add securable settings (#22936) (#23141)

* wip * Update typings * nullable * update test service * support securables * updata test data * fix issues * fix build failure * update test mocks * fix typo * fix reference * fix findobjectdialog issue * update SearchResultItem type * fix table component perf issue * hide effective permission for server role * hide effective permission for app role and db role * vbump sts and fix a couple issues * STS update and UI update * fix user login display issue * vbump sts
microsoft · May 15, 2023 · e2949d4 · e2949d4
1 parent b6bd726
commit e2949d4
Show file tree

Hide file tree

Showing 21 changed files with 693 additions and 178 deletions.
diff --git a/extensions/dacpac/src/test/testContext.ts b/extensions/dacpac/src/test/testContext.ts
@@ -199,7 +199,8 @@ export function createViewContext(): ViewTestContext {
 		data: [] as any[][],
 		columns: [] as string[],
 		onRowSelected: onClick.event,
-		appendData: (data: any[][]) => undefined,
+		appendData: (_data: any[][]) => undefined,
+		setActiveCell: (_row: number, _column: number) => undefined
 	});
 
 	let loadingComponent: () => azdata.LoadingComponent = () => Object.assign({}, componentBase, {

diff --git a/extensions/datavirtualization/src/test/stubs.ts b/extensions/datavirtualization/src/test/stubs.ts
@@ -301,6 +301,9 @@ export class MockTableComponent extends MockUIComponent implements azdata.TableC
 	appendData(data: any[][]): Thenable<void> {
 		throw new Error('Method not implemented.');
 	}
+	setActiveCell(row: number, column: number): void {
+		throw new Error('Method not implemented.');
+	}
 }
 
 export class MockDeclarativeTableComponent extends MockUIComponent implements azdata.DeclarativeTableComponent {

diff --git a/extensions/mssql/config.json b/extensions/mssql/config.json
@@ -1,6 +1,6 @@
 {
 	"downloadUrl": "https://github.com/Microsoft/sqltoolsservice/releases/download/{#version#}/microsoft.sqltools.servicelayer-{#fileName#}",
-	"version": "4.7.1.2",
+	"version": "4.7.1.3",
 	"downloadFileNames": {
 		"Windows_86": "win-x86-net7.0.zip",
 		"Windows_64": "win-x64-net7.0.zip",

diff --git a/extensions/mssql/src/mssql.d.ts b/extensions/mssql/src/mssql.d.ts
@@ -917,7 +917,14 @@ declare module 'mssql' {
 		}
 
 		/**
-		 * Base interface for the object view information
+		 * Base interface for all the security principal objects. e.g. Login, Server Role, Database Role...
+		 */
+		export interface SecurityPrincipalObject extends SqlObject {
+			securablePermissions: SecurablePermissions[];
+		}
+
+		/**
+		 * Base interface for the object view information.
 		 */
 		export interface ObjectViewInfo<T extends SqlObject> {
 			/**
@@ -926,10 +933,52 @@ declare module 'mssql' {
 			objectInfo: T;
 		}
 
+		/**
+		 * Securable type metadata.
+		 */
+		export interface SecurableTypeMetadata {
+			/**
+			 * Name of the securable type.
+			 */
+			name: string;
+			/**
+			 * Display name of the securable type.
+			 */
+			displayName: string;
+			/**
+			 * Permissions supported by the securable type.
+			 */
+			permissions: PermissionMetadata[];
+		}
+
+		/**
+		 * Permission metadata.
+		 */
+		export interface PermissionMetadata {
+			/**
+			 * Name of the permission.
+			 */
+			name: string;
+			/**
+			 * Display name of the permission.
+			 */
+			displayName: string;
+		}
+
+		/**
+		 * Base interface for security principal object's view information.
+		 */
+		export interface SecurityPrincipalViewInfo<T extends SecurityPrincipalObject> extends ObjectViewInfo<T> {
+			/**
+			 * The securable types that the security principal object can be granted permissions on.
+			 */
+			supportedSecurableTypes: SecurableTypeMetadata[];
+		}
+
 		/**
 		 * Server level login.
 		 */
-		export interface Login extends SqlObject {
+		export interface Login extends SecurityPrincipalObject {
 			/**
 			 * Authentication type.
 			 */
@@ -1025,7 +1074,7 @@ declare module 'mssql' {
 		/**
 		 * The information required to render the login view.
 		 */
-		export interface LoginViewInfo extends ObjectViewInfo<Login> {
+		export interface LoginViewInfo extends SecurityPrincipalViewInfo<Login> {
 			/**
 			 * The authentication types supported by the server.
 			 */
@@ -1062,34 +1111,50 @@ declare module 'mssql' {
 		/**
 		 * The permission information a principal has on a securable.
 		 */
-		export interface Permission {
+		export interface SecurablePermissionItem {
 			/**
-			 * Name of the permission.
+			 * name of the permission.
 			 */
-			name: string;
+			permission: string;
+			/**
+			 * Name of the grantor.
+			 */
+			grantor: string;
 			/**
-			 * Whether the permission is granted or denied.
+			 * Whether the permission is granted or denied. Undefined means not specified.
 			 */
-			grant: boolean;
+			grant?: boolean;
 			/**
 			 * Whether the pincipal can grant this permission to other principals.
 			 * The value will be ignored if the grant property is set to false.
 			 */
-			withGrant: boolean;
+			withGrant?: boolean;
 		}
 
 		/**
 		 * The permissions a principal has over a securable.
 		 */
 		export interface SecurablePermissions {
 			/**
-			 * The securable.
+			 * The securable name.
+			 */
+			name: string;
+			/**
+			 * The securable type.
+			 */
+			type: string;
+			/**
+			 * The schema name of the object if applicable.
+			 */
+			schema?: string;
+			/**
+			 * The permissions.
 			 */
-			securable: SqlObject;
+			permissions: SecurablePermissionItem[];
 			/**
-			 * The Permissions.
+			 * The effective permissions. Includes all permissions granted to the principal, including those granted through role memberships.
 			 */
-			permissions: Permission[];
+			effectivePermissions: string[];
 		}
 
 		/**
@@ -1135,7 +1200,7 @@ declare module 'mssql' {
 		/**
 		 * Database user.
 		 */
-		export interface User extends SqlObject {
+		export interface User extends SecurityPrincipalObject {
 			/**
 			 * Type of the user.
 			 */
@@ -1172,7 +1237,7 @@ declare module 'mssql' {
 		/**
 		 * The information required to render the user view.
 		 */
-		export interface UserViewInfo extends ObjectViewInfo<User> {
+		export interface UserViewInfo extends SecurityPrincipalViewInfo<User> {
 			/**
 			 * All user types supported by the database.
 			 */
@@ -1198,7 +1263,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the server role object.
 		 */
-		export interface ServerRoleInfo extends SqlObject {
+		export interface ServerRoleInfo extends SecurityPrincipalObject {
 			/**
 			 * Name of the server principal that owns the server role.
 			 */
@@ -1216,7 +1281,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the information required to render the server role view.
 		 */
-		export interface ServerRoleViewInfo extends ObjectViewInfo<ServerRoleInfo> {
+		export interface ServerRoleViewInfo extends SecurityPrincipalViewInfo<ServerRoleInfo> {
 			/**
 			 * Whether the server role is a fixed role.
 			 */
@@ -1230,7 +1295,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the application role object.
 		 */
-		export interface ApplicationRoleInfo extends SqlObject {
+		export interface ApplicationRoleInfo extends SecurityPrincipalObject {
 			/**
 			 * Default schema of the application role.
 			 */
@@ -1248,7 +1313,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the information required to render the application role view.
 		 */
-		export interface ApplicationRoleViewInfo extends ObjectViewInfo<ApplicationRoleInfo> {
+		export interface ApplicationRoleViewInfo extends SecurityPrincipalViewInfo<ApplicationRoleInfo> {
 			/**
 			 * List of all the schemas in the database.
 			 */
@@ -1258,7 +1323,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the database role object.
 		 */
-		export interface DatabaseRoleInfo extends SqlObject {
+		export interface DatabaseRoleInfo extends SecurityPrincipalObject {
 			/**
 			 * Name of the database principal that owns the database role.
 			 */
@@ -1276,7 +1341,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the information required to render the database role view.
 		 */
-		export interface DatabaseRoleViewInfo extends ObjectViewInfo<DatabaseRoleInfo> {
+		export interface DatabaseRoleViewInfo extends SecurityPrincipalViewInfo<DatabaseRoleInfo> {
 			/**
 			 * List of all the schemas in the database.
 			 */
@@ -1294,7 +1359,7 @@ declare module 'mssql' {
 			/**
 			 * type of the object.
 			 */
-			type: NodeType;
+			type: string;
 			/**
 			 * schema of the object.
 			 */
@@ -1369,7 +1434,7 @@ declare module 'mssql' {
 		 * @param searchText Search text.
 		 * @param schema Schema to search in.
 		 */
-		search(contextId: string, objectTypes: ObjectManagement.NodeType[], searchText?: string, schema?: string): Thenable<ObjectManagement.SearchResultItem[]>;
+		search(contextId: string, objectTypes: string[], searchText?: string, schema?: string): Thenable<ObjectManagement.SearchResultItem[]>;
 	}
 	// Object Management - End.
 }
diff --git a/extensions/mssql/src/objectManagement/localizedConstants.ts b/extensions/mssql/src/objectManagement/localizedConstants.ts
@@ -30,9 +30,22 @@ export const RenameObjectDialogTitle: string = localize('objectManagement.rename
 export const OwnerText: string = localize('objectManagement.ownerText', "Owner");
 export const BrowseText = localize('objectManagement.browseText', "Browse…");
 export const BrowseOwnerButtonAriaLabel = localize('objectManagement.browseForOwnerText', "Browse for an owner");
-export const AddMemberAriaLabel = localize('objectManagement.addMemberText', "Add a member");
+export const AddMemberAriaLabel = localize('objectManagement.addMembersText', "Add members");
 export const RemoveMemberAriaLabel = localize('objectManagement.removeMemberText', "Remove selected member");
+export const AddSecurableAriaLabel = localize('objectManagement.addSecurablesText', "Add securables");
+export const RemoveSecurableAriaLabel = localize('objectManagement.removeSecurablesText', "Remove selected securable");
+export const SecurablesText = localize('objectManagement.securablesText', "Securables");
+export const ExplicitPermissionsTableLabel = localize('objectManagement.explicitPermissionsTableLabel', "Explicit permissions for selected securable");
+export const EffectivePermissionsTableLabel = localize('objectManagement.effectivePermissionsTableLabel', "Effective permissions for selected securable");
+export const PermissionColumnHeader = localize('objectManagement.permissionColumnHeader', "Permission");
+export const GrantorColumnHeader = localize('objectManagement.grantorColumnHeader', "Grantor");
+export const GrantColumnHeader = localize('objectManagement.grantColumnHeader', "Grant");
+export const WithGrantColumnHeader = localize('objectManagement.withGrantColumnHeader', "With Grant");
+export const DenyColumnHeader = localize('objectManagement.denyColumnHeader', "Deny");
+export const SelectSecurablesDialogTitle = localize('objectManagement.selectSecurablesDialogTitle', "Select Securables");
 
+export function ExplicitPermissionsTableLabelSelected(name: string): string { return localize('objectManagement.explicitPermissionsTableLabelSelected', "Explicit permissions for: {0}", name); }
+export function EffectivePermissionsTableLabelSelected(name: string): string { return localize('objectManagement.effectivePermissionsTableLabelSelected', "Effective permissions for: {0}", name); }
 
 export function RefreshObjectExplorerError(error: string): string {
 	return localize({
@@ -133,12 +146,15 @@ export const LoginNotSelectedError = localize('objectManagement.loginNotSelected
 export const MembershipSectionHeader = localize('objectManagement.membershipLabel', "Membership");
 export const MemberSectionHeader = localize('objectManagement.membersLabel', "Members");
 export const SchemaText = localize('objectManagement.schemaLabel', "Schema");
+
+// Database
 export const DatabaseExistsError = (dbName: string) => localize('objectManagement.databaseExistsError', "Database '{0}' already exists. Choose a different database name.", dbName);
 export const CollationText = localize('objectManagement.collationLabel', "Collation");
 export const RecoveryModelText = localize('objectManagement.recoveryModelLabel', "Recovery Model");
 export const CompatibilityLevelText = localize('objectManagement.compatibilityLevelLabel', "Compatibility Level");
 export const ContainmentTypeText = localize('objectManagement.containmentTypeLabel', "Containment Type");
 
+
 // Login
 export const BlankPasswordConfirmationText: string = localize('objectManagement.blankPasswordConfirmation', "Creating a login with a blank password is a security risk.  Are you sure you want to continue?");
 export const DeleteLoginConfirmationText: string = localize('objectManagement.deleteLoginConfirmation', "Deleting server logins does not delete the database users associated with the logins. To complete the process, delete the users in each database. It may be necessary to first transfer the ownership of schemas to new users.");