Remove power role for apps created at >= 3.0.0
This commit is contained in:
Adria Navarro
parent
8cdc5be38e
commit
15bb730c59
|
|
@ -1,3 +1,4 @@
|
||||||
|
import semver from "semver"
|
||||||
import { BuiltinPermissionID, PermissionLevel } from "./permissions"
|
import { BuiltinPermissionID, PermissionLevel } from "./permissions"
|
||||||
import {
|
import {
|
||||||
prefixRoleID,
|
prefixRoleID,
|
||||||
|
|
@ -7,7 +8,13 @@ import {
|
||||||
doWithDB,
|
doWithDB,
|
||||||
} from "../db"
|
} from "../db"
|
||||||
import { getAppDB } from "../context"
|
import { getAppDB } from "../context"
|
||||||
import { Screen, Role as RoleDoc, RoleUIMetadata } from "@budibase/types"
|
import {
|
||||||
|
Screen,
|
||||||
|
Role as RoleDoc,
|
||||||
|
RoleUIMetadata,
|
||||||
|
Database,
|
||||||
|
App,
|
||||||
|
} from "@budibase/types"
|
||||||
import cloneDeep from "lodash/fp/cloneDeep"
|
import cloneDeep from "lodash/fp/cloneDeep"
|
||||||
import { RoleColor } from "@budibase/shared-core"
|
import { RoleColor } from "@budibase/shared-core"
|
||||||
|
|
||||||
|
|
@ -23,14 +30,6 @@ const BUILTIN_IDS = {
|
||||||
BUILDER: "BUILDER",
|
BUILDER: "BUILDER",
|
||||||
}
|
}
|
||||||
|
|
||||||
// exclude internal roles like builder
|
|
||||||
const EXTERNAL_BUILTIN_ROLE_IDS = [
|
|
||||||
BUILTIN_IDS.ADMIN,
|
|
||||||
BUILTIN_IDS.POWER,
|
|
||||||
BUILTIN_IDS.BASIC,
|
|
||||||
BUILTIN_IDS.PUBLIC,
|
|
||||||
]
|
|
||||||
|
|
||||||
export const RoleIDVersion = {
|
export const RoleIDVersion = {
|
||||||
// original version, with a UUID based ID
|
// original version, with a UUID based ID
|
||||||
UUID: undefined,
|
UUID: undefined,
|
||||||
|
|
@ -319,7 +318,7 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
|
||||||
}
|
}
|
||||||
return internal(appDB)
|
return internal(appDB)
|
||||||
}
|
}
|
||||||
async function internal(db: any) {
|
async function internal(db: Database | undefined) {
|
||||||
let roles: RoleDoc[] = []
|
let roles: RoleDoc[] = []
|
||||||
if (db) {
|
if (db) {
|
||||||
const body = await db.allDocs(
|
const body = await db.allDocs(
|
||||||
|
|
@ -334,8 +333,26 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
|
||||||
}
|
}
|
||||||
const builtinRoles = getBuiltinRoles()
|
const builtinRoles = getBuiltinRoles()
|
||||||
|
|
||||||
|
// exclude internal roles like builder
|
||||||
|
let externalBuiltinRoles = []
|
||||||
|
|
||||||
|
if (db && !(await shouldIncludePowerRole(db))) {
|
||||||
|
externalBuiltinRoles = [
|
||||||
|
BUILTIN_IDS.ADMIN,
|
||||||
|
BUILTIN_IDS.POWER,
|
||||||
|
BUILTIN_IDS.BASIC,
|
||||||
|
BUILTIN_IDS.PUBLIC,
|
||||||
|
]
|
||||||
|
} else {
|
||||||
|
externalBuiltinRoles = [
|
||||||
|
BUILTIN_IDS.ADMIN,
|
||||||
|
BUILTIN_IDS.BASIC,
|
||||||
|
BUILTIN_IDS.PUBLIC,
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
// need to combine builtin with any DB record of them (for sake of permissions)
|
// need to combine builtin with any DB record of them (for sake of permissions)
|
||||||
for (let builtinRoleId of EXTERNAL_BUILTIN_ROLE_IDS) {
|
for (let builtinRoleId of externalBuiltinRoles) {
|
||||||
const builtinRole = builtinRoles[builtinRoleId]
|
const builtinRole = builtinRoles[builtinRoleId]
|
||||||
const dbBuiltin = roles.filter(
|
const dbBuiltin = roles.filter(
|
||||||
dbRole =>
|
dbRole =>
|
||||||
|
|
@ -366,6 +383,16 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function shouldIncludePowerRole(db: Database) {
|
||||||
|
const app = await db.get<App>(DocumentType.APP_METADATA)
|
||||||
|
const { creationVersion } = app
|
||||||
|
if (semver.gte(creationVersion || "", "3.0.0")) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
export class AccessController {
|
export class AccessController {
|
||||||
userHierarchies: { [key: string]: string[] }
|
userHierarchies: { [key: string]: string[] }
|
||||||
constructor() {
|
constructor() {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue