budibase/packages/server/src/utilities/global.js

const {
  getMultiIDParams,
  getGlobalIDFromUserMetadataID,
} = require("../db/utils")
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
const { getDeployedAppID } = require("@budibase/auth/db")
const { getGlobalUserParams } = require("@budibase/auth/db")
const { user: userCache } = require("@budibase/auth/cache")
const { getGlobalDB } = require("@budibase/auth/tenancy")

exports.updateAppRole = (appId, user) => {
  if (!user.roles) {
    return user
  }

  // always use the deployed app
  user.roleId = user.roles[getDeployedAppID(appId)]
  // if a role wasn't found then either set as admin (builder) or public (everyone else)
  if (!user.roleId && user.builder && user.builder.global) {
    user.roleId = BUILTIN_ROLE_IDS.ADMIN
  } else if (!user.roleId) {
    user.roleId = BUILTIN_ROLE_IDS.BASIC
  }
  delete user.roles
  return user
}

function processUser(appId, user) {
  if (user) {
    delete user.password
  }
  return exports.updateAppRole(appId, user)
}

exports.getCachedSelf = async (ctx, appId) => {
  const user = await userCache.getUser(ctx.user._id, ctx.user.tenantId)
  return processUser(appId, user)
}

exports.getGlobalUser = async (ctx, appId, userId) => {
  const db = getGlobalDB()
  let user = await db.get(getGlobalIDFromUserMetadataID(userId))
  return processUser(appId, user)
}

exports.getGlobalUsers = async (ctx, appId = null, users = null) => {
  const db = getGlobalDB()
  let globalUsers
  if (users) {
    const globalIds = users.map(user => getGlobalIDFromUserMetadataID(user._id))
    globalUsers = (await db.allDocs(getMultiIDParams(globalIds))).rows.map(
      row => row.doc
    )
  } else {
    globalUsers = (
      await db.allDocs(
        getGlobalUserParams(null, {
          include_docs: true,
        })
      )
    ).rows.map(row => row.doc)
  }
  globalUsers = globalUsers
    .filter(user => user != null)
    .map(user => {
      delete user.password
      return user
    })
  if (!appId) {
    return globalUsers
  }
  return globalUsers.map(user => exports.updateAppRole(appId, user))
}
Re-writing how global users are handled in server, specifically how they are retrieved, so that for relationships it can handle the global user. 2021-06-08 17:06:30 +02:00			`const {`
			`getMultiIDParams,`
			`getGlobalIDFromUserMetadataID,`
			`} = require("../db/utils")`
			`const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")`
re-write, to use the ideas that Rory put in place, still WIP, un-tested but all implemented. 2021-08-02 19:34:43 +02:00			`const { getDeployedAppID } = require("@budibase/auth/db")`
Re-writing how global users are handled in server, specifically how they are retrieved, so that for relationships it can handle the global user. 2021-06-08 17:06:30 +02:00			`const { getGlobalUserParams } = require("@budibase/auth/db")`
WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`const { user: userCache } = require("@budibase/auth/cache")`
re-write, to use the ideas that Rory put in place, still WIP, un-tested but all implemented. 2021-08-02 19:34:43 +02:00			`const { getGlobalDB } = require("@budibase/auth/tenancy")`
Re-writing how global users are handled in server, specifically how they are retrieved, so that for relationships it can handle the global user. 2021-06-08 17:06:30 +02:00
			`exports.updateAppRole = (appId, user) => {`
			`if (!user.roles) {`
			`return user`
			`}`
Fix for #1710 - don't allow setting setting info from within apps and making the user portal a bit more clear about builders being global admins. 2021-06-14 16:23:24 +02:00
			`// always use the deployed app`
			`user.roleId = user.roles[getDeployedAppID(appId)]`
			`// if a role wasn't found then either set as admin (builder) or public (everyone else)`
			`if (!user.roleId && user.builder && user.builder.global) {`
Re-writing how global users are handled in server, specifically how they are retrieved, so that for relationships it can handle the global user. 2021-06-08 17:06:30 +02:00			`user.roleId = BUILTIN_ROLE_IDS.ADMIN`
Fix for #1710 - don't allow setting setting info from within apps and making the user portal a bit more clear about builders being global admins. 2021-06-14 16:23:24 +02:00			`} else if (!user.roleId) {`
make logged in users basic by default, prevent allowing users to be assigned as default in the UI 2021-07-06 19:43:04 +02:00			`user.roleId = BUILTIN_ROLE_IDS.BASIC`
Re-writing how global users are handled in server, specifically how they are retrieved, so that for relationships it can handle the global user. 2021-06-08 17:06:30 +02:00			`}`
			`delete user.roles`
			`return user`
			`}`

WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`function processUser(appId, user) {`
Re-writing how global users are handled in server, specifically how they are retrieved, so that for relationships it can handle the global user. 2021-06-08 17:06:30 +02:00			`if (user) {`
			`delete user.password`
			`}`
			`return exports.updateAppRole(appId, user)`
			`}`

WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`exports.getCachedSelf = async (ctx, appId) => {`
First version of multi-tenancy, work still to be done. 2021-07-15 18:57:02 +02:00			`const user = await userCache.getUser(ctx.user._id, ctx.user.tenantId)`
WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`return processUser(appId, user)`
			`}`

First version of multi-tenancy, work still to be done. 2021-07-15 18:57:02 +02:00			`exports.getGlobalUser = async (ctx, appId, userId) => {`
re-write, to use the ideas that Rory put in place, still WIP, un-tested but all implemented. 2021-08-02 19:34:43 +02:00			`const db = getGlobalDB()`
WIP - first version of user sessions. 2021-07-06 19:10:04 +02:00			`let user = await db.get(getGlobalIDFromUserMetadataID(userId))`
			`return processUser(appId, user)`
			`}`

First version of multi-tenancy, work still to be done. 2021-07-15 18:57:02 +02:00			`exports.getGlobalUsers = async (ctx, appId = null, users = null) => {`
re-write, to use the ideas that Rory put in place, still WIP, un-tested but all implemented. 2021-08-02 19:34:43 +02:00			`const db = getGlobalDB()`
Re-writing how global users are handled in server, specifically how they are retrieved, so that for relationships it can handle the global user. 2021-06-08 17:06:30 +02:00			`let globalUsers`
			`if (users) {`
			`const globalIds = users.map(user => getGlobalIDFromUserMetadataID(user._id))`
			`globalUsers = (await db.allDocs(getMultiIDParams(globalIds))).rows.map(`
			`row => row.doc`
			`)`
			`} else {`
Formatting. 2021-06-08 17:11:46 +02:00			`globalUsers = (`
			`await db.allDocs(`
			`getGlobalUserParams(null, {`
			`include_docs: true,`
			`})`
			`)`
			`).rows.map(row => row.doc)`
Re-writing how global users are handled in server, specifically how they are retrieved, so that for relationships it can handle the global user. 2021-06-08 17:06:30 +02:00			`}`
Formatting. 2021-06-08 17:11:46 +02:00			`globalUsers = globalUsers`
			`.filter(user => user != null)`
			`.map(user => {`
			`delete user.password`
			`return user`
			`})`
Re-writing how global users are handled in server, specifically how they are retrieved, so that for relationships it can handle the global user. 2021-06-08 17:06:30 +02:00			`if (!appId) {`
			`return globalUsers`
			`}`
			`return globalUsers.map(user => exports.updateAppRole(appId, user))`
Formatting. 2021-06-08 17:11:46 +02:00			`}`