Merge pull request #2614 from Budibase/feature/onboarding-backend
Access controls for cloud, self, and regular budibase users
This commit is contained in:
commit
0201e5b781
|
@ -6,8 +6,10 @@ const EXPIRY_SECONDS = 3600
|
||||||
/**
|
/**
|
||||||
* The default populate user function
|
* The default populate user function
|
||||||
*/
|
*/
|
||||||
const populateFromDB = (userId, tenantId) => {
|
const populateFromDB = async (userId, tenantId) => {
|
||||||
return getGlobalDB(tenantId).get(userId)
|
const user = await getGlobalDB(tenantId).get(userId)
|
||||||
|
user.budibaseAccess = true
|
||||||
|
return user
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -6,31 +6,35 @@
|
||||||
let loaded = false
|
let loaded = false
|
||||||
|
|
||||||
$: multiTenancyEnabled = $admin.multiTenancy
|
$: multiTenancyEnabled = $admin.multiTenancy
|
||||||
$: hasAdminUser = $admin?.checklist?.adminUser.checked
|
$: hasAdminUser = $admin?.checklist?.adminUser?.checked
|
||||||
$: tenantSet = $auth.tenantSet
|
$: tenantSet = $auth.tenantSet
|
||||||
|
$: cloud = $admin.cloud
|
||||||
|
|
||||||
onMount(async () => {
|
onMount(async () => {
|
||||||
await admin.init()
|
|
||||||
await auth.checkAuth()
|
await auth.checkAuth()
|
||||||
|
await admin.init()
|
||||||
loaded = true
|
loaded = true
|
||||||
})
|
})
|
||||||
|
|
||||||
$: {
|
$: {
|
||||||
const apiReady = $admin.loaded && $auth.loaded
|
// We should never see the org or admin user creation screens in the cloud
|
||||||
// if tenant is not set go to it
|
if (!cloud) {
|
||||||
if (loaded && apiReady && multiTenancyEnabled && !tenantSet) {
|
const apiReady = $admin.loaded && $auth.loaded
|
||||||
$redirect("./auth/org")
|
// if tenant is not set go to it
|
||||||
}
|
if (loaded && apiReady && multiTenancyEnabled && !tenantSet) {
|
||||||
// Force creation of an admin user if one doesn't exist
|
$redirect("./auth/org")
|
||||||
else if (loaded && apiReady && !hasAdminUser) {
|
}
|
||||||
$redirect("./admin")
|
// Force creation of an admin user if one doesn't exist
|
||||||
|
else if (loaded && apiReady && !hasAdminUser) {
|
||||||
|
$redirect("./admin")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Redirect to log in at any time if the user isn't authenticated
|
// Redirect to log in at any time if the user isn't authenticated
|
||||||
$: {
|
$: {
|
||||||
if (
|
if (
|
||||||
loaded &&
|
loaded &&
|
||||||
hasAdminUser &&
|
(hasAdminUser || cloud) &&
|
||||||
!$auth.user &&
|
!$auth.user &&
|
||||||
!$isActive("./auth") &&
|
!$isActive("./auth") &&
|
||||||
!$isActive("./invite")
|
!$isActive("./invite")
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
|
|
||||||
let tenantId = get(auth).tenantSet ? get(auth).tenantId : ""
|
let tenantId = get(auth).tenantSet ? get(auth).tenantId : ""
|
||||||
$: multiTenancyEnabled = $admin.multiTenancy
|
$: multiTenancyEnabled = $admin.multiTenancy
|
||||||
|
$: cloud = $admin.cloud
|
||||||
|
|
||||||
async function setOrg() {
|
async function setOrg() {
|
||||||
if (tenantId == null || tenantId === "") {
|
if (tenantId == null || tenantId === "") {
|
||||||
|
@ -25,7 +26,7 @@
|
||||||
|
|
||||||
onMount(async () => {
|
onMount(async () => {
|
||||||
await auth.checkQueryString()
|
await auth.checkQueryString()
|
||||||
if (!multiTenancyEnabled) {
|
if (!multiTenancyEnabled || cloud) {
|
||||||
$goto("../")
|
$goto("../")
|
||||||
} else {
|
} else {
|
||||||
admin.unload()
|
admin.unload()
|
||||||
|
|
|
@ -60,7 +60,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
// add link to account portal if the user has access
|
// add link to account portal if the user has access
|
||||||
if ($auth?.user?.account) {
|
if ($auth?.user?.accountPortalAccess) {
|
||||||
menu = menu.concat([
|
menu = menu.concat([
|
||||||
{
|
{
|
||||||
title: "Account",
|
title: "Account",
|
||||||
|
|
|
@ -197,10 +197,10 @@ exports.getSelf = async ctx => {
|
||||||
// this will set the body
|
// this will set the body
|
||||||
await exports.find(ctx)
|
await exports.find(ctx)
|
||||||
|
|
||||||
// append the account portal session information if present
|
// forward session information not found in db
|
||||||
if (ctx.user.account) {
|
ctx.body.account = ctx.user.account
|
||||||
ctx.body.account = ctx.user.account
|
ctx.body.budibaseAccess = ctx.user.budibaseAccess
|
||||||
}
|
ctx.body.accountPortalAccess = ctx.user.accountPortalAccess
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.updateSelf = async ctx => {
|
exports.updateSelf = async ctx => {
|
||||||
|
|
|
@ -84,7 +84,10 @@ router
|
||||||
.use(buildTenancyMiddleware(PUBLIC_ENDPOINTS, NO_TENANCY_ENDPOINTS))
|
.use(buildTenancyMiddleware(PUBLIC_ENDPOINTS, NO_TENANCY_ENDPOINTS))
|
||||||
// for now no public access is allowed to worker (bar health check)
|
// for now no public access is allowed to worker (bar health check)
|
||||||
.use((ctx, next) => {
|
.use((ctx, next) => {
|
||||||
if (!ctx.isAuthenticated && !ctx.publicEndpoint) {
|
if (ctx.publicEndpoint) {
|
||||||
|
return next()
|
||||||
|
}
|
||||||
|
if (!ctx.isAuthenticated || !ctx.user.budibaseAccess) {
|
||||||
ctx.throw(403, "Unauthorized - no public worker access")
|
ctx.throw(403, "Unauthorized - no public worker access")
|
||||||
}
|
}
|
||||||
return next()
|
return next()
|
||||||
|
|
Loading…
Reference in New Issue