budibase/packages/server/src/api/controllers/user.js

const CouchDB = require("../../db")
const bcrypt = require("../../utilities/bcrypt")
const { generateUserID, getUserParams, ViewNames } = require("../../db/utils")
const {
  BUILTIN_LEVEL_ID_ARRAY,
} = require("../../utilities/security/accessLevels")
const {
  BUILTIN_PERMISSION_NAMES,
} = require("../../utilities/security/permissions")

exports.fetch = async function(ctx) {
  const database = new CouchDB(ctx.user.appId)
  const data = await database.allDocs(
    getUserParams(null, {
      include_docs: true,
    })
  )
  ctx.body = data.rows.map(row => row.doc)
}

exports.create = async function(ctx) {
  const db = new CouchDB(ctx.user.appId)
  const {
    username,
    password,
    name,
    accessLevelId,
    permissions,
  } = ctx.request.body

  if (!username || !password) {
    ctx.throw(400, "Username and Password Required.")
  }

  const accessLevel = await checkAccessLevel(db, accessLevelId)

  if (!accessLevel) ctx.throw(400, "Invalid Access Level")

  const user = {
    _id: generateUserID(username),
    username,
    password: await bcrypt.hash(password),
    name: name || username,
    type: "user",
    accessLevelId,
    permissions: permissions || [BUILTIN_PERMISSION_NAMES.POWER],
    tableId: ViewNames.USERS,
  }

  try {
    const response = await db.post(user)
    ctx.status = 200
    ctx.message = "User created successfully."
    ctx.userId = response._id
    ctx.body = {
      _rev: response.rev,
      username,
      name,
    }
  } catch (err) {
    if (err.status === 409) {
      ctx.throw(400, "User exists already")
    } else {
      ctx.throw(err.status, err)
    }
  }
}

exports.update = async function(ctx) {
  const db = new CouchDB(ctx.user.appId)
  const user = ctx.request.body
  const dbUser = db.get(ctx.request.body._id)
  const newData = { ...dbUser, ...user }

  const response = await db.put(newData)
  user._rev = response.rev

  ctx.status = 200
  ctx.message = `User ${ctx.request.body.username} updated successfully.`
  ctx.body = response
}

exports.destroy = async function(ctx) {
  const database = new CouchDB(ctx.user.appId)
  await database.destroy(generateUserID(ctx.params.username))
  ctx.message = `User ${ctx.params.username} deleted.`
  ctx.status = 200
}

exports.find = async function(ctx) {
  const database = new CouchDB(ctx.user.appId)
  const user = await database.get(generateUserID(ctx.params.username))
  ctx.body = {
    username: user.username,
    name: user.name,
    _rev: user._rev,
  }
}

const checkAccessLevel = async (db, accessLevelId) => {
  if (!accessLevelId) return
  if (BUILTIN_LEVEL_ID_ARRAY.indexOf(accessLevelId) !== -1) {
    return {
      _id: accessLevelId,
      name: accessLevelId,
      permissions: [],
    }
  }
  return await db.get(accessLevelId)
}
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`const CouchDB = require("../../db")`
			`const bcrypt = require("../../utilities/bcrypt")`
user table and relationships complete 2020-11-24 15:04:14 +01:00			`const { generateUserID, getUserParams, ViewNames } = require("../../db/utils")`
Large update, tests passing, have simplifed access level API, access levels and permissions are now totally separate. 2020-11-13 16:35:20 +01:00			`const {`
			`BUILTIN_LEVEL_ID_ARRAY,`
			`} = require("../../utilities/security/accessLevels")`
auth, first version, needing tested 2020-05-21 15:31:23 +02:00			`const {`
Tests failing but starting to progress. 2020-11-12 18:06:55 +01:00			`BUILTIN_PERMISSION_NAMES,`
			`} = require("../../utilities/security/permissions")`
added more endpoints 2020-04-07 18:25:09 +02:00
lint fix 2020-06-29 15:56:41 +02:00			`exports.fetch = async function(ctx) {`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 11:28:27 +01:00			`const database = new CouchDB(ctx.user.appId)`
Adding jsdoc to the db utils and removing the views, this is a breaking change for existing apps. 2020-10-02 13:37:46 +02:00			`const data = await database.allDocs(`
			`getUserParams(null, {`
			`include_docs: true,`
			`})`
			`)`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`ctx.body = data.rows.map(row => row.doc)`
			`}`
added more endpoints 2020-04-07 18:25:09 +02:00
lint fix 2020-06-29 15:56:41 +02:00			`exports.create = async function(ctx) {`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 11:28:27 +01:00			`const db = new CouchDB(ctx.user.appId)`
Tests failing but starting to progress. 2020-11-12 18:06:55 +01:00			`const {`
			`username,`
			`password,`
			`name,`
			`accessLevelId,`
			`permissions,`
			`} = ctx.request.body`
auth, first version, needing tested 2020-05-21 15:31:23 +02:00
			`if (!username \|\| !password) {`
			`ctx.throw(400, "Username and Password Required.")`
			`}`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-23 15:37:08 +02:00
Initial work into multi-tenancy removal, experiencing issues with test cases at this point. 2020-10-28 21:35:06 +01:00			`const accessLevel = await checkAccessLevel(db, accessLevelId)`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-23 15:37:08 +02:00
auth, first version, needing tested 2020-05-21 15:31:23 +02:00			`if (!accessLevel) ctx.throw(400, "Invalid Access Level")`

			`const user = {`
Adding jsdoc to the db utils and removing the views, this is a breaking change for existing apps. 2020-10-02 13:37:46 +02:00			`_id: generateUserID(username),`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-23 15:37:08 +02:00			`username,`
			`password: await bcrypt.hash(password),`
server tests in-memory and passing 2020-05-14 16:12:30 +02:00			`name: name \|\| username,`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`type: "user",`
auth, first version, needing tested 2020-05-21 15:31:23 +02:00			`accessLevelId,`
Tests failing but starting to progress. 2020-11-12 18:06:55 +01:00			`permissions: permissions \|\| [BUILTIN_PERMISSION_NAMES.POWER],`
user table and relationships complete 2020-11-24 15:04:14 +01:00			`tableId: ViewNames.USERS,`
auth, first version, needing tested 2020-05-21 15:31:23 +02:00			`}`

Updating templates to be able to run locally with an environment variable LOCAL_TEMPLATES and making them work using the DB. Users are also no longer included in the db dump. 2020-11-06 13:30:30 +01:00			`try {`
			`const response = await db.post(user)`
			`ctx.status = 200`
			`ctx.message = "User created successfully."`
			`ctx.userId = response._id`
			`ctx.body = {`
			`_rev: response.rev,`
			`username,`
			`name,`
			`}`
			`} catch (err) {`
			`if (err.status === 409) {`
			`ctx.throw(400, "User exists already")`
			`} else {`
			`ctx.throw(err.status, err)`
			`}`
test coverage for user creation 2020-04-10 17:37:59 +02:00			`}`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`}`
api tests 2020-04-09 17:53:48 +02:00
lint fix 2020-06-29 15:56:41 +02:00			`exports.update = async function(ctx) {`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 11:28:27 +01:00			`const db = new CouchDB(ctx.user.appId)`
adds update functionality to users 2020-06-26 11:05:09 +02:00			`const user = ctx.request.body`
correct put call to not remove password 😅 2020-06-29 15:55:12 +02:00			`const dbUser = db.get(ctx.request.body._id)`
			`const newData = { ...dbUser, ...user }`
auth, first version, needing tested 2020-05-21 15:31:23 +02:00
correct put call to not remove password 😅 2020-06-29 15:55:12 +02:00			`const response = await db.put(newData)`
adds update functionality to users 2020-06-26 11:05:09 +02:00			`user._rev = response.rev`

			`ctx.status = 200`
fix wrong stuff coming back after updating user 2020-06-29 13:14:15 +02:00			ctx.message = `User ${ctx.request.body.username} updated successfully.`
			`ctx.body = response`
adds update functionality to users 2020-06-26 11:05:09 +02:00			`}`

lint fix 2020-06-29 15:56:41 +02:00			`exports.destroy = async function(ctx) {`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 11:28:27 +01:00			`const database = new CouchDB(ctx.user.appId)`
Adding jsdoc to the db utils and removing the views, this is a breaking change for existing apps. 2020-10-02 13:37:46 +02:00			`await database.destroy(generateUserID(ctx.params.username))`
server tests in-memory and passing 2020-05-14 16:12:30 +02:00			ctx.message = `User ${ctx.params.username} deleted.`
			`ctx.status = 200`
			`}`

lint fix 2020-06-29 15:56:41 +02:00			`exports.find = async function(ctx) {`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 11:28:27 +01:00			`const database = new CouchDB(ctx.user.appId)`
Adding jsdoc to the db utils and removing the views, this is a breaking change for existing apps. 2020-10-02 13:37:46 +02:00			`const user = await database.get(generateUserID(ctx.params.username))`
test coverage for user creation 2020-04-10 17:37:59 +02:00			`ctx.body = {`
server tests in-memory and passing 2020-05-14 16:12:30 +02:00			`username: user.username,`
			`name: user.name,`
			`_rev: user._rev,`
test coverage for user creation 2020-04-10 17:37:59 +02:00			`}`
formatting + fixing builder tests 2020-05-07 11:53:34 +02:00			`}`
auth, first version, needing tested 2020-05-21 15:31:23 +02:00
			`const checkAccessLevel = async (db, accessLevelId) => {`
			`if (!accessLevelId) return`
Large update, tests passing, have simplifed access level API, access levels and permissions are now totally separate. 2020-11-13 16:35:20 +01:00			`if (BUILTIN_LEVEL_ID_ARRAY.indexOf(accessLevelId) !== -1) {`
auth, first version, needing tested 2020-05-21 15:31:23 +02:00			`return {`
			`_id: accessLevelId,`
			`name: accessLevelId,`
			`permissions: [],`
			`}`
			`}`
			`return await db.get(accessLevelId)`
			`}`