Remove power role for apps created at >= 3.0.0
This commit is contained in:
Adria Navarro
parent
8cdc5be38e
commit
15bb730c59
|
|
@ -1,3 +1,4 @@
|
|||
import semver from "semver"
|
||||
import { BuiltinPermissionID, PermissionLevel } from "./permissions"
|
||||
import {
|
||||
prefixRoleID,
|
||||
|
|
@ -7,7 +8,13 @@ import {
|
|||
doWithDB,
|
||||
} from "../db"
|
||||
import { getAppDB } from "../context"
|
||||
import { Screen, Role as RoleDoc, RoleUIMetadata } from "@budibase/types"
|
||||
import {
|
||||
Screen,
|
||||
Role as RoleDoc,
|
||||
RoleUIMetadata,
|
||||
Database,
|
||||
App,
|
||||
} from "@budibase/types"
|
||||
import cloneDeep from "lodash/fp/cloneDeep"
|
||||
import { RoleColor } from "@budibase/shared-core"
|
||||
|
||||
|
|
@ -23,14 +30,6 @@ const BUILTIN_IDS = {
|
|||
BUILDER: "BUILDER",
|
||||
}
|
||||
|
||||
// exclude internal roles like builder
|
||||
const EXTERNAL_BUILTIN_ROLE_IDS = [
|
||||
BUILTIN_IDS.ADMIN,
|
||||
BUILTIN_IDS.POWER,
|
||||
BUILTIN_IDS.BASIC,
|
||||
BUILTIN_IDS.PUBLIC,
|
||||
]
|
||||
|
||||
export const RoleIDVersion = {
|
||||
// original version, with a UUID based ID
|
||||
UUID: undefined,
|
||||
|
|
@ -319,7 +318,7 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
|
|||
}
|
||||
return internal(appDB)
|
||||
}
|
||||
async function internal(db: any) {
|
||||
async function internal(db: Database | undefined) {
|
||||
let roles: RoleDoc[] = []
|
||||
if (db) {
|
||||
const body = await db.allDocs(
|
||||
|
|
@ -334,8 +333,26 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
|
|||
}
|
||||
const builtinRoles = getBuiltinRoles()
|
||||
|
||||
// exclude internal roles like builder
|
||||
let externalBuiltinRoles = []
|
||||
|
||||
if (db && !(await shouldIncludePowerRole(db))) {
|
||||
externalBuiltinRoles = [
|
||||
BUILTIN_IDS.ADMIN,
|
||||
BUILTIN_IDS.POWER,
|
||||
BUILTIN_IDS.BASIC,
|
||||
BUILTIN_IDS.PUBLIC,
|
||||
]
|
||||
} else {
|
||||
externalBuiltinRoles = [
|
||||
BUILTIN_IDS.ADMIN,
|
||||
BUILTIN_IDS.BASIC,
|
||||
BUILTIN_IDS.PUBLIC,
|
||||
]
|
||||
}
|
||||
|
||||
// need to combine builtin with any DB record of them (for sake of permissions)
|
||||
for (let builtinRoleId of EXTERNAL_BUILTIN_ROLE_IDS) {
|
||||
for (let builtinRoleId of externalBuiltinRoles) {
|
||||
const builtinRole = builtinRoles[builtinRoleId]
|
||||
const dbBuiltin = roles.filter(
|
||||
dbRole =>
|
||||
|
|
@ -366,6 +383,16 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
|
|||
}
|
||||
}
|
||||
|
||||
async function shouldIncludePowerRole(db: Database) {
|
||||
const app = await db.get<App>(DocumentType.APP_METADATA)
|
||||
const { creationVersion } = app
|
||||
if (semver.gte(creationVersion || "", "3.0.0")) {
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
export class AccessController {
|
||||
userHierarchies: { [key: string]: string[] }
|
||||
constructor() {
|
||||
|
|
|
|||
Loading…
Reference in New Issue