From 18ce4a1e19fa03cc9f4eff9943d2bf68b2c7bee3 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Wed, 7 Apr 2021 11:54:51 +0100 Subject: [PATCH] Updating authorization test case to remove check for builder security and removing builder security while auth is being worked on - added an option to start stack without server so that user can start it in a debug mode if desired. --- package.json | 1 + packages/server/src/middleware/authorized.js | 5 +++++ packages/server/src/middleware/tests/authorized.spec.js | 3 ++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index cb577f20c3..42010f760a 100644 --- a/package.json +++ b/package.json @@ -27,6 +27,7 @@ "clean": "lerna clean", "kill-port": "kill-port 4001", "dev": "yarn run kill-port && lerna link && lerna run --parallel dev:builder --concurrency 1", + "dev:noserver": "lerna link && lerna run --parallel dev:builder --concurrency 1 --ignore @budibase/server", "test": "lerna run test", "lint": "eslint packages", "lint:fix": "eslint --fix packages", diff --git a/packages/server/src/middleware/authorized.js b/packages/server/src/middleware/authorized.js index 554f281d8c..dcd91bfdb4 100644 --- a/packages/server/src/middleware/authorized.js +++ b/packages/server/src/middleware/authorized.js @@ -42,6 +42,11 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => { const isAdmin = ADMIN_ROLES.includes(role._id) const isAuthed = ctx.auth.authenticated + // TODO: this was added while we work towards a better auth method + if (permType === PermissionTypes.BUILDER) { + return next() + } + const { basePermissions, permissions } = await getUserPermissions( ctx.appId, role._id diff --git a/packages/server/src/middleware/tests/authorized.spec.js b/packages/server/src/middleware/tests/authorized.spec.js index 7968a8a939..e4f34381a0 100644 --- a/packages/server/src/middleware/tests/authorized.spec.js +++ b/packages/server/src/middleware/tests/authorized.spec.js @@ -144,7 +144,8 @@ describe("Authorization middleware", () => { expect(config.next).toHaveBeenCalled() }) - it("throws if the user has only builder permissions", async () => { + // TODO: this has been skipped while auth is still in flux + xit("throws if the user has only builder permissions", async () => { config.setEnvironment(false) config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER) config.setUser({