feat: detailed token permission (#1116)

* feat: detailed token permission

* feat: add select all

Author: tea-artist

apps/nestjs-backend/src/features/attachments/attachments.controller.ts

@@ -17,14 +17,12 @@ import type { INotifyVo, SignatureVo } from '@teable/openapi';
 import { Response, Request } from 'express';
 import { ZodValidationPipe } from '../../zod.validation.pipe';
 import { Public } from '../auth/decorators/public.decorator';
-import { TokenAccess } from '../auth/decorators/token.decorator';
 import { AuthGuard } from '../auth/guard/auth.guard';
 import { AttachmentsService } from './attachments.service';
 import { DynamicAuthGuardFactory } from './guard/auth.guard';
 
 @Controller('api/attachments')
 @Public()
-@TokenAccess()
 export class AttachmentsController {
   constructor(private readonly attachmentsService: AttachmentsService) {}
 

apps/nestjs-backend/src/features/base/base.controller.ts

@@ -45,7 +45,6 @@ import { Events } from '../../event-emitter/events';
 import { ZodValidationPipe } from '../../zod.validation.pipe';
 import { Permissions } from '../auth/decorators/permissions.decorator';
 import { ResourceMeta } from '../auth/decorators/resource_meta.decorator';
-import { TokenAccess } from '../auth/decorators/token.decorator';
 import { CollaboratorService } from '../collaborator/collaborator.service';
 import { InvitationService } from '../invitation/invitation.service';
 import { BaseQueryService } from './base-query/base-query.service';
@@ -126,17 +125,12 @@ export class BaseController {
     return await this.baseService.getBaseById(baseId);
   }
 
+  @Permissions('base|read_all')
   @Get('access/all')
   async getAllBase(): Promise<IGetBaseAllVo> {
     return this.baseService.getAllBaseList();
   }
 
-  @Get('access/list')
-  @TokenAccess()
-  async getAccessBase(): Promise<{ id: string; name: string }[]> {
-    return this.baseService.getAccessBaseList();
-  }
-
   @Delete(':baseId')
   @Permissions('base|delete')
   @EmitControllerEvent(Events.BASE_DELETE)

apps/nestjs-backend/src/features/comment/comment-open-api.controller.ts

@@ -17,12 +17,10 @@ import { ZodValidationPipe } from '../../zod.validation.pipe';
 import { AttachmentsStorageService } from '../attachments/attachments-storage.service';
 import StorageAdapter from '../attachments/plugins/adapter';
 import { Permissions } from '../auth/decorators/permissions.decorator';
-import { TokenAccess } from '../auth/decorators/token.decorator';
 import { TqlPipe } from '../record/open-api/tql.pipe';
 import { CommentOpenApiService } from './comment-open-api.service';
 
 @Controller('api/comment/:tableId')
-@TokenAccess()
 export class CommentOpenApiController {
   constructor(
     private readonly commentOpenApiService: CommentOpenApiService,

apps/nextjs-app/src/features/app/blocks/setting/access-token/form/AccessSelect.tsx

@@ -115,7 +115,7 @@ export const AccessSelect = (props: IFormAccess) => {
                 ?.map(({ id, name }) => (
                   <CommandGroup
                     key={id}
-                    heading={<div className="truncate text-sm">{name}</div>}
+                    heading={<div className="truncate text-sm font-bold">{name}</div>}
                     title={name}
                   >
                     <CommandItem

apps/nextjs-app/src/features/app/blocks/setting/access-token/form/AccessTokenForm.tsx

@@ -66,6 +66,8 @@ export const AccessTokenForm = <T extends IFormType>(props: IAccessTokenForm<T>)
       ActionPrefix.View,
       ActionPrefix.Field,
       ActionPrefix.Record,
+      ActionPrefix.TableRecordHistory,
+      ActionPrefix.User,
       ActionPrefix.Automation,
     ];
 

apps/nextjs-app/src/features/app/blocks/setting/components/ScopesSelect.tsx

@@ -1,7 +1,8 @@
 import { actionPrefixMap } from '@teable/core';
 import type { ActionPrefix, Action } from '@teable/core';
 import { usePermissionActionsStatic } from '@teable/sdk/hooks';
-import { Checkbox, Label } from '@teable/ui-lib/shadcn';
+import { Checkbox, Label, Button } from '@teable/ui-lib/shadcn';
+import { useTranslation } from 'next-i18next';
 import { useMemo, useState } from 'react';
 
 interface IScopesSelectProps {
@@ -12,6 +13,7 @@ interface IScopesSelectProps {
 
 export const ScopesSelect = (props: IScopesSelectProps) => {
   const { onChange, initValue, actionsPrefixes } = props;
+  const { t } = useTranslation('token');
   const [value, setValue] = useState<Record<Action, boolean>>(() => {
     if (initValue) {
       return initValue.reduce(
@@ -34,6 +36,16 @@ export const ScopesSelect = (props: IScopesSelectProps) => {
     onChange?.(actions);
   };
 
+  const handleSelectAll = (prefix: ActionPrefix, shouldSelect: boolean) => {
+    const actionMap = { ...value };
+    actionPrefixMap[prefix].forEach((action) => {
+      actionMap[action] = shouldSelect;
+    });
+    setValue(actionMap);
+    const actions = Object.keys(actionMap).filter((key) => actionMap[key as Action]);
+    onChange?.(actions);
+  };
+
   const actionsPrefix = useMemo(() => {
     if (actionsPrefixes) {
       return Object.keys(actionPrefixStaticMap).filter((key) =>
@@ -47,9 +59,19 @@ export const ScopesSelect = (props: IScopesSelectProps) => {
     <div className="space-y-3 pl-2">
       {actionsPrefix.map((actionPrefix) => {
         const actions = actionPrefixMap[actionPrefix];
+        const isAllSelected = actions.every((action) => value[action]);
         return (
-          <div key={actionPrefix} className="space-y-1">
-            <Label>{actionPrefixStaticMap[actionPrefix].title}</Label>
+          <div key={actionPrefix} className="group space-y-1">
+            <div className="flex items-center">
+              <Label>{actionPrefixStaticMap[actionPrefix].title}</Label>
+              <Button
+                variant="link"
+                className="invisible h-6 px-2 text-xs text-muted-foreground group-hover:visible"
+                onClick={() => handleSelectAll(actionPrefix, !isAllSelected)}
+              >
+                {isAllSelected ? t('edit.cancelSelectAll') : t('edit.selectAll')}
+              </Button>
+            </div>
             <div className="flex gap-3">
               {actions.map((action) => (
                 <div className="flex items-center gap-1 text-sm" key={action}>

packages/common-i18n/src/locales/en/sdk.json

@@ -256,6 +256,7 @@
       "baseCreate": "Create base",
       "baseDelete": "Delete base",
       "baseRead": "Read base",
+      "baseReadAll": "Read all bases",
       "baseUpdate": "Update base",
       "baseInviteEmail": "Invite via email in base",
       "baseInviteLink": "Invite via link in base",
@@ -290,7 +291,8 @@
       "automationDelete": "Delete automation",
       "automationRead": "Read automation",
       "automationUpdate": "Update automation",
-      "userEmailRead": "Read user email",
+      "userProfileRead": "Read current user profile",
+      "userEmailRead": "Read current user email",
       "recordHistoryRead": "Read record history",
       "baseQuery": "Query base",
       "instanceRead": "Read instance",

packages/common-i18n/src/locales/en/token.json

@@ -16,7 +16,7 @@
   "new": {
     "headerTitle": "Create new token",
     "title": "Personal access tokens are required to use the Teable API.",
-    "description": "This token will grant access to the data in the selected spaces and bases. This token will also allow usage of other, non-space/base API endpoints. Only use this token for your own development. Don’t share it with third-party services and applications.",
+    "description": "This token will grant access to the data in the selected spaces and bases. And other, non-space/base API endpoints. Please only use this token for your own development. Please be cautious when sharing it with third-party services and applications.",
     "button": "Create new token",
     "success": {
       "title": "Token successfully generated",
@@ -31,7 +31,9 @@
   "edit": {
     "title": "Edit token",
     "name": "Name",
-    "scopes": "Scopes"
+    "scopes": "Scopes",
+    "selectAll": "Select all",
+    "cancelSelectAll": "Cancel select all"
   },
   "refresh": {
     "title": "Regenerate personal access token",

packages/common-i18n/src/locales/fr/sdk.json

@@ -243,6 +243,7 @@
       "baseDelete": "Supprimer une base",
       "baseRead": "Lire une base",
       "baseUpdate": "Mettre à jour une base",
+      "baseReadAll": "Lire toutes les bases",
       "baseInviteEmail": "Inviter par email dans la base",
       "baseInviteLink": "Inviter par lien dans la base",
       "baseTableImport": "Importer des données dans la base",
@@ -275,6 +276,7 @@
       "automationDelete": "Supprimer une automatisation",
       "automationRead": "Lire une automatisation",
       "automationUpdate": "Mettre à jour une automatisation",
+      "userProfileRead": "Lire le profil de l'utilisateur",
       "userEmailRead": "Lire l'email de l'utilisateur",
       "recordHistoryRead": "Lire l'historique des enregistrements",
       "baseQuery": "Interroger la base",

packages/common-i18n/src/locales/fr/token.json

@@ -16,7 +16,7 @@
   "new": {
     "headerTitle": "Créer un nouveau jeton",
     "title": "Les jetons d'accès personnel sont nécessaires pour utiliser l'API Teable.",
-    "description": "Ce jeton permettra d'accéder aux données dans les espaces et bases sélectionnés. Ce jeton permettra également d'utiliser d'autres points de terminaison d'API non liés aux espaces/bases. Utilisez ce jeton uniquement pour votre propre développement. Ne le partagez pas avec des services et applications tiers.",
+    "description": "Ce jeton permettra d'accéder aux données dans les espaces et bases sélectionnés. Et d'autres, non liés aux espaces/bases, points de terminaison d'API. Utilisez ce jeton uniquement pour votre propre développement. Soyez prudent lors de son partage avec des services et applications tiers.",
     "button": "Créer un nouveau jeton",
     "success": {
       "title": "Jeton généré avec succès",
@@ -31,7 +31,9 @@
   "edit": {
     "title": "Modifier le jeton",
     "name": "Nom",
-    "scopes": "Périmètres"
+    "scopes": "Périmètres",
+    "selectAll": "Sélectionner tout",
+    "cancelSelectAll": "Annuler la sélection de tout"
   },
   "refresh": {
     "title": "Régénérer le jeton d'accès personnel",