add securable settings (#22936)

* wip * Update typings * nullable * update test service * support securables * updata test data * fix issues * fix build failure * update test mocks * fix typo * fix reference * fix findobjectdialog issue * update SearchResultItem type * fix table component perf issue * hide effective permission for server role * hide effective permission for app role and db role * vbump sts and fix a couple issues * STS update and UI update * fix user login display issue * vbump sts
2026-03-19 11:31:40 -04:00 · 2023-05-15 15:01:57 -07:00
parent 25318a648e
commit b56f2ccb60
21 changed files with 693 additions and 178 deletions
--- a/extensions/mssql/src/mssql.d.ts
+++ b/extensions/mssql/src/mssql.d.ts
@@ -917,7 +917,14 @@ declare module 'mssql' {
 		}

 		/**
-		 * Base interface for the object view information
+		 * Base interface for all the security principal objects. e.g. Login, Server Role, Database Role...
+		 */
+		export interface SecurityPrincipalObject extends SqlObject {
+			securablePermissions: SecurablePermissions[];
+		}
+
+		/**
+		 * Base interface for the object view information.
 		 */
 		export interface ObjectViewInfo<T extends SqlObject> {
 			/**
@@ -926,10 +933,52 @@ declare module 'mssql' {
 			objectInfo: T;
 		}

+		/**
+		 * Securable type metadata.
+		 */
+		export interface SecurableTypeMetadata {
+			/**
+			 * Name of the securable type.
+			 */
+			name: string;
+			/**
+			 * Display name of the securable type.
+			 */
+			displayName: string;
+			/**
+			 * Permissions supported by the securable type.
+			 */
+			permissions: PermissionMetadata[];
+		}
+
+		/**
+		 * Permission metadata.
+		 */
+		export interface PermissionMetadata {
+			/**
+			 * Name of the permission.
+			 */
+			name: string;
+			/**
+			 * Display name of the permission.
+			 */
+			displayName: string;
+		}
+
+		/**
+		 * Base interface for security principal object's view information.
+		 */
+		export interface SecurityPrincipalViewInfo<T extends SecurityPrincipalObject> extends ObjectViewInfo<T> {
+			/**
+			 * The securable types that the security principal object can be granted permissions on.
+			 */
+			supportedSecurableTypes: SecurableTypeMetadata[];
+		}
+
 		/**
 		 * Server level login.
 		 */
-		export interface Login extends SqlObject {
+		export interface Login extends SecurityPrincipalObject {
 			/**
 			 * Authentication type.
 			 */
@@ -1025,7 +1074,7 @@ declare module 'mssql' {
 		/**
 		 * The information required to render the login view.
 		 */
-		export interface LoginViewInfo extends ObjectViewInfo<Login> {
+		export interface LoginViewInfo extends SecurityPrincipalViewInfo<Login> {
 			/**
 			 * The authentication types supported by the server.
 			 */
@@ -1062,20 +1111,24 @@ declare module 'mssql' {
 		/**
 		 * The permission information a principal has on a securable.
 		 */
-		export interface Permission {
+		export interface SecurablePermissionItem {
 			/**
-			 * Name of the permission.
+			 * name of the permission.
 			 */
-			name: string;
+			permission: string;
 			/**
-			 * Whether the permission is granted or denied.
+			 * Name of the grantor.
 			 */
-			grant: boolean;
+			grantor: string;
+			/**
+			 * Whether the permission is granted or denied. Undefined means not specified.
+			 */
+			grant?: boolean;
 			/**
 			 * Whether the pincipal can grant this permission to other principals.
 			 * The value will be ignored if the grant property is set to false.
 			 */
-			withGrant: boolean;
+			withGrant?: boolean;
 		}

 		/**
@@ -1083,13 +1136,25 @@ declare module 'mssql' {
 		 */
 		export interface SecurablePermissions {
 			/**
-			 * The securable.
+			 * The securable name.
 			 */
-			securable: SqlObject;
+			name: string;
 			/**
-			 * The Permissions.
+			 * The securable type.
 			 */
-			permissions: Permission[];
+			type: string;
+			/**
+			 * The schema name of the object if applicable.
+			 */
+			schema?: string;
+			/**
+			 * The permissions.
+			 */
+			permissions: SecurablePermissionItem[];
+			/**
+			 * The effective permissions. Includes all permissions granted to the principal, including those granted through role memberships.
+			 */
+			effectivePermissions: string[];
 		}

 		/**
@@ -1135,7 +1200,7 @@ declare module 'mssql' {
 		/**
 		 * Database user.
 		 */
-		export interface User extends SqlObject {
+		export interface User extends SecurityPrincipalObject {
 			/**
 			 * Type of the user.
 			 */
@@ -1172,7 +1237,7 @@ declare module 'mssql' {
 		/**
 		 * The information required to render the user view.
 		 */
-		export interface UserViewInfo extends ObjectViewInfo<User> {
+		export interface UserViewInfo extends SecurityPrincipalViewInfo<User> {
 			/**
 			 * All user types supported by the database.
 			 */
@@ -1198,7 +1263,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the server role object.
 		 */
-		export interface ServerRoleInfo extends SqlObject {
+		export interface ServerRoleInfo extends SecurityPrincipalObject {
 			/**
 			 * Name of the server principal that owns the server role.
 			 */
@@ -1216,7 +1281,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the information required to render the server role view.
 		 */
-		export interface ServerRoleViewInfo extends ObjectViewInfo<ServerRoleInfo> {
+		export interface ServerRoleViewInfo extends SecurityPrincipalViewInfo<ServerRoleInfo> {
 			/**
 			 * Whether the server role is a fixed role.
 			 */
@@ -1230,7 +1295,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the application role object.
 		 */
-		export interface ApplicationRoleInfo extends SqlObject {
+		export interface ApplicationRoleInfo extends SecurityPrincipalObject {
 			/**
 			 * Default schema of the application role.
 			 */
@@ -1248,7 +1313,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the information required to render the application role view.
 		 */
-		export interface ApplicationRoleViewInfo extends ObjectViewInfo<ApplicationRoleInfo> {
+		export interface ApplicationRoleViewInfo extends SecurityPrincipalViewInfo<ApplicationRoleInfo> {
 			/**
 			 * List of all the schemas in the database.
 			 */
@@ -1258,7 +1323,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the database role object.
 		 */
-		export interface DatabaseRoleInfo extends SqlObject {
+		export interface DatabaseRoleInfo extends SecurityPrincipalObject {
 			/**
 			 * Name of the database principal that owns the database role.
 			 */
@@ -1276,7 +1341,7 @@ declare module 'mssql' {
 		/**
 		 * Interface representing the information required to render the database role view.
 		 */
-		export interface DatabaseRoleViewInfo extends ObjectViewInfo<DatabaseRoleInfo> {
+		export interface DatabaseRoleViewInfo extends SecurityPrincipalViewInfo<DatabaseRoleInfo> {
 			/**
 			 * List of all the schemas in the database.
 			 */
@@ -1294,7 +1359,7 @@ declare module 'mssql' {
 			/**
 			 * type of the object.
 			 */
-			type: NodeType;
+			type: string;
 			/**
 			 * schema of the object.
 			 */
@@ -1369,7 +1434,7 @@ declare module 'mssql' {
 		 * @param searchText Search text.
 		 * @param schema Schema to search in.
 		 */
-		search(contextId: string, objectTypes: ObjectManagement.NodeType[], searchText?: string, schema?: string): Thenable<ObjectManagement.SearchResultItem[]>;
+		search(contextId: string, objectTypes: string[], searchText?: string, schema?: string): Thenable<ObjectManagement.SearchResultItem[]>;
 	}
 	// Object Management - End.
 }