @@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - Extension somehow breaks other extensions install [#18](https://github.com/thetanz/OpenFeature-al/issues/18) +- InherentPermissions to simplify permissions [#13](https://github.com/thetanz/OpenFeature-al/issues/13) ### Added - @@ -22,7 +23,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - ### Removed -- +- `Basic_FF_TSL` permissions set extension now handled using InherentPermissions ### Security - diff --git a/MAIN/src/ConditionFunctions/CompanyFilterCondFunc.Codeunit.al b/MAIN/src/ConditionFunctions/CompanyFilterCondFunc.Codeunit.al index 334767c..d6eda73 100644 --- a/MAIN/src/ConditionFunctions/CompanyFilterCondFunc.Codeunit.al +++ b/MAIN/src/ConditionFunctions/CompanyFilterCondFunc.Codeunit.al @@ -1,6 +1,8 @@ codeunit 58539 "CompanyFilterCondFunc_FF_TSL" implements IConditionFunction_FF_TSL { Access = Internal; + InherentEntitlements = X; + InherentPermissions = X; Permissions = tabledata Company = R; diff --git a/MAIN/src/ConditionFunctions/SecGroupFilterCondFunc.Codeunit.al b/MAIN/src/ConditionFunctions/SecGroupFilterCondFunc.Codeunit.al index b8b4a8b..5607676 100644 --- a/MAIN/src/ConditionFunctions/SecGroupFilterCondFunc.Codeunit.al +++ b/MAIN/src/ConditionFunctions/SecGroupFilterCondFunc.Codeunit.al @@ -1,6 +1,8 @@ codeunit 58650 "SecGroupFilterCondFunc_FF_TSL" implements IConditionFunction_FF_TSL { Access = Internal; + InherentEntitlements = X; + InherentPermissions = X; Permissions = tabledata "Security Group Member Buffer" = R; diff --git a/MAIN/src/ConditionFunctions/UserFilterCondFunc.Codeunit.al b/MAIN/src/ConditionFunctions/UserFilterCondFunc.Codeunit.al index 88d3861..c27054f 100644 --- a/MAIN/src/ConditionFunctions/UserFilterCondFunc.Codeunit.al +++ b/MAIN/src/ConditionFunctions/UserFilterCondFunc.Codeunit.al @@ -1,6 +1,8 @@ codeunit 58538 "UserFilterCondFunc_FF_TSL" implements IConditionFunction_FF_TSL { Access = Internal; + InherentEntitlements = X; + InherentPermissions = X; Permissions = tabledata User = R; diff --git a/MAIN/src/Conditions/Condition.Table.al b/MAIN/src/Conditions/Condition.Table.al index 797d958..4cf0dec 100644 --- a/MAIN/src/Conditions/Condition.Table.al +++ b/MAIN/src/Conditions/Condition.Table.al @@ -5,6 +5,10 @@ table 58537 "Condition_FF_TSL" DataPerCompany = false; Caption = 'Condition'; LookupPageId = Conditions_FF_TSL; + InherentEntitlements = RIMDX; + InherentPermissions = R; + Permissions = + tabledata FeatureCondition_FF_TSL = D; fields { diff --git a/MAIN/src/Conditions/Conditions.Page.al b/MAIN/src/Conditions/Conditions.Page.al index 37e59c5..a021cce 100644 --- a/MAIN/src/Conditions/Conditions.Page.al +++ b/MAIN/src/Conditions/Conditions.Page.al @@ -7,6 +7,8 @@ page 58537 "Conditions_FF_TSL" DelayedInsert = true; RefreshOnActivate = true; Extensible = false; + InherentEntitlements = X; + InherentPermissions = X; layout { diff --git a/MAIN/src/FeatureConditions/ConditionsInUse.Query.al b/MAIN/src/FeatureConditions/ConditionsInUse.Query.al index 3f0cf2d..eefa963 100644 --- a/MAIN/src/FeatureConditions/ConditionsInUse.Query.al +++ b/MAIN/src/FeatureConditions/ConditionsInUse.Query.al @@ -3,9 +3,8 @@ query 58535 "ConditionsInUse_FF_TSL" Access = Internal; QueryType = Normal; ReadState = ReadUncommitted; - Permissions = - tabledata Condition_FF_TSL = R, - tabledata FeatureCondition_FF_TSL = R; + InherentEntitlements = X; + InherentPermissions = X; elements { diff --git a/MAIN/src/FeatureConditions/FeatureCondFactbox.Page.al b/MAIN/src/FeatureConditions/FeatureCondFactbox.Page.al index 7e4ef6c..33121a3 100644 --- a/MAIN/src/FeatureConditions/FeatureCondFactbox.Page.al +++ b/MAIN/src/FeatureConditions/FeatureCondFactbox.Page.al @@ -6,6 +6,8 @@ page 58538 "FeatureCondFactbox_FF_TSL" ApplicationArea = All; Caption = 'Conditions'; Extensible = false; + InherentEntitlements = X; + InherentPermissions = X; layout { diff --git a/MAIN/src/FeatureConditions/FeatureCondition.Table.al b/MAIN/src/FeatureConditions/FeatureCondition.Table.al index 01ce2af..446b0fc 100644 --- a/MAIN/src/FeatureConditions/FeatureCondition.Table.al +++ b/MAIN/src/FeatureConditions/FeatureCondition.Table.al @@ -5,16 +5,17 @@ table 58538 "FeatureCondition_FF_TSL" DataPerCompany = false; LookupPageId = FeatureConditions_FF_TSL; Caption = 'Feature Flag Condition'; + InherentEntitlements = RIMDX; + InherentPermissions = R; fields { field(1; FeatureID; Code[50]) { - Caption = 'Feature Flag Key'; + Caption = 'Feature ID'; DataClassification = CustomerContent; NotBlank = true; TableRelation = Feature_FF_TSL; - ValidateTableRelation = false; } field(2; ConditionCode; Code[50]) { diff --git a/MAIN/src/FeatureConditions/FeatureConditions.Page.al b/MAIN/src/FeatureConditions/FeatureConditions.Page.al index eab86f8..c1c0646 100644 --- a/MAIN/src/FeatureConditions/FeatureConditions.Page.al +++ b/MAIN/src/FeatureConditions/FeatureConditions.Page.al @@ -6,6 +6,8 @@ page 58539 "FeatureConditions_FF_TSL" ApplicationArea = All; RefreshOnActivate = true; Extensible = false; + InherentEntitlements = X; + InherentPermissions = X; layout { diff --git a/MAIN/src/FeatureConditions/ValidFeatures.Query.al b/MAIN/src/FeatureConditions/ValidFeatures.Query.al index 9725e32..3989301 100644 --- a/MAIN/src/FeatureConditions/ValidFeatures.Query.al +++ b/MAIN/src/FeatureConditions/ValidFeatures.Query.al @@ -3,8 +3,8 @@ query 58536 "ValidFeatures_FF_TSL" Access = Internal; QueryType = Normal; ReadState = ReadUncommitted; - Permissions = - tabledata FeatureCondition_FF_TSL = R; + InherentEntitlements = X; + InherentPermissions = X; elements { diff --git a/MAIN/src/Features/Feature.Table.al b/MAIN/src/Features/Feature.Table.al index a1b1c07..a81da14 100644 --- a/MAIN/src/Features/Feature.Table.al +++ b/MAIN/src/Features/Feature.Table.al @@ -5,7 +5,8 @@ table 58535 "Feature_FF_TSL" DataPerCompany = false; Caption = 'Feature'; LookupPageId = Features_FF_TSL; - Permissions = tabledata Provider_FF_TSL = R; + InherentEntitlements = RIMDX; + InherentPermissions = R; fields { diff --git a/MAIN/src/Features/FeatureMgt.Codeunit.al b/MAIN/src/Features/FeatureMgt.Codeunit.al index 1a0a8f0..0b8cc2d 100644 --- a/MAIN/src/Features/FeatureMgt.Codeunit.al +++ b/MAIN/src/Features/FeatureMgt.Codeunit.al @@ -2,9 +2,9 @@ codeunit 58537 "FeatureMgt_FF_TSL" { Access = Public; SingleInstance = true; + InherentEntitlements = X; + InherentPermissions = X; Permissions = - tabledata Provider_FF_TSL = RIM, - tabledata Feature_FF_TSL = RIM, tabledata User = R, tabledata "User Personalization" = R, tabledata "All Profile" = R, @@ -14,10 +14,9 @@ codeunit 58537 "FeatureMgt_FF_TSL" TempGlobalFeature: Record Feature_FF_TSL temporary; TempUserSettings: Record "User Settings" temporary; ProviderData: Dictionary of [Text, JsonObject]; - GlobalContextAttributesContextID: Text; + GlobalContextAttributesContextID, EnabledFeatureIds : Text; GlobalContextAttributes: JsonObject; DefaultProfileID: Code[30]; - EnabledFeatureIds: Text; #region Library @@ -37,6 +36,7 @@ codeunit 58537 "FeatureMgt_FF_TSL" end; [NonDebuggable] + [InherentPermissions(PermissionObjectType::TableData, Database::Provider_FF_TSL, 'IM')] internal procedure AddProvider(Code: Code[20]; Type: Enum ProviderType_FF_TSL; ConnectionInfo: JsonObject; CaptureEvents: JsonObject) Result: Boolean var Provider: Record Provider_FF_TSL; @@ -71,6 +71,7 @@ codeunit 58537 "FeatureMgt_FF_TSL" exit(AddFeature(Feature, FeatureID, Description, ProviderCode)) end; + [InherentPermissions(PermissionObjectType::TableData, Database::Feature_FF_TSL, 'IM')] local procedure AddFeature(var Feature: Record Feature_FF_TSL; FeatureID: Code[50]; Description: Text; ProviderCode: Code[20]) Result: Boolean begin Feature.Init(); diff --git a/MAIN/src/Features/Features.Page.al b/MAIN/src/Features/Features.Page.al index b8bbcfb..b3f21e3 100644 --- a/MAIN/src/Features/Features.Page.al +++ b/MAIN/src/Features/Features.Page.al @@ -10,6 +10,8 @@ page 58535 "Features_FF_TSL" RefreshOnActivate = true; InsertAllowed = false; DeleteAllowed = false; + InherentEntitlements = X; + InherentPermissions = X; layout { diff --git a/MAIN/src/Install.Codeunit.al b/MAIN/src/Install.Codeunit.al index e4d5213..607626c 100644 --- a/MAIN/src/Install.Codeunit.al +++ b/MAIN/src/Install.Codeunit.al @@ -2,6 +2,8 @@ codeunit 58535 "Install_FF_TSL" { Access = Internal; Subtype = Install; + InherentEntitlements = X; + InherentPermissions = X; trigger OnInstallAppPerDatabase() var diff --git a/MAIN/src/Providers/ConditionProvider.Codeunit.al b/MAIN/src/Providers/ConditionProvider.Codeunit.al index 31b6a7a..c0282ff 100644 --- a/MAIN/src/Providers/ConditionProvider.Codeunit.al +++ b/MAIN/src/Providers/ConditionProvider.Codeunit.al @@ -2,9 +2,10 @@ codeunit 58651 "ConditionProvider_FF_TSL" implements IProvider_FF_TSL { Access = Public; SingleInstance = true; + InherentEntitlements = X; + InherentPermissions = X; Permissions = - tabledata Condition_FF_TSL = RI, - tabledata FeatureCondition_FF_TSL = RID; + tabledata User = R; var FeatureMgt: Codeunit FeatureMgt_FF_TSL; @@ -20,6 +21,7 @@ codeunit 58651 "ConditionProvider_FF_TSL" implements IProvider_FF_TSL exit(FeatureMgt.AddFeature(FeatureID, Description, ConditionProviderCodeTxt)) end; + [InherentPermissions(PermissionObjectType::TableData, Database::Condition_FF_TSL, 'I')] procedure AddCondition(Code: Code[50]; Function: Enum ConditionFunction_FF_TSL; Argument: Text) Result: Boolean var Condition: Record Condition_FF_TSL; @@ -32,6 +34,7 @@ codeunit 58651 "ConditionProvider_FF_TSL" implements IProvider_FF_TSL end end; + [InherentPermissions(PermissionObjectType::TableData, Database::FeatureCondition_FF_TSL, 'IM')] procedure AddFeatureCondition(FeatureID: Code[50]; ConditionCode: Code[50]) Result: Boolean var FeatureCondition: Record FeatureCondition_FF_TSL; @@ -86,6 +89,8 @@ codeunit 58651 "ConditionProvider_FF_TSL" implements IProvider_FF_TSL StrmenuOptionLbl: Label '%1,Everyone', Comment = '%1 = User ID'; StrmenuResult: Integer; begin + if not FeatureCondition.WritePermission() then + exit; if not FeatureMgt.IsEnabled(FeatureID) then begin StrmenuResult := StrMenu(StrSubstNo(StrmenuOptionLbl, UserId()), 0, StrmenuInstructionLbl); if StrmenuResult > 0 then begin @@ -204,6 +209,7 @@ codeunit 58651 "ConditionProvider_FF_TSL" implements IProvider_FF_TSL #region Subscribers [EventSubscriber(ObjectType::Table, Database::Feature_FF_TSL, OnAfterDeleteEvent, '', false, false)] + [InherentPermissions(PermissionObjectType::TableData, Database::FeatureCondition_FF_TSL, 'D')] local procedure OnDeleteFeature(var Rec: Record Feature_FF_TSL; RunTrigger: Boolean) var FeatureCondition: Record FeatureCondition_FF_TSL; diff --git a/MAIN/src/Providers/PostHogProvider.Codeunit.al b/MAIN/src/Providers/PostHogProvider.Codeunit.al index f723b27..408d452 100644 --- a/MAIN/src/Providers/PostHogProvider.Codeunit.al +++ b/MAIN/src/Providers/PostHogProvider.Codeunit.al @@ -2,6 +2,8 @@ codeunit 58653 "PostHogProvider_FF_TSL" implements IProvider_FF_TSL { Access = Public; SingleInstance = true; + InherentEntitlements = X; + InherentPermissions = X; Permissions = tabledata User = R; diff --git a/MAIN/src/Providers/Provider.Table.al b/MAIN/src/Providers/Provider.Table.al index bfddb0e..ba984cf 100644 --- a/MAIN/src/Providers/Provider.Table.al +++ b/MAIN/src/Providers/Provider.Table.al @@ -3,6 +3,8 @@ table 58536 "Provider_FF_TSL" Access = Internal; DataClassification = SystemMetadata; DataPerCompany = false; + InherentEntitlements = RIMDX; + InherentPermissions = R; fields { diff --git a/MAIN/src/Upgrade.Codeunit.al b/MAIN/src/Upgrade.Codeunit.al index b20595e..1feed64 100644 --- a/MAIN/src/Upgrade.Codeunit.al +++ b/MAIN/src/Upgrade.Codeunit.al @@ -2,6 +2,8 @@ codeunit 58536 "Upgrade_FF_TSL" { Access = Internal; Subtype = Upgrade; + InherentEntitlements = X; + InherentPermissions = X; trigger OnUpgradePerDatabase() var diff --git a/MAIN/src/permissionsetextension/Admin.PermissionSetExt.al b/MAIN/src/permissionsetextension/Admin.PermissionSetExt.al index 93e7a59..1b813a8 100644 --- a/MAIN/src/permissionsetextension/Admin.PermissionSetExt.al +++ b/MAIN/src/permissionsetextension/Admin.PermissionSetExt.al @@ -3,12 +3,6 @@ permissionsetextension 58536 "Admin_FF_TSL" extends "Feature Mgt. - Admin" Permissions = // Conditions tabledata Condition_FF_TSL = RIMD, - page Conditions_FF_TSL = X, // FeatureConditions - page FeatureCondFactbox_FF_TSL = X, - tabledata FeatureCondition_FF_TSL = RIMD, - page FeatureConditions_FF_TSL = X, - // Features - tabledata Feature_FF_TSL = R, - page Features_FF_TSL = X; + tabledata FeatureCondition_FF_TSL = RIMD; } \ No newline at end of file diff --git a/MAIN/src/permissionsetextension/Basic.PermissionSetExt.al b/MAIN/src/permissionsetextension/Basic.PermissionSetExt.al deleted file mode 100644 index 18d1a9a..0000000 --- a/MAIN/src/permissionsetextension/Basic.PermissionSetExt.al +++ /dev/null @@ -1,28 +0,0 @@ -permissionsetextension 58535 "Basic_FF_TSL" extends "System Execute - Basic" -{ - Permissions = - // ConditionFunctions - codeunit CompanyFilterCondFunc_FF_TSL = X, - codeunit UserFilterCondFunc_FF_TSL = X, - codeunit SecGroupFilterCondFunc_FF_TSL = X, - // Conditions - tabledata Condition_FF_TSL = ri, - table Condition_FF_TSL = X, - // FeatureConditions - query ConditionsInUse_FF_TSL = X, - tabledata FeatureCondition_FF_TSL = rimd, - table FeatureCondition_FF_TSL = X, - query ValidFeatures_FF_TSL = X, - // Features - tabledata Feature_FF_TSL = rimd, - table Feature_FF_TSL = X, - codeunit FeatureMgt_FF_TSL = X, - // Providers - codeunit ConditionProvider_FF_TSL = X, - codeunit PostHogProvider_FF_TSL = X, - tabledata Provider_FF_TSL = rimd, - table Provider_FF_TSL = X, - // Others - codeunit Install_FF_TSL = X, - codeunit Upgrade_FF_TSL = X; -} \ No newline at end of file