Adding admin only endpoint, removing the ability to create/delete global users from the app server and adding a global self user update.
This commit is contained in:
parent
bf935183ce
commit
1956d9765e
|
@ -167,11 +167,10 @@ exports.save = async function (ctx) {
|
||||||
table,
|
table,
|
||||||
})
|
})
|
||||||
|
|
||||||
// TODO remove special user case in future
|
if (row.tableId === InternalTables.USER_METADATA && row._id) {
|
||||||
if (row.tableId === InternalTables.USER_METADATA) {
|
|
||||||
// the row has been updated, need to put it into the ctx
|
// the row has been updated, need to put it into the ctx
|
||||||
ctx.request.body = row
|
ctx.request.body = row
|
||||||
await userController.createMetadata(ctx)
|
await userController.updateMetadata(ctx)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,15 +2,10 @@ const CouchDB = require("../../db")
|
||||||
const {
|
const {
|
||||||
generateUserMetadataID,
|
generateUserMetadataID,
|
||||||
getUserMetadataParams,
|
getUserMetadataParams,
|
||||||
getGlobalIDFromUserMetadataID,
|
|
||||||
} = require("../../db/utils")
|
} = require("../../db/utils")
|
||||||
const { InternalTables } = require("../../db/utils")
|
const { InternalTables } = require("../../db/utils")
|
||||||
const { getRole, BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
|
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
|
||||||
const {
|
const { getGlobalUsers } = require("../../utilities/workerRequests")
|
||||||
getGlobalUsers,
|
|
||||||
saveGlobalUser,
|
|
||||||
deleteGlobalUser,
|
|
||||||
} = require("../../utilities/workerRequests")
|
|
||||||
const { getFullUser } = require("../../utilities/users")
|
const { getFullUser } = require("../../utilities/users")
|
||||||
|
|
||||||
exports.fetchMetadata = async function (ctx) {
|
exports.fetchMetadata = async function (ctx) {
|
||||||
|
@ -38,38 +33,6 @@ exports.fetchMetadata = async function (ctx) {
|
||||||
ctx.body = users
|
ctx.body = users
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.createMetadata = async function (ctx) {
|
|
||||||
const appId = ctx.appId
|
|
||||||
const db = new CouchDB(appId)
|
|
||||||
const { roleId } = ctx.request.body
|
|
||||||
|
|
||||||
if (ctx.request.body._id) {
|
|
||||||
return exports.updateMetadata(ctx)
|
|
||||||
}
|
|
||||||
|
|
||||||
// check role valid
|
|
||||||
const role = await getRole(appId, roleId)
|
|
||||||
if (!role) ctx.throw(400, "Invalid Role")
|
|
||||||
|
|
||||||
const globalUser = await saveGlobalUser(ctx, appId, ctx.request.body)
|
|
||||||
|
|
||||||
const user = {
|
|
||||||
...globalUser,
|
|
||||||
_id: generateUserMetadataID(globalUser._id),
|
|
||||||
type: "user",
|
|
||||||
tableId: InternalTables.USER_METADATA,
|
|
||||||
}
|
|
||||||
|
|
||||||
const response = await db.post(user)
|
|
||||||
// for automations to make it obvious was successful
|
|
||||||
ctx.status = 200
|
|
||||||
ctx.body = {
|
|
||||||
_id: response.id,
|
|
||||||
_rev: response.rev,
|
|
||||||
email: ctx.request.body.email,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
exports.updateSelfMetadata = async function (ctx) {
|
exports.updateSelfMetadata = async function (ctx) {
|
||||||
// overwrite the ID with current users
|
// overwrite the ID with current users
|
||||||
ctx.request.body._id = ctx.user._id
|
ctx.request.body._id = ctx.user._id
|
||||||
|
@ -85,14 +48,13 @@ exports.updateMetadata = async function (ctx) {
|
||||||
const appId = ctx.appId
|
const appId = ctx.appId
|
||||||
const db = new CouchDB(appId)
|
const db = new CouchDB(appId)
|
||||||
const user = ctx.request.body
|
const user = ctx.request.body
|
||||||
const globalUser = await saveGlobalUser(ctx, appId, {
|
// make sure to always remove global user props
|
||||||
...user,
|
delete user.password
|
||||||
_id: getGlobalIDFromUserMetadataID(user._id),
|
delete user.roles
|
||||||
})
|
delete user.builder
|
||||||
const metadata = {
|
const metadata = {
|
||||||
...globalUser,
|
|
||||||
tableId: InternalTables.USER_METADATA,
|
tableId: InternalTables.USER_METADATA,
|
||||||
_id: user._id || generateUserMetadataID(globalUser._id),
|
_id: user._id,
|
||||||
_rev: user._rev,
|
_rev: user._rev,
|
||||||
}
|
}
|
||||||
ctx.body = await db.put(metadata)
|
ctx.body = await db.put(metadata)
|
||||||
|
@ -100,7 +62,6 @@ exports.updateMetadata = async function (ctx) {
|
||||||
|
|
||||||
exports.destroyMetadata = async function (ctx) {
|
exports.destroyMetadata = async function (ctx) {
|
||||||
const db = new CouchDB(ctx.appId)
|
const db = new CouchDB(ctx.appId)
|
||||||
await deleteGlobalUser(ctx, getGlobalIDFromUserMetadataID(ctx.params.id))
|
|
||||||
try {
|
try {
|
||||||
const dbUser = await db.get(ctx.params.id)
|
const dbUser = await db.get(ctx.params.id)
|
||||||
await db.remove(dbUser._id, dbUser._rev)
|
await db.remove(dbUser._id, dbUser._rev)
|
||||||
|
@ -108,7 +69,7 @@ exports.destroyMetadata = async function (ctx) {
|
||||||
// error just means the global user has no config in this app
|
// error just means the global user has no config in this app
|
||||||
}
|
}
|
||||||
ctx.body = {
|
ctx.body = {
|
||||||
message: `User ${ctx.params.id} deleted.`,
|
message: `User metadata ${ctx.params.id} deleted.`,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -25,12 +25,6 @@ router
|
||||||
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
|
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
|
||||||
controller.updateMetadata
|
controller.updateMetadata
|
||||||
)
|
)
|
||||||
.post(
|
|
||||||
"/api/users/metadata",
|
|
||||||
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
|
|
||||||
usage,
|
|
||||||
controller.createMetadata
|
|
||||||
)
|
|
||||||
.post(
|
.post(
|
||||||
"/api/users/metadata/self",
|
"/api/users/metadata/self",
|
||||||
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
|
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
|
||||||
|
|
|
@ -3,7 +3,6 @@ const sendSmtpEmail = require("./steps/sendSmtpEmail")
|
||||||
const createRow = require("./steps/createRow")
|
const createRow = require("./steps/createRow")
|
||||||
const updateRow = require("./steps/updateRow")
|
const updateRow = require("./steps/updateRow")
|
||||||
const deleteRow = require("./steps/deleteRow")
|
const deleteRow = require("./steps/deleteRow")
|
||||||
const createUser = require("./steps/createUser")
|
|
||||||
const executeScript = require("./steps/executeScript")
|
const executeScript = require("./steps/executeScript")
|
||||||
const executeQuery = require("./steps/executeQuery")
|
const executeQuery = require("./steps/executeQuery")
|
||||||
const outgoingWebhook = require("./steps/outgoingWebhook")
|
const outgoingWebhook = require("./steps/outgoingWebhook")
|
||||||
|
@ -20,7 +19,6 @@ const BUILTIN_ACTIONS = {
|
||||||
CREATE_ROW: createRow.run,
|
CREATE_ROW: createRow.run,
|
||||||
UPDATE_ROW: updateRow.run,
|
UPDATE_ROW: updateRow.run,
|
||||||
DELETE_ROW: deleteRow.run,
|
DELETE_ROW: deleteRow.run,
|
||||||
CREATE_USER: createUser.run,
|
|
||||||
OUTGOING_WEBHOOK: outgoingWebhook.run,
|
OUTGOING_WEBHOOK: outgoingWebhook.run,
|
||||||
EXECUTE_SCRIPT: executeScript.run,
|
EXECUTE_SCRIPT: executeScript.run,
|
||||||
EXECUTE_QUERY: executeQuery.run,
|
EXECUTE_QUERY: executeQuery.run,
|
||||||
|
@ -31,7 +29,6 @@ const BUILTIN_DEFINITIONS = {
|
||||||
CREATE_ROW: createRow.definition,
|
CREATE_ROW: createRow.definition,
|
||||||
UPDATE_ROW: updateRow.definition,
|
UPDATE_ROW: updateRow.definition,
|
||||||
DELETE_ROW: deleteRow.definition,
|
DELETE_ROW: deleteRow.definition,
|
||||||
CREATE_USER: createUser.definition,
|
|
||||||
OUTGOING_WEBHOOK: outgoingWebhook.definition,
|
OUTGOING_WEBHOOK: outgoingWebhook.definition,
|
||||||
EXECUTE_SCRIPT: executeScript.definition,
|
EXECUTE_SCRIPT: executeScript.definition,
|
||||||
EXECUTE_QUERY: executeQuery.definition,
|
EXECUTE_QUERY: executeQuery.definition,
|
||||||
|
|
|
@ -1,90 +0,0 @@
|
||||||
const roles = require("@budibase/auth/roles")
|
|
||||||
const userController = require("../../api/controllers/user")
|
|
||||||
const env = require("../../environment")
|
|
||||||
const usage = require("../../utilities/usageQuota")
|
|
||||||
|
|
||||||
module.exports.definition = {
|
|
||||||
description: "Create a new user",
|
|
||||||
tagline: "Create user {{inputs.email}}",
|
|
||||||
icon: "ri-user-add-line",
|
|
||||||
name: "Create User",
|
|
||||||
type: "ACTION",
|
|
||||||
stepId: "CREATE_USER",
|
|
||||||
inputs: {
|
|
||||||
roleId: roles.BUILTIN_ROLE_IDS.POWER,
|
|
||||||
},
|
|
||||||
schema: {
|
|
||||||
inputs: {
|
|
||||||
properties: {
|
|
||||||
email: {
|
|
||||||
type: "string",
|
|
||||||
customType: "email",
|
|
||||||
title: "Email",
|
|
||||||
},
|
|
||||||
password: {
|
|
||||||
type: "string",
|
|
||||||
title: "Password",
|
|
||||||
},
|
|
||||||
roleId: {
|
|
||||||
type: "string",
|
|
||||||
title: "Role",
|
|
||||||
enum: roles.BUILTIN_ROLE_ID_ARRAY,
|
|
||||||
pretty: roles.BUILTIN_ROLE_NAME_ARRAY,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
required: ["email", "password", "roleId"],
|
|
||||||
},
|
|
||||||
outputs: {
|
|
||||||
properties: {
|
|
||||||
id: {
|
|
||||||
type: "string",
|
|
||||||
description: "The identifier of the new user",
|
|
||||||
},
|
|
||||||
revision: {
|
|
||||||
type: "string",
|
|
||||||
description: "The revision of the new user",
|
|
||||||
},
|
|
||||||
response: {
|
|
||||||
type: "object",
|
|
||||||
description: "The response from the user table",
|
|
||||||
},
|
|
||||||
success: {
|
|
||||||
type: "boolean",
|
|
||||||
description: "Whether the action was successful",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
required: ["id", "revision", "success"],
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
module.exports.run = async function ({ inputs, appId, apiKey, emitter }) {
|
|
||||||
const { email, password, roleId } = inputs
|
|
||||||
const ctx = {
|
|
||||||
appId,
|
|
||||||
request: {
|
|
||||||
body: { email, password, roleId },
|
|
||||||
},
|
|
||||||
eventEmitter: emitter,
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
if (env.isProd()) {
|
|
||||||
await usage.update(apiKey, usage.Properties.USER, 1)
|
|
||||||
}
|
|
||||||
await userController.createMetadata(ctx)
|
|
||||||
return {
|
|
||||||
response: ctx.body,
|
|
||||||
// internal property not returned through the API
|
|
||||||
id: ctx.body._id,
|
|
||||||
revision: ctx.body._rev,
|
|
||||||
success: ctx.status === 200,
|
|
||||||
}
|
|
||||||
} catch (err) {
|
|
||||||
console.error(err)
|
|
||||||
return {
|
|
||||||
success: false,
|
|
||||||
response: err,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -96,6 +96,22 @@ exports.destroy = async ctx => {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exports.self = async ctx => {
|
||||||
|
const db = new CouchDB(GLOBAL_DB)
|
||||||
|
const user = await db.get(ctx.user._id)
|
||||||
|
if (ctx.request.body.password) {
|
||||||
|
ctx.request.body.password = await hash(ctx.request.body.password)
|
||||||
|
}
|
||||||
|
const response = await db.put({
|
||||||
|
...user,
|
||||||
|
...ctx.request.body,
|
||||||
|
})
|
||||||
|
ctx.body = {
|
||||||
|
_id: response.id,
|
||||||
|
_rev: response.rev,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// called internally by app server user fetch
|
// called internally by app server user fetch
|
||||||
exports.fetch = async ctx => {
|
exports.fetch = async ctx => {
|
||||||
const db = new CouchDB(GLOBAL_DB)
|
const db = new CouchDB(GLOBAL_DB)
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
const Router = require("@koa/router")
|
const Router = require("@koa/router")
|
||||||
const controller = require("../../controllers/admin/configs")
|
const controller = require("../../controllers/admin/configs")
|
||||||
const joiValidator = require("../../../middleware/joi-validator")
|
const joiValidator = require("../../../middleware/joi-validator")
|
||||||
|
const adminOnly = require("../../../middleware/adminOnly")
|
||||||
const Joi = require("joi")
|
const Joi = require("joi")
|
||||||
const { Configs, ConfigUploads } = require("../../../constants")
|
const { Configs, ConfigUploads } = require("../../../constants")
|
||||||
|
|
||||||
|
@ -76,6 +77,8 @@ function buildConfigGetValidation() {
|
||||||
}).unknown(true).required())
|
}).unknown(true).required())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
router.use(adminOnly)
|
||||||
|
|
||||||
router
|
router
|
||||||
.post("/api/admin/configs", buildConfigSaveValidation(), controller.save)
|
.post("/api/admin/configs", buildConfigSaveValidation(), controller.save)
|
||||||
.delete("/api/admin/configs/:id", controller.destroy)
|
.delete("/api/admin/configs/:id", controller.destroy)
|
||||||
|
|
|
@ -5,13 +5,12 @@ const Joi = require("joi")
|
||||||
|
|
||||||
const router = Router()
|
const router = Router()
|
||||||
|
|
||||||
function buildUserSaveValidation() {
|
function buildUserSaveValidation(isSelf = false) {
|
||||||
// prettier-ignore
|
let schema = {
|
||||||
return joiValidator.body(Joi.object({
|
|
||||||
_id: Joi.string(),
|
|
||||||
_rev: Joi.string(),
|
|
||||||
email: Joi.string(),
|
email: Joi.string(),
|
||||||
password: Joi.string().allow(null, ""),
|
password: Joi.string().allow(null, ""),
|
||||||
|
firstName: Joi.string(),
|
||||||
|
lastName: Joi.string(),
|
||||||
builder: Joi.object({
|
builder: Joi.object({
|
||||||
global: Joi.boolean().optional(),
|
global: Joi.boolean().optional(),
|
||||||
apps: Joi.array().optional(),
|
apps: Joi.array().optional(),
|
||||||
|
@ -21,7 +20,17 @@ function buildUserSaveValidation() {
|
||||||
.pattern(/.*/, Joi.string())
|
.pattern(/.*/, Joi.string())
|
||||||
.required()
|
.required()
|
||||||
.unknown(true)
|
.unknown(true)
|
||||||
}).required().unknown(true))
|
}
|
||||||
|
if (!isSelf) {
|
||||||
|
schema = {
|
||||||
|
...schema,
|
||||||
|
_id: Joi.string(),
|
||||||
|
_rev: Joi.string(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return joiValidator.body(Joi.object(schema)
|
||||||
|
.required()
|
||||||
|
.unknown(true))
|
||||||
}
|
}
|
||||||
|
|
||||||
function buildInviteValidation() {
|
function buildInviteValidation() {
|
||||||
|
@ -39,10 +48,19 @@ function buildInviteAcceptValidation() {
|
||||||
}).required().unknown(true))
|
}).required().unknown(true))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function buildUpdateSelfValidation() {
|
||||||
|
// prettier-ignore
|
||||||
|
return joiValidator.body(Joi.object({
|
||||||
|
inviteCode: Joi.string().required(),
|
||||||
|
password: Joi.string().required(),
|
||||||
|
}).required().unknown(true))
|
||||||
|
}
|
||||||
|
|
||||||
router
|
router
|
||||||
.post("/api/admin/users", buildUserSaveValidation(), controller.save)
|
.post("/api/admin/users", buildUserSaveValidation(), controller.save)
|
||||||
.get("/api/admin/users", controller.fetch)
|
.get("/api/admin/users", controller.fetch)
|
||||||
.post("/api/admin/users/init", controller.adminUser)
|
.post("/api/admin/users/init", controller.adminUser)
|
||||||
|
.post("/api/admin/users/self", buildUserSaveValidation(true), controller.self)
|
||||||
.delete("/api/admin/users/:id", controller.destroy)
|
.delete("/api/admin/users/:id", controller.destroy)
|
||||||
.get("/api/admin/users/:id", controller.find)
|
.get("/api/admin/users/:id", controller.find)
|
||||||
.get("/api/admin/roles/:appId")
|
.get("/api/admin/roles/:appId")
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
module.exports = async (ctx, next) => {
|
||||||
|
if (!ctx.user || !ctx.user.admin || !ctx.user.admin.global) {
|
||||||
|
ctx.throw(403, "Admin user only endpoint.")
|
||||||
|
}
|
||||||
|
return next()
|
||||||
|
}
|
Loading…
Reference in New Issue