2024-10-28 15:46:42 +01:00
|
|
|
import { ContextUser, User, UserGroup, UserIdentifier } from "@budibase/types"
|
2023-07-25 18:48:57 +02:00
|
|
|
import * as accountSdk from "../accounts"
|
|
|
|
|
import env from "../environment"
|
2024-10-28 15:46:42 +01:00
|
|
|
import { getExistingAccounts, getFirstPlatformUser } from "./lookup"
|
2023-07-25 18:48:57 +02:00
|
|
|
import { EmailUnavailableError } from "../errors"
|
|
|
|
|
import { sdk } from "@budibase/shared-core"
|
2024-01-18 11:14:25 +01:00
|
|
|
import { BUILTIN_ROLE_IDS } from "../security/roles"
|
|
|
|
|
import * as context from "../context"
|
2023-07-25 18:48:57 +02:00
|
|
|
|
|
|
|
|
// extract from shared-core to make easily accessible from backend-core
|
|
|
|
|
export const isBuilder = sdk.users.isBuilder
|
|
|
|
|
export const isAdmin = sdk.users.isAdmin
|
2023-07-25 19:52:59 +02:00
|
|
|
export const isGlobalBuilder = sdk.users.isGlobalBuilder
|
2023-07-25 18:48:57 +02:00
|
|
|
export const isAdminOrBuilder = sdk.users.isAdminOrBuilder
|
|
|
|
|
export const hasAdminPermissions = sdk.users.hasAdminPermissions
|
|
|
|
|
export const hasBuilderPermissions = sdk.users.hasBuilderPermissions
|
|
|
|
|
export const hasAppBuilderPermissions = sdk.users.hasAppBuilderPermissions
|
|
|
|
|
|
2024-01-18 11:14:25 +01:00
|
|
|
export async function isCreator(user?: User | ContextUser) {
|
|
|
|
|
const isCreatorByUserDefinition = sdk.users.isCreator(user)
|
|
|
|
|
if (!isCreatorByUserDefinition && user) {
|
|
|
|
|
return await isCreatorByGroupMembership(user)
|
|
|
|
|
}
|
|
|
|
|
return isCreatorByUserDefinition
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async function isCreatorByGroupMembership(user?: User | ContextUser) {
|
|
|
|
|
const userGroups = user?.userGroups || []
|
|
|
|
|
if (userGroups.length > 0) {
|
|
|
|
|
const db = context.getGlobalDB()
|
|
|
|
|
const groups: UserGroup[] = []
|
|
|
|
|
for (let groupId of userGroups) {
|
|
|
|
|
try {
|
|
|
|
|
const group = await db.get<UserGroup>(groupId)
|
|
|
|
|
groups.push(group)
|
|
|
|
|
} catch (e: any) {
|
|
|
|
|
if (e.error !== "not_found") {
|
|
|
|
|
throw e
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return groups.some(group =>
|
|
|
|
|
Object.values(group.roles || {}).includes(BUILTIN_ROLE_IDS.ADMIN)
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-25 18:48:57 +02:00
|
|
|
export async function validateUniqueUser(email: string, tenantId: string) {
|
|
|
|
|
// check budibase users in other tenants
|
|
|
|
|
if (env.MULTI_TENANCY) {
|
2024-07-29 14:25:46 +02:00
|
|
|
const tenantUser = await getFirstPlatformUser(email)
|
2023-07-25 18:48:57 +02:00
|
|
|
if (tenantUser != null && tenantUser.tenantId !== tenantId) {
|
|
|
|
|
throw new EmailUnavailableError(email)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// check root account users in account portal
|
|
|
|
|
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
|
|
|
|
|
const account = await accountSdk.getAccount(email)
|
|
|
|
|
if (account && account.verified && account.tenantId !== tenantId) {
|
|
|
|
|
throw new EmailUnavailableError(email)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2024-10-28 15:46:42 +01:00
|
|
|
* For a list of users, return the account holder if there is an email match.
|
2023-07-25 18:48:57 +02:00
|
|
|
*/
|
2024-10-28 15:46:42 +01:00
|
|
|
export async function getAccountHolderFromUsers(
|
|
|
|
|
users: Array<UserIdentifier>
|
|
|
|
|
): Promise<UserIdentifier | undefined> {
|
2023-07-25 18:48:57 +02:00
|
|
|
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
|
2024-10-28 15:46:42 +01:00
|
|
|
const accountMetadata = await getExistingAccounts(
|
|
|
|
|
users.map(user => user.email)
|
|
|
|
|
)
|
|
|
|
|
return users.find(user =>
|
|
|
|
|
accountMetadata.map(metadata => metadata.email).includes(user.email)
|
|
|
|
|
)
|
2023-07-25 18:48:57 +02:00
|
|
|
}
|
|
|
|
|
}
|
