Merge pull request #2614 from Budibase/feature/onboarding-backend

Access controls for cloud, self, and regular budibase users
This commit is contained in:
Rory Powell 2021-09-16 15:39:14 +01:00 committed by GitHub
commit 0201e5b781
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 30 additions and 20 deletions

View File

@ -6,8 +6,10 @@ const EXPIRY_SECONDS = 3600
/** /**
* The default populate user function * The default populate user function
*/ */
const populateFromDB = (userId, tenantId) => { const populateFromDB = async (userId, tenantId) => {
return getGlobalDB(tenantId).get(userId) const user = await getGlobalDB(tenantId).get(userId)
user.budibaseAccess = true
return user
} }
/** /**

View File

@ -6,31 +6,35 @@
let loaded = false let loaded = false
$: multiTenancyEnabled = $admin.multiTenancy $: multiTenancyEnabled = $admin.multiTenancy
$: hasAdminUser = $admin?.checklist?.adminUser.checked $: hasAdminUser = $admin?.checklist?.adminUser?.checked
$: tenantSet = $auth.tenantSet $: tenantSet = $auth.tenantSet
$: cloud = $admin.cloud
onMount(async () => { onMount(async () => {
await admin.init()
await auth.checkAuth() await auth.checkAuth()
await admin.init()
loaded = true loaded = true
}) })
$: { $: {
const apiReady = $admin.loaded && $auth.loaded // We should never see the org or admin user creation screens in the cloud
// if tenant is not set go to it if (!cloud) {
if (loaded && apiReady && multiTenancyEnabled && !tenantSet) { const apiReady = $admin.loaded && $auth.loaded
$redirect("./auth/org") // if tenant is not set go to it
} if (loaded && apiReady && multiTenancyEnabled && !tenantSet) {
// Force creation of an admin user if one doesn't exist $redirect("./auth/org")
else if (loaded && apiReady && !hasAdminUser) { }
$redirect("./admin") // Force creation of an admin user if one doesn't exist
else if (loaded && apiReady && !hasAdminUser) {
$redirect("./admin")
}
} }
} }
// Redirect to log in at any time if the user isn't authenticated // Redirect to log in at any time if the user isn't authenticated
$: { $: {
if ( if (
loaded && loaded &&
hasAdminUser && (hasAdminUser || cloud) &&
!$auth.user && !$auth.user &&
!$isActive("./auth") && !$isActive("./auth") &&
!$isActive("./invite") !$isActive("./invite")

View File

@ -8,6 +8,7 @@
let tenantId = get(auth).tenantSet ? get(auth).tenantId : "" let tenantId = get(auth).tenantSet ? get(auth).tenantId : ""
$: multiTenancyEnabled = $admin.multiTenancy $: multiTenancyEnabled = $admin.multiTenancy
$: cloud = $admin.cloud
async function setOrg() { async function setOrg() {
if (tenantId == null || tenantId === "") { if (tenantId == null || tenantId === "") {
@ -25,7 +26,7 @@
onMount(async () => { onMount(async () => {
await auth.checkQueryString() await auth.checkQueryString()
if (!multiTenancyEnabled) { if (!multiTenancyEnabled || cloud) {
$goto("../") $goto("../")
} else { } else {
admin.unload() admin.unload()

View File

@ -60,7 +60,7 @@
} }
// add link to account portal if the user has access // add link to account portal if the user has access
if ($auth?.user?.account) { if ($auth?.user?.accountPortalAccess) {
menu = menu.concat([ menu = menu.concat([
{ {
title: "Account", title: "Account",

View File

@ -197,10 +197,10 @@ exports.getSelf = async ctx => {
// this will set the body // this will set the body
await exports.find(ctx) await exports.find(ctx)
// append the account portal session information if present // forward session information not found in db
if (ctx.user.account) { ctx.body.account = ctx.user.account
ctx.body.account = ctx.user.account ctx.body.budibaseAccess = ctx.user.budibaseAccess
} ctx.body.accountPortalAccess = ctx.user.accountPortalAccess
} }
exports.updateSelf = async ctx => { exports.updateSelf = async ctx => {

View File

@ -84,7 +84,10 @@ router
.use(buildTenancyMiddleware(PUBLIC_ENDPOINTS, NO_TENANCY_ENDPOINTS)) .use(buildTenancyMiddleware(PUBLIC_ENDPOINTS, NO_TENANCY_ENDPOINTS))
// for now no public access is allowed to worker (bar health check) // for now no public access is allowed to worker (bar health check)
.use((ctx, next) => { .use((ctx, next) => {
if (!ctx.isAuthenticated && !ctx.publicEndpoint) { if (ctx.publicEndpoint) {
return next()
}
if (!ctx.isAuthenticated || !ctx.user.budibaseAccess) {
ctx.throw(403, "Unauthorized - no public worker access") ctx.throw(403, "Unauthorized - no public worker access")
} }
return next() return next()