Tests failing but starting to progress.

6 years ago · 2472168477
16 changed files with 124 additions and 204 deletions
--- a/packages/server/src/api/controllers/accesslevel.js
+++ b/packages/server/src/api/controllers/accesslevel.js
@ -1,9 +1,8 @@
 const CouchDB = require("../../db")
+const { BUILTIN_LEVELS } = require("../../utilities/security/accessLevels")
 const {
-  generateAdminPermissions,
-  generatePowerUserPermissions,
-  BUILTIN_LEVELS,
-} = require("../../utilities/security/accessLevels")
+  BUILTIN_PERMISSION_NAMES,
+} = require("../../utilities/security/permissions")
 const {
  generateAccessLevelID,
  getAccessLevelParams,
@ -21,11 +20,11 @@ exports.fetch = async function(ctx) {
  const staticAccessLevels = [
    {
      ...BUILTIN_LEVELS.admin,
-      permissions: await generateAdminPermissions(ctx.user.appId),
+      permissions: [BUILTIN_PERMISSION_NAMES.ADMIN],
    },
    {
      ...BUILTIN_LEVELS.power,
-      permissions: await generatePowerUserPermissions(ctx.user.appId),
+      permissions: [BUILTIN_PERMISSION_NAMES.POWER],
    },
  ]

@ -59,22 +58,13 @@ exports.patch = async function(ctx) {

  if (removedPermissions) {
    level.permissions = level.permissions.filter(
-      p =>
-        !removedPermissions.some(
-          rem => rem.name === p.name && rem.itemId === p.itemId
-        )
+      permission => removedPermissions.indexOf(permission) === -1
    )
  }

  if (addedPermissions) {
    level.permissions = [
-      ...level.permissions.filter(
-        p =>
-          !addedPermissions.some(
-            add => add.name === p.name && add.itemId === p.itemId
-          )
-      ),
-      ...addedPermissions,
+      ...new Set([...addedPermissions, ...level.permissions]),
    ]
  }

--- a/packages/server/src/api/controllers/auth.js
+++ b/packages/server/src/api/controllers/auth.js
@ -34,6 +34,7 @@ exports.authenticate = async ctx => {
      userId: dbUser._id,
      accessLevelId: dbUser.accessLevelId,
      version: app.version,
+      permissions: dbUser.permissions || [],
    }
    // if in cloud add the user api key
    if (env.CLOUD) {
--- a/packages/server/src/api/controllers/routing.js
+++ b/packages/server/src/api/controllers/routing.js
@ -0,0 +1,3 @@
+exports.fetch = async ctx => {
+
+}
--- a/packages/server/src/api/controllers/user.js
+++ b/packages/server/src/api/controllers/user.js
@ -1,9 +1,10 @@
 const CouchDB = require("../../db")
 const bcrypt = require("../../utilities/bcrypt")
 const { generateUserID, getUserParams } = require("../../db/utils")
+const { BUILTIN_LEVEL_IDS } = require("../../utilities/security/accessLevels")
 const {
-  BUILTIN_LEVELS_IDS,
-} = require("../../utilities/security/accessLevels")
+  BUILTIN_PERMISSION_NAMES,
+} = require("../../utilities/security/permissions")

 exports.fetch = async function(ctx) {
  const database = new CouchDB(ctx.user.appId)
@ -17,7 +18,13 @@ exports.fetch = async function(ctx) {

 exports.create = async function(ctx) {
  const db = new CouchDB(ctx.user.appId)
-  const { username, password, name, accessLevelId } = ctx.request.body
+  const {
+    username,
+    password,
+    name,
+    accessLevelId,
+    permissions,
+  } = ctx.request.body

  if (!username || !password) {
    ctx.throw(400, "Username and Password Required.")
@ -34,6 +41,7 @@ exports.create = async function(ctx) {
    name: name || username,
    type: "user",
    accessLevelId,
+    permissions: permissions || [BUILTIN_PERMISSION_NAMES.POWER],
  }

  try {
@ -88,7 +96,7 @@ exports.find = async function(ctx) {

 const checkAccessLevel = async (db, accessLevelId) => {
  if (!accessLevelId) return
-  if (BUILTIN_LEVELS_IDS.indexOf(accessLevelId) !== -1) {
+  if (BUILTIN_LEVEL_IDS.indexOf(accessLevelId) !== -1) {
    return {
      _id: accessLevelId,
      name: accessLevelId,
--- a/packages/server/src/api/index.js
+++ b/packages/server/src/api/index.js
@ -22,6 +22,7 @@ const {
  templatesRoutes,
  analyticsRoutes,
  webhookRoutes,
+  routingRoutes,
 } = require("./routes")

 const router = new Router()
@ -121,6 +122,9 @@ router.use(analyticsRoutes.allowedMethods())
 router.use(staticRoutes.routes())
 router.use(staticRoutes.allowedMethods())

+router.use(routingRoutes.routes())
+router.use(routingRoutes.allowedMethods())
+
 router.redirect("/", "/_builder")

 module.exports = router
--- a/packages/server/src/api/routes/index.js
+++ b/packages/server/src/api/routes/index.js
@ -15,6 +15,7 @@ const deployRoutes = require("./deploy")
 const apiKeysRoutes = require("./apikeys")
 const templatesRoutes = require("./templates")
 const analyticsRoutes = require("./analytics")
+const routingRoutes = require("./routing")

 module.exports = {
  deployRoutes,
@ -34,4 +35,5 @@ module.exports = {
  templatesRoutes,
  analyticsRoutes,
  webhookRoutes,
+  routingRoutes,
 }
--- a/packages/server/src/api/routes/routing.js
+++ b/packages/server/src/api/routes/routing.js
@ -0,0 +1,10 @@
+const Router = require("@koa/router")
+const authorized = require("../../middleware/authorized")
+const { BUILDER } = require("../../utilities/security/permissions")
+const controller = require("../controllers/routing")
+
+const router = Router()
+
+router.post("/api/routing", authorized(BUILDER), controller.fetch)
+
+module.exports = router
--- a/packages/server/src/api/routes/tests/accesslevel.spec.js
+++ b/packages/server/src/api/routes/tests/accesslevel.spec.js
@ -6,11 +6,7 @@ const {
  defaultHeaders
 } = require("./couchTestUtils")
 const {
-  generateAdminPermissions,
-  generatePowerUserPermissions,
  BUILTIN_LEVELS,
-  READ_TABLE,
-  WRITE_TABLE,
 } = require("../../../utilities/security/accessLevels")
 const { BUILTIN_PERMISSION_NAMES } = require("../../../utilities/security/permissions")

@ -76,14 +72,14 @@ describe("/accesslevels", () => {

      const adminLevel = res.body.find(r => r._id === BUILTIN_LEVELS.admin._id)
      expect(adminLevel).toBeDefined()
-      expect(adminLevel.permissions).toEqual(await generateAdminPermissions(appId))
+      expect(adminLevel.permissions).toEqual([BUILTIN_PERMISSION_NAMES.ADMIN])

      const powerUserLevel = res.body.find(r => r._id === BUILTIN_LEVELS.power._id)
      expect(powerUserLevel).toBeDefined()
-      expect(powerUserLevel.permissions).toEqual(await generatePowerUserPermissions(appId))
+      expect(powerUserLevel.permissions).toEqual([BUILTIN_PERMISSION_NAMES.POWER])

      const customLevelFetched = res.body.find(r => r._id === customLevel._id)
-      expect(customLevelFetched.permissions).toEqual(customLevel.permissions)
+      expect(customLevelFetched.permissions).toEqual([BUILTIN_PERMISSION_NAMES.READ_ONLY])
    })
    
  });
@ -126,7 +122,7 @@ describe("/accesslevels", () => {
        .patch(`/api/accesslevels/${customLevel._id}`)
        .send({
          _rev: customLevel._rev,
-          addedPermissions:  [ { itemId: table._id, name: WRITE_TABLE } ] 
+          addedPermissions:  [ BUILTIN_PERMISSION_NAMES.WRITE ]
        })
        .set(defaultHeaders(appId))
        .expect('Content-Type', /json/)
@ -138,8 +134,8 @@ describe("/accesslevels", () => {
        .expect(200) 

      expect(finalRes.body.permissions.length).toBe(2)
-      expect(finalRes.body.permissions.some(p => p.name === WRITE_TABLE)).toBe(true)
-      expect(finalRes.body.permissions.some(p => p.name === READ_TABLE)).toBe(true)
+      expect(finalRes.body.permissions.indexOf(BUILTIN_PERMISSION_NAMES.WRITE)).not.toBe(-1)
+      expect(finalRes.body.permissions.indexOf(BUILTIN_PERMISSION_NAMES.READ_ONLY)).not.toBe(-1)
    })

    it("should remove given permissions", async () => {
@ -147,9 +143,9 @@ describe("/accesslevels", () => {
        .post(`/api/accesslevels`)
        .send({ 
          name: "user", 
-          permissions: [ 
-            { itemId: table._id, name: READ_TABLE },
-            { itemId: table._id, name: WRITE_TABLE },
+          permissions: [
+            BUILTIN_PERMISSION_NAMES.READ_ONLY,
+            BUILTIN_PERMISSION_NAMES.WRITE,
          ] 
        })
        .set(defaultHeaders(appId))
@ -162,7 +158,7 @@ describe("/accesslevels", () => {
        .patch(`/api/accesslevels/${customLevel._id}`)
        .send({
          _rev: customLevel._rev,
-          removedPermissions:  [ { itemId: table._id, name: WRITE_TABLE }] 
+          removedPermissions:  [BUILTIN_PERMISSION_NAMES.WRITE]
        })
        .set(defaultHeaders(appId))
        .expect('Content-Type', /json/)
@ -174,7 +170,7 @@ describe("/accesslevels", () => {
        .expect(200) 

      expect(finalRes.body.permissions.length).toBe(1)
-      expect(finalRes.body.permissions.some(p => p.name === READ_TABLE)).toBe(true)
+      expect(finalRes.body.permissions.indexOf(BUILTIN_PERMISSION_NAMES.READ_ONLY)).not.toBe(-1)
    })
  })
 });
--- a/packages/server/src/api/routes/tests/couchTestUtils.js
+++ b/packages/server/src/api/routes/tests/couchTestUtils.js
@ -1,11 +1,11 @@
 const CouchDB = require("../../../db")
 const supertest = require("supertest")
 const {
-  POWERUSER_LEVEL_ID,
-  ANON_LEVEL_ID,
-  BUILDER_LEVEL_ID,
-  generateAdminPermissions,
+  BUILTIN_LEVELS,
 } = require("../../../utilities/security/accessLevels")
+const {
+  BUILTIN_PERMISSION_NAMES,
+} = require("../../../utilities/security/permissions")
 const packageJson = require("../../../../package")
 const jwt = require("jsonwebtoken")
 const env = require("../../../environment")
@ -26,7 +26,7 @@ exports.supertest = async () => {
 exports.defaultHeaders = appId => {
  const builderUser = {
    userId: "BUILDER",
-    accessLevelId: BUILDER_LEVEL_ID,
+    accessLevelId: BUILTIN_LEVELS.builder._id,
  }

  const builderToken = jwt.sign(builderUser, env.JWT_SECRET)
@ -126,21 +126,13 @@ exports.createUser = async (
      name: "Bill",
      username,
      password,
-      accessLevelId: POWERUSER_LEVEL_ID,
+      accessLevelId: BUILTIN_LEVELS.power._id,
    })
  return res.body
 }

-const createUserWithOnePermission = async (
-  request,
-  appId,
-  permName,
-  itemId
-) => {
-  let permissions = await generateAdminPermissions(appId)
-  permissions = permissions.filter(
-    p => p.name === permName && p.itemId === itemId
-  )
+const createUserWithOnePermission = async (request, appId, permName) => {
+  let permissions = [permName]

  return await createUserWithPermissions(
    request,
@ -151,7 +143,7 @@ const createUserWithOnePermission = async (
 }

 const createUserWithAdminPermissions = async (request, appId) => {
-  let permissions = await generateAdminPermissions(appId)
+  let permissions = [BUILTIN_PERMISSION_NAMES.ADMIN]

  return await createUserWithPermissions(
    request,
@ -164,13 +156,9 @@ const createUserWithAdminPermissions = async (request, appId) => {
 const createUserWithAllPermissionExceptOne = async (
  request,
  appId,
-  permName,
-  itemId
+  permName
 ) => {
-  let permissions = await generateAdminPermissions(appId)
-  permissions = permissions.filter(
-    p => !(p.name === permName && p.itemId === itemId)
-  )
+  let permissions = [permName]

  return await createUserWithPermissions(
    request,
@ -186,11 +174,6 @@ const createUserWithPermissions = async (
  permissions,
  username
 ) => {
-  const accessRes = await request
-    .post(`/api/accesslevels`)
-    .send({ name: "TestLevel", permissions })
-    .set(exports.defaultHeaders(appId))
-
  const password = `password_${username}`
  await request
    .post(`/api/users`)
@ -199,12 +182,13 @@ const createUserWithPermissions = async (
      name: username,
      username,
      password,
-      accessLevelId: accessRes.body._id,
+      accessLevelId: BUILTIN_LEVELS.power._id,
+      permissions,
    })

  const anonUser = {
    userId: "ANON",
-    accessLevelId: ANON_LEVEL_ID,
+    accessLevelId: BUILTIN_LEVELS.anon._id,
    appId: appId,
    version: packageJson.version,
  }
@ -233,13 +217,11 @@ exports.testPermissionsForEndpoint = async ({
  body,
  appId,
  permissionName,
-  itemId,
 }) => {
  const headers = await createUserWithOnePermission(
    request,
    appId,
-    permissionName,
-    itemId
+    permissionName
  )

  await createRequest(request, method, url, body)
@ -249,8 +231,7 @@ exports.testPermissionsForEndpoint = async ({
  const noPermsHeaders = await createUserWithAllPermissionExceptOne(
    request,
    appId,
-    permissionName,
-    itemId
+    permissionName
  )

  await createRequest(request, method, url, body)
--- a/packages/server/src/api/routes/tests/user.spec.js
+++ b/packages/server/src/api/routes/tests/user.spec.js
@ -5,10 +5,11 @@ const {
  createUser,
  testPermissionsForEndpoint,
 } = require("./couchTestUtils")
-const { 
-  POWERUSER_LEVEL_ID, 
-  LIST_USERS, 
-  USER_MANAGEMENT 
+const {
+  BUILTIN_PERMISSION_NAMES,
+} = require("../../../utilities/security/permissions")
+const {
+  BUILTIN_LEVELS
 } = require("../../../utilities/security/accessLevels")

 describe("/users", () => {
@ -53,7 +54,7 @@ describe("/users", () => {
        method: "GET",
        url: `/api/users`,
        appId: appId,
-        permissionName: LIST_USERS,
+        permissionName: BUILTIN_PERMISSION_NAMES.WRITE,
      })
    })

@ -65,7 +66,7 @@ describe("/users", () => {
      const res = await request
        .post(`/api/users`)
        .set(defaultHeaders(appId))
-        .send({ name: "Bill", username: "bill", password: "bills_password", accessLevelId: POWERUSER_LEVEL_ID })
+        .send({ name: "Bill", username: "bill", password: "bills_password", accessLevelId: BUILTIN_LEVELS.power._id })
        .expect(200)
        .expect('Content-Type', /json/)

@ -77,10 +78,10 @@ describe("/users", () => {
      await testPermissionsForEndpoint({
        request,
        method: "POST",
-        body: { name: "brandNewUser", username: "brandNewUser", password: "yeeooo", accessLevelId: POWERUSER_LEVEL_ID },
+        body: { name: "brandNewUser", username: "brandNewUser", password: "yeeooo", accessLevelId: BUILTIN_LEVELS.power._id },
        url: `/api/users`,
        appId: appId,
-        permissionName: USER_MANAGEMENT,
+        permissionName: BUILTIN_PERMISSION_NAMES.WRITE,
      })
    })

--- a/packages/server/src/automations/steps/createUser.js
+++ b/packages/server/src/automations/steps/createUser.js
@ -11,7 +11,7 @@ module.exports.definition = {
  type: "ACTION",
  stepId: "CREATE_USER",
  inputs: {
-    accessLevelId: accessLevels.POWERUSER_LEVEL_ID,
+    accessLevelId: accessLevels.BUILTIN_LEVELS.power._id,
  },
  schema: {
    inputs: {
@ -29,7 +29,7 @@ module.exports.definition = {
          type: "string",
          title: "Access Level",
          enum: accessLevels.BUILTIN_LEVELS,
-          pretty: Object.values(accessLevels.PRETTY_ACCESS_LEVELS),
+          pretty: accessLevels.BUILTIN_LEVEL_NAMES,
        },
      },
      required: ["username", "password", "accessLevelId"],
--- a/packages/server/src/middleware/authorized.js
+++ b/packages/server/src/middleware/authorized.js
@ -1,5 +1,8 @@
 const { BUILTIN_LEVELS } = require("../utilities/security/accessLevels")
-const { PermissionTypes } = require("../utilities/security/permissions")
+const {
+  PermissionTypes,
+  doesHavePermission,
+} = require("../utilities/security/permissions")
 const env = require("../environment")
 const { apiKeyTable } = require("../db/dynamoClient")
 const { AuthTypes } = require("../constants")
@ -44,18 +47,21 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => {
    ctx.throw(403, "User not found")
  }

-  if (ADMIN_PERMS.indexOf(ctx.user.accessLevel._id) !== -1) {
+  const accessLevel = ctx.user.accessLevel
+  const permissions = ctx.user.permissions
+  if (ADMIN_PERMS.indexOf(accessLevel._id) !== -1) {
    return next()
  }

+  // TODO: need to handle routing security
+
  if (permType === PermissionTypes.BUILDER) {
    ctx.throw(403, "Not Authorized")
-    return
  }

-  // TODO: Replace the old permissions system here, check whether
-  // user has permission to use endpoint they are trying to access
-  return next()
+  if (!doesHavePermission(permType, permLevel, permissions)) {
+    ctx.throw(403, "User does not have permission")
+  }

-  //ctx.throw(403, "Not Authorized")
+  return next()
 }
--- a/packages/server/src/utilities/builder/setBuilderToken.js
+++ b/packages/server/src/utilities/builder/setBuilderToken.js
@ -1,4 +1,5 @@
-const { BUILDER_LEVEL_ID } = require("../security/accessLevels")
+const { BUILTIN_LEVELS } = require("../security/accessLevels")
+const { BUILTIN_PERMISSION_NAMES } = require("../security/permissions")
 const env = require("../../environment")
 const CouchDB = require("../../db")
 const jwt = require("jsonwebtoken")
@ -9,7 +10,8 @@ const APP_PREFIX = DocumentTypes.APP + SEPARATOR
 module.exports = async (ctx, appId, version) => {
  const builderUser = {
    userId: "BUILDER",
-    accessLevelId: BUILDER_LEVEL_ID,
+    accessLevelId: BUILTIN_LEVELS.builder._id,
+    permissions: [BUILTIN_PERMISSION_NAMES.ADMIN],
    version,
  }
  if (env.BUDIBASE_API_KEY) {
--- a/packages/server/src/utilities/permissions.js
+++ b/packages/server/src/utilities/permissions.js
@ -1,66 +0,0 @@
-const viewController = require("../api/controllers/view")
-const tableController = require("../api/controllers/table")
-const automationController = require("../api/controllers/automation")
-const accessLevels = require("./security/accessLevels")
-
-// this has been broken out to reduce risk of circular dependency from utilities, no enums defined here
-const generateAdminPermissions = async appId => [
-  ...accessLevels.adminPermissions,
-  ...(await generatePowerUserPermissions(appId)),
-]
-
-const generatePowerUserPermissions = async appId => {
-  const fetchTablesCtx = {
-    user: {
-      appId,
-    },
-  }
-  await tableController.fetch(fetchTablesCtx)
-  const tables = fetchTablesCtx.body
-
-  const fetchViewsCtx = {
-    user: {
-      appId,
-    },
-  }
-  await viewController.fetch(fetchViewsCtx)
-  const views = fetchViewsCtx.body
-
-  const fetchAutomationsCtx = {
-    user: {
-      appId,
-    },
-  }
-  await automationController.fetch(fetchAutomationsCtx)
-  const automations = fetchAutomationsCtx.body
-
-  const readTablePermissions = tables.map(m => ({
-    itemId: m._id,
-    name: accessLevels.READ_TABLE,
-  }))
-
-  const writeTablePermissions = tables.map(m => ({
-    itemId: m._id,
-    name: accessLevels.WRITE_TABLE,
-  }))
-
-  const viewPermissions = views.map(v => ({
-    itemId: v.name,
-    name: accessLevels.READ_VIEW,
-  }))
-
-  const executeAutomationPermissions = automations.map(w => ({
-    itemId: w._id,
-    name: accessLevels.EXECUTE_AUTOMATION,
-  }))
-
-  return [
-    ...readTablePermissions,
-    ...writeTablePermissions,
-    ...viewPermissions,
-    ...executeAutomationPermissions,
-    { name: accessLevels.LIST_USERS },
-  ]
-}
-module.exports.generateAdminPermissions = generateAdminPermissions
-module.exports.generatePowerUserPermissions = generatePowerUserPermissions
--- a/packages/server/src/utilities/security/accessLevels.js
+++ b/packages/server/src/utilities/security/accessLevels.js
@ -1,44 +1,14 @@
-const { DocumentTypes, SEPARATOR } = require("../../db/utils")
-
-function makeAccessLevelId(baseId) {
-  return `${DocumentTypes.ACCESS_LEVEL}${SEPARATOR}${baseId}`
-}
-
-// Permissions
-exports.READ_TABLE = "read-table"
-exports.WRITE_TABLE = "write-table"
-exports.READ_VIEW = "read-view"
-exports.EXECUTE_AUTOMATION = "execute-automation"
-exports.EXECUTE_WEBHOOK = "execute-webhook"
-exports.USER_MANAGEMENT = "user-management"
-exports.BUILDER = "builder"
-exports.LIST_USERS = "list-users"
-// Access Level IDs
-exports.ADMIN_LEVEL_ID = "ADMIN"
-exports.POWERUSER_LEVEL_ID = "POWER_USER"
-exports.BUILDER_LEVEL_ID = "BUILDER"
-exports.ANON_LEVEL_ID = "ANON"
 exports.BUILTIN_LEVELS = {
-  admin: { _id: makeAccessLevelId("ADMIN"), name: "Admin" },
-  power: { _id: makeAccessLevelId("POWER_USER"), name: "Power user" },
-  builder: { _id: makeAccessLevelId("BUILDER"), name: "Builder" },
-  anon: { _id: makeAccessLevelId("ANON"), name: "Anonymous" },
+  admin: { _id: "ADMIN", name: "Admin" },
+  power: { _id: "POWER_USER", name: "Power user" },
+  builder: { _id: "BUILDER", name: "Builder" },
+  anon: { _id: "ANON", name: "Anonymous" },
 }
+
 exports.BUILTIN_LEVEL_IDS = Object.values(exports.BUILTIN_LEVELS).map(
  level => level._id
 )
-exports.PRETTY_ACCESS_LEVELS = {
-  [exports.ADMIN_LEVEL_ID]: "Admin",
-  [exports.POWERUSER_LEVEL_ID]: "Power user",
-  [exports.BUILDER_LEVEL_ID]: "Builder",
-}
-exports.adminPermissions = [
-  {
-    name: exports.USER_MANAGEMENT,
-  },
-]

-// to avoid circular dependencies this is included later, after exporting all enums
-const permissions = require("../permissions")
-exports.generateAdminPermissions = permissions.generateAdminPermissions
-exports.generatePowerUserPermissions = permissions.generatePowerUserPermissions
+exports.BUILTIN_LEVEL_NAMES = Object.values(exports.BUILTIN_LEVELS).map(
+  level => level.name
+)
--- a/packages/server/src/utilities/security/permissions.js
+++ b/packages/server/src/utilities/security/permissions.js
@ -1,14 +1,5 @@
 const { flatten } = require("lodash")

-exports.READ_TABLE = "read-table"
-exports.WRITE_TABLE = "write-table"
-exports.READ_VIEW = "read-view"
-exports.EXECUTE_AUTOMATION = "execute-automation"
-exports.EXECUTE_WEBHOOK = "execute-webhook"
-exports.USER_MANAGEMENT = "user-management"
-exports.BUILDER = "builder"
-exports.LIST_USERS = "list-users"
-
 const PermissionLevels = {
  READ: "read",
  WRITE: "write",
@ -54,10 +45,11 @@ function getAllowedLevels(userPermLevel) {
  }
 }

-// TODO: need to expand on this
 exports.BUILTIN_PERMISSION_NAMES = {
  READ_ONLY: "read_only",
  WRITE: "write",
+  ADMIN: "admin",
+  POWER: "power",
 }

 exports.BUILTIN_PERMISSIONS = {
@ -75,6 +67,26 @@ exports.BUILTIN_PERMISSIONS = {
      new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
    ],
  },
+  POWER: {
+    name: exports.BUILTIN_PERMISSION_NAMES.POWER,
+    permissions: [
+      new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE),
+      new Permission(PermissionTypes.USER, PermissionLevels.READ),
+      new Permission(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
+      new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
+      new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
+    ],
+  },
+  ADMIN: {
+    name: exports.BUILTIN_PERMISSION_NAMES.ADMIN,
+    permissions: [
+      new Permission(PermissionTypes.TABLE, PermissionLevels.ADMIN),
+      new Permission(PermissionTypes.USER, PermissionLevels.ADMIN),
+      new Permission(PermissionTypes.AUTOMATION, PermissionLevels.ADMIN),
+      new Permission(PermissionTypes.VIEW, PermissionLevels.ADMIN),
+      new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
+    ],
+  },
 }

 exports.doesHavePermission = (permType, permLevel, userPermissionNames) => {