budibase/packages/server/src/utilities/global.ts

import { getMultiIDParams, getGlobalIDFromUserMetadataID } from "../db/utils"
import {
  roles,
  db as dbCore,
  cache,
  tenancy,
  context,
  users,
} from "@budibase/backend-core"
import env from "../environment"
import { groups } from "@budibase/pro"
import { UserCtx, ContextUser, User, UserGroup } from "@budibase/types"
import cloneDeep from "lodash/cloneDeep"

export async function processUser(
  user: ContextUser,
  opts: { appId?: string; groups?: UserGroup[] } = {}
) {
  if (!user || (!user.roles && !user.userGroups)) {
    return user
  }
  user = cloneDeep(user)
  delete user.password
  const appId = opts.appId || context.getAppId()
  if (!appId) {
    throw new Error("Unable to process user without app ID")
  }
  // if in a multi-tenancy environment and in wrong tenant make sure roles are never updated
  if (env.MULTI_TENANCY && appId && !tenancy.isUserInAppTenant(appId, user)) {
    user = users.removePortalUserPermissions(user)
    user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
    return user
  }
  let groupList: UserGroup[] = []
  if (appId && user?.userGroups?.length) {
    groupList = opts.groups
      ? opts.groups
      : await groups.getBulk(user.userGroups)
  }
  // check if a group provides builder access
  const builderAppIds = await groups.getGroupBuilderAppIds(user, {
    appId,
    groups: groupList,
  })
  if (builderAppIds.length && !users.isBuilder(user, appId)) {
    const existingApps = user.builder?.apps || []
    user.builder = {
      apps: [...new Set(existingApps.concat(builderAppIds))],
    }
  }
  // builders are always admins within the app
  if (users.isBuilder(user, appId)) {
    user.roleId = roles.BUILTIN_ROLE_IDS.ADMIN
  }
  // try to get the role from the user list
  if (!user.roleId && appId && user.roles) {
    user.roleId = user.roles[dbCore.getProdAppID(appId)]
  }
  // try to get the role from the group list
  if (!user.roleId && groupList) {
    user.roleId = await groups.getGroupRoleId(user, appId, {
      groups: groupList,
    })
  }
  // final fallback, simply couldn't find a role - user must be public
  if (!user.roleId) {
    user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
  }
  // remove the roles as it is now set
  delete user.roles
  return user
}

export async function getCachedSelf(
  ctx: UserCtx,
  appId: string
): Promise<ContextUser> {
  // this has to be tenant aware, can't depend on the context to find it out
  // running some middlewares before the tenancy causes context to break
  const user = await cache.user.getUser(ctx.user?._id!)
  return processUser(user, { appId })
}

export async function getRawGlobalUser(userId: string): Promise<User> {
  const db = tenancy.getGlobalDB()
  return db.get<User>(getGlobalIDFromUserMetadataID(userId))
}

export async function getGlobalUser(userId: string): Promise<ContextUser> {
  const appId = context.getAppId()
  let user = await getRawGlobalUser(userId)
  return processUser(user, { appId })
}

export async function getRawGlobalUsers(userIds?: string[]): Promise<User[]> {
  const db = tenancy.getGlobalDB()
  let globalUsers: User[]
  if (userIds) {
    globalUsers = (await db.allDocs<User>(getMultiIDParams(userIds))).rows.map(
      row => row.doc!
    )
  } else {
    globalUsers = (
      await db.allDocs<User>(
        dbCore.getGlobalUserParams(null, {
          include_docs: true,
        })
      )
    ).rows.map(row => row.doc!)
  }
  return globalUsers
    .filter(user => user != null)
    .map(user => {
      delete user.password
      delete user.forceResetPassword
      return user
    })
}

export async function getGlobalUsers(
  userIds?: string[]
): Promise<ContextUser[]> {
  const users = await getRawGlobalUsers(userIds)
  const allGroups = await groups.fetch()
  return Promise.all(
    users.map(user => processUser(user, { groups: allGroups }))
  )
}

export async function getGlobalUsersFromMetadata(users: ContextUser[]) {
  const globalUsers = await getGlobalUsers(users.map(user => user._id!))
  return users.map(user => {
    const globalUser = globalUsers.find(
      globalUser => globalUser && user._id?.includes(globalUser._id!)
    )
    return {
      ...globalUser,
      // doing user second overwrites the id and rev (always metadata)
      ...user,
    }
  })
}
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`import { getMultiIDParams, getGlobalIDFromUserMetadataID } from "../db/utils"`
			`import {`
			`roles,`
			`db as dbCore,`
			`cache,`
			`tenancy,`
			`context,`
Main body of work to handle the new approach of per app builders support. 2023-07-18 17:57:48 +02:00			`users,`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`} from "@budibase/backend-core"`
			`import env from "../environment"`
			`import { groups } from "@budibase/pro"`
Fix for app sync, base it on group roles, not just user roles - stops app sync from pulling in group users which do not actually have access to the app. 2023-03-21 14:55:28 +01:00			`import { UserCtx, ContextUser, User, UserGroup } from "@budibase/types"`
Import lodash modules 2023-07-27 21:36:32 +02:00			`import cloneDeep from "lodash/cloneDeep"`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00
Adding last of support for per app group builder support, enriching the user on self return, as well as adding the functionality required to server middlewares. 2023-08-22 19:14:08 +02:00			`export async function processUser(`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`user: ContextUser,`
Adding last of support for per app group builder support, enriching the user on self return, as well as adding the functionality required to server middlewares. 2023-08-22 19:14:08 +02:00			`opts: { appId?: string; groups?: UserGroup[] } = {}`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`) {`
Adding group and user tests for user sync. 2023-04-12 20:59:05 +02:00			`if (!user \|\| (!user.roles && !user.userGroups)) {`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`return user`
			`}`
Adding last of support for per app group builder support, enriching the user on self return, as well as adding the functionality required to server middlewares. 2023-08-22 19:14:08 +02:00			`user = cloneDeep(user)`
			`delete user.password`
			`const appId = opts.appId \|\| context.getAppId()`
			`if (!appId) {`
			`throw new Error("Unable to process user without app ID")`
			`}`
			`// if in a multi-tenancy environment and in wrong tenant make sure roles are never updated`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`if (env.MULTI_TENANCY && appId && !tenancy.isUserInAppTenant(appId, user)) {`
Main body of work to handle the new approach of per app builders support. 2023-07-18 17:57:48 +02:00			`user = users.removePortalUserPermissions(user)`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC`
			`return user`
			`}`
Adding last of support for per app group builder support, enriching the user on self return, as well as adding the functionality required to server middlewares. 2023-08-22 19:14:08 +02:00			`let groupList: UserGroup[] = []`
			`if (appId && user?.userGroups?.length) {`
			`groupList = opts.groups`
			`? opts.groups`
			`: await groups.getBulk(user.userGroups)`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`}`
Adding last of support for per app group builder support, enriching the user on self return, as well as adding the functionality required to server middlewares. 2023-08-22 19:14:08 +02:00			`// check if a group provides builder access`
Some other minor changes to fully support the per app builder from groups, making sure middlewares are properly aware. 2023-08-22 20:15:47 +02:00			`const builderAppIds = await groups.getGroupBuilderAppIds(user, {`
			`appId,`
Adding last of support for per app group builder support, enriching the user on self return, as well as adding the functionality required to server middlewares. 2023-08-22 19:14:08 +02:00			`groups: groupList,`
			`})`
			`if (builderAppIds.length && !users.isBuilder(user, appId)) {`
			`const existingApps = user.builder?.apps \|\| []`
			`user.builder = {`
			`apps: [...new Set(existingApps.concat(builderAppIds))],`
			`}`
			`}`
			`// builders are always admins within the app`
			`if (users.isBuilder(user, appId)) {`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`user.roleId = roles.BUILTIN_ROLE_IDS.ADMIN`
			`}`
Adding last of support for per app group builder support, enriching the user on self return, as well as adding the functionality required to server middlewares. 2023-08-22 19:14:08 +02:00			`// try to get the role from the user list`
			`if (!user.roleId && appId && user.roles) {`
			`user.roleId = user.roles[dbCore.getProdAppID(appId)]`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`}`
Adding last of support for per app group builder support, enriching the user on self return, as well as adding the functionality required to server middlewares. 2023-08-22 19:14:08 +02:00			`// try to get the role from the group list`
			`if (!user.roleId && groupList) {`
			`user.roleId = await groups.getGroupRoleId(user, appId, {`
			`groups: groupList,`
Fix for app sync, base it on group roles, not just user roles - stops app sync from pulling in group users which do not actually have access to the app. 2023-03-21 14:55:28 +01:00			`})`
			`}`
			`// final fallback, simply couldn't find a role - user must be public`
			`if (!user.roleId) {`
			`user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`}`
Adding last of support for per app group builder support, enriching the user on self return, as well as adding the functionality required to server middlewares. 2023-08-22 19:14:08 +02:00			`// remove the roles as it is now set`
			`delete user.roles`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`return user`
			`}`

Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`export async function getCachedSelf(`
			`ctx: UserCtx,`
			`appId: string`
			`): Promise<ContextUser> {`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`// this has to be tenant aware, can't depend on the context to find it out`
			`// running some middlewares before the tenancy causes context to break`
			`const user = await cache.user.getUser(ctx.user?._id!)`
			`return processUser(user, { appId })`
			`}`

Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`export async function getRawGlobalUser(userId: string): Promise<User> {`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`const db = tenancy.getGlobalDB()`
Type internal db.get 2023-07-18 11:41:51 +02:00			`return db.get<User>(getGlobalIDFromUserMetadataID(userId))`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`}`

Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`export async function getGlobalUser(userId: string): Promise<ContextUser> {`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`const appId = context.getAppId()`
			`let user = await getRawGlobalUser(userId)`
			`return processUser(user, { appId })`
			`}`

Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`export async function getRawGlobalUsers(userIds?: string[]): Promise<User[]> {`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`const db = tenancy.getGlobalDB()`
Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`let globalUsers: User[]`
Updating the global user sync to be more accurate and also remove old user metadata from apps that users don't have access to anymore. 2023-04-04 19:03:56 +02:00			`if (userIds) {`
Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`globalUsers = (await db.allDocs<User>(getMultiIDParams(userIds))).rows.map(`
			`row => row.doc!`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`)`
			`} else {`
			`globalUsers = (`
Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`await db.allDocs<User>(`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`dbCore.getGlobalUserParams(null, {`
			`include_docs: true,`
			`})`
			`)`
Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`).rows.map(row => row.doc!)`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`}`
Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`return globalUsers`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`.filter(user => user != null)`
			`.map(user => {`
			`delete user.password`
			`delete user.forceResetPassword`
			`return user`
			`})`
Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`}`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00
Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`export async function getGlobalUsers(`
			`userIds?: string[]`
			`): Promise<ContextUser[]> {`
			`const users = await getRawGlobalUsers(userIds)`
			`const allGroups = await groups.fetch()`
			`return Promise.all(`
			`users.map(user => processUser(user, { groups: allGroups }))`
			`)`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`}`

			`export async function getGlobalUsersFromMetadata(users: ContextUser[]) {`
Updating the global user sync to be more accurate and also remove old user metadata from apps that users don't have access to anymore. 2023-04-04 19:03:56 +02:00			`const globalUsers = await getGlobalUsers(users.map(user => user._id!))`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`return users.map(user => {`
			`const globalUser = globalUsers.find(`
Ensure that the DB always returns Documents. 2023-11-07 19:14:52 +01:00			`globalUser => globalUser && user._id?.includes(globalUser._id!)`
Some updates for currentapp.spec.js test case. 2022-11-15 18:35:17 +01:00			`)`
			`return {`
			`...globalUser,`
			`// doing user second overwrites the id and rev (always metadata)`
			`...user,`
			`}`
			`})`
			`}`