Merge master.

This commit is contained in:
Sam Rose 2023-11-27 10:59:49 +00:00
commit 1f070ff180
No known key found for this signature in database
35 changed files with 359 additions and 252 deletions

View File

@ -92,8 +92,8 @@ RUN chmod +x ./healthcheck.sh
# Script below sets the path for storing data based on $DATA_DIR
# For Azure App Service install SSH & point data locations to /home
ADD hosting/single/ssh/sshd_config /etc/
ADD hosting/single/ssh/ssh_setup.sh /tmp
COPY hosting/single/ssh/sshd_config /etc/
COPY hosting/single/ssh/ssh_setup.sh /tmp
# setup letsencrypt certificate
RUN apt-get install -y certbot python3-certbot-nginx

View File

@ -1,5 +1,5 @@
{
"version": "2.13.15",
"version": "2.13.17",
"npmClient": "yarn",
"packages": [
"packages/*"

View File

@ -160,4 +160,5 @@ export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
// utility as a lot of things need simply the builder permission
export const BUILDER = PermissionType.BUILDER
export const CREATOR = PermissionType.CREATOR
export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER

View File

@ -146,12 +146,12 @@ export class UserDB {
static async allUsers() {
const db = getGlobalDB()
const response = await db.allDocs(
const response = await db.allDocs<User>(
dbUtils.getGlobalUserParams(null, {
include_docs: true,
})
)
return response.rows.map((row: any) => row.doc)
return response.rows.map(row => row.doc!)
}
static async countUsersByApp(appId: string) {
@ -209,13 +209,6 @@ export class UserDB {
throw new Error("_id or email is required")
}
if (
user.builder?.apps?.length &&
!(await UserDB.features.isAppBuildersEnabled())
) {
throw new Error("Unable to update app builders, please check license")
}
let dbUser: User | undefined
if (_id) {
// try to get existing user from db

View File

@ -25,6 +25,7 @@ import {
import { getGlobalDB } from "../context"
import * as context from "../context"
import { isCreator } from "./utils"
import { UserDB } from "./db"
type GetOpts = { cleanup?: boolean }
@ -336,3 +337,20 @@ export function cleanseUserObject(user: User | ContextUser, base?: User) {
}
return user
}
export async function addAppBuilder(user: User, appId: string) {
const prodAppId = getProdAppID(appId)
user.builder ??= {}
user.builder.creator = true
user.builder.apps ??= []
user.builder.apps.push(prodAppId)
await UserDB.save(user, { hashPassword: false })
}
export async function removeAppBuilder(user: User, appId: string) {
const prodAppId = getProdAppID(appId)
if (user.builder && user.builder.apps?.includes(prodAppId)) {
user.builder.apps = user.builder.apps.filter(id => id !== prodAppId)
}
await UserDB.save(user, { hashPassword: false })
}

View File

@ -2,7 +2,7 @@
import "@spectrum-css/buttongroup/dist/index-vars.css"
export let vertical = false
export let gap = ""
export let gap = "M"
$: gapStyle =
gap === "L"

View File

@ -12,11 +12,13 @@
export let error = null
export let validate = null
export let options = []
export let footer = null
export let isOptionEnabled = () => true
export let getOptionLabel = option => extractProperty(option, "label")
export let getOptionValue = option => extractProperty(option, "value")
export let getOptionSubtitle = option => extractProperty(option, "subtitle")
export let getOptionColour = () => null
const dispatch = createEventDispatcher()
let open = false
@ -100,6 +102,7 @@
{error}
{disabled}
{options}
{footer}
{getOptionLabel}
{getOptionValue}
{getOptionSubtitle}

View File

@ -17,7 +17,7 @@
export let options = []
export let getOptionLabel = option => extractProperty(option, "label")
export let getOptionValue = option => extractProperty(option, "value")
export let getOptionSubtitle = option => option?.subtitle
export let isOptionSelected = () => false
const dispatch = createEventDispatcher()
@ -135,7 +135,7 @@
class="spectrum-Textfield-input spectrum-InputGroup-input"
/>
</div>
<div style="width: 30%">
<div style="width: 40%">
<button
{id}
class="spectrum-Picker spectrum-Picker--sizeM override-borders"
@ -157,6 +157,7 @@
<use xlink:href="#spectrum-css-icon-Chevron100" />
</svg>
</button>
</div>
{#if open}
<div
use:clickOutside={handleOutsideClick}
@ -175,6 +176,11 @@
>
<span class="spectrum-Menu-itemLabel">
{getOptionLabel(option, idx)}
{#if getOptionSubtitle(option, idx)}
<span class="subtitle-text">
{getOptionSubtitle(option, idx)}
</span>
{/if}
</span>
<svg
class="spectrum-Icon spectrum-UIIcon-Checkmark100 spectrum-Menu-checkmark spectrum-Menu-itemIcon"
@ -188,7 +194,6 @@
</ul>
</div>
{/if}
</div>
</div>
<style>
@ -196,7 +201,6 @@
min-width: 0;
width: 100%;
}
.spectrum-InputGroup-input {
border-right-width: 1px;
}
@ -206,7 +210,6 @@
.spectrum-Textfield-input {
width: 0;
}
.override-borders {
border-top-left-radius: 0px;
border-bottom-left-radius: 0px;
@ -215,5 +218,18 @@
max-height: 240px;
z-index: 999;
top: 100%;
width: 100%;
}
.subtitle-text {
font-size: 12px;
line-height: 15px;
font-weight: 500;
color: var(--spectrum-global-color-gray-600);
display: block;
margin-top: var(--spacing-s);
}
.spectrum-Menu-checkmark {
align-self: center;
margin-top: 0;
}
</style>

View File

@ -224,13 +224,12 @@
</span>
{/if}
<span class="spectrum-Menu-itemLabel">
{#if getOptionSubtitle(option, idx)}
<span class="subtitle-text"
>{getOptionSubtitle(option, idx)}</span
>
{/if}
{getOptionLabel(option, idx)}
{#if getOptionSubtitle(option, idx)}
<span class="subtitle-text">
{getOptionSubtitle(option, idx)}
</span>
{/if}
</span>
{#if option.tag}
<span class="option-tag">
@ -275,10 +274,9 @@
font-size: 12px;
line-height: 15px;
font-weight: 500;
top: 10px;
color: var(--spectrum-global-color-gray-600);
display: block;
margin-bottom: var(--spacing-s);
margin-top: var(--spacing-s);
}
.spectrum-Picker-label.auto-width {

View File

@ -10,8 +10,9 @@
export let getOptionLabel = option => option
export let getOptionValue = option => option
export let getOptionIcon = () => null
export let useOptionIconImage = false
export let getOptionColour = () => null
export let getOptionSubtitle = () => null
export let useOptionIconImage = false
export let isOptionEnabled
export let readonly = false
export let quiet = false
@ -82,8 +83,9 @@
{getOptionLabel}
{getOptionValue}
{getOptionIcon}
{useOptionIconImage}
{getOptionColour}
{getOptionSubtitle}
{useOptionIconImage}
{isOptionEnabled}
{autocomplete}
{sort}

View File

@ -43,6 +43,7 @@
{quiet}
{autofocus}
{options}
isOptionSelected={option => option === dropdownValue}
on:change={onChange}
on:pick={onPick}
on:click

View File

@ -13,9 +13,10 @@
export let options = []
export let getOptionLabel = option => extractProperty(option, "label")
export let getOptionValue = option => extractProperty(option, "value")
export let getOptionSubtitle = option => option?.subtitle
export let getOptionIcon = option => option?.icon
export let useOptionIconImage = false
export let getOptionColour = option => option?.colour
export let useOptionIconImage = false
export let isOptionEnabled
export let quiet = false
export let autoWidth = false
@ -58,6 +59,7 @@
{getOptionValue}
{getOptionIcon}
{getOptionColour}
{getOptionSubtitle}
{useOptionIconImage}
{isOptionEnabled}
{autocomplete}

View File

@ -20,73 +20,91 @@
export let allowedRoles = null
export let allowCreator = false
export let fancySelect = false
export let labelPrefix = null
const dispatch = createEventDispatcher()
const RemoveID = "remove"
$: enrichLabel = label => (labelPrefix ? `${labelPrefix} ${label}` : label)
$: options = getOptions(
$roles,
allowPublic,
allowRemove,
allowedRoles,
allowCreator
allowCreator,
enrichLabel
)
const getOptions = (
roles,
allowPublic,
allowRemove,
allowedRoles,
allowCreator
allowCreator,
enrichLabel
) => {
// Use roles whitelist if specified
if (allowedRoles?.length) {
const filteredRoles = roles.filter(role =>
allowedRoles.includes(role._id)
)
return [
...filteredRoles,
...(allowedRoles.includes(Constants.Roles.CREATOR)
? [{ _id: Constants.Roles.CREATOR, name: "Creator", enabled: false }]
: []),
]
}
let newRoles = [...roles]
if (allowCreator) {
newRoles = [
{
let options = roles
.filter(role => allowedRoles.includes(role._id))
.map(role => ({
name: enrichLabel(role.name),
_id: role._id,
}))
if (allowedRoles.includes(Constants.Roles.CREATOR)) {
options.push({
_id: Constants.Roles.CREATOR,
name: "Creator",
name: "Can edit",
enabled: false,
})
}
return options
}
// Allow all core roles
let options = roles.map(role => ({
name: enrichLabel(role.name),
_id: role._id,
}))
// Add creator if required
if (allowCreator) {
options.unshift({
_id: Constants.Roles.CREATOR,
name: "Can edit",
tag:
!$licensing.perAppBuildersEnabled &&
capitalise(Constants.PlanType.BUSINESS),
},
...newRoles,
]
})
}
// Add remove option if required
if (allowRemove) {
newRoles = [
...newRoles,
{
options.push({
_id: RemoveID,
name: "Remove",
},
]
})
}
if (allowPublic) {
return newRoles
// Remove public if not allowed
if (!allowPublic) {
options = options.filter(role => role._id !== Constants.Roles.PUBLIC)
}
return newRoles.filter(role => role._id !== Constants.Roles.PUBLIC)
return options
}
const getColor = role => {
if (allowRemove && role._id === RemoveID) {
// Creator and remove options have no colors
if (role._id === Constants.Roles.CREATOR || role._id === RemoveID) {
return null
}
return RoleUtils.getRoleColour(role._id)
}
const getIcon = role => {
if (allowRemove && role._id === RemoveID) {
// Only remove option has an icon
if (role._id === RemoveID) {
return "Close"
}
return null

View File

@ -364,7 +364,10 @@
const payload = [
{
email: newUserEmail,
builder: { global: creationRoleType === Constants.BudibaseRoles.Admin },
builder: {
global: creationRoleType === Constants.BudibaseRoles.Admin,
creator: creationRoleType === Constants.BudibaseRoles.Creator,
},
admin: { global: creationRoleType === Constants.BudibaseRoles.Admin },
},
]
@ -471,10 +474,6 @@
await users.removeAppBuilder(userId, prodAppId)
}
const addGroupAppBuilder = async groupId => {
await groups.actions.addGroupAppBuilder(groupId, prodAppId)
}
const removeGroupAppBuilder = async groupId => {
await groups.actions.removeGroupAppBuilder(groupId, prodAppId)
}
@ -495,14 +494,12 @@
}
const getInviteRoleValue = invite => {
if (invite.info?.admin?.global && invite.info?.builder?.global) {
return Constants.Roles.ADMIN
}
if (invite.info?.builder?.apps?.includes(prodAppId)) {
if (
(invite.info?.admin?.global && invite.info?.builder?.global) ||
invite.info?.builder?.apps?.includes(prodAppId)
) {
return Constants.Roles.CREATOR
}
return invite.info.apps?.[prodAppId]
}
@ -512,7 +509,7 @@
return `This user has been given ${role?.name} access from the ${user.group} group`
}
if (user.isAdminOrGlobalBuilder) {
return "This user's role grants admin access to all apps"
return "Account admins can edit all apps"
}
return null
}
@ -523,6 +520,18 @@
}
return user.role
}
const checkAppAccess = e => {
// Ensure we don't get into an invalid combo of tenant role and app access
if (
e.detail === Constants.BudibaseRoles.AppUser &&
creationAccessType === Constants.Roles.CREATOR
) {
creationAccessType = Constants.Roles.BASIC
} else if (e.detail === Constants.BudibaseRoles.Admin) {
creationAccessType = Constants.Roles.CREATOR
}
}
</script>
<svelte:window on:keydown={handleKeyDown} />
@ -650,8 +659,9 @@
autoWidth
align="right"
allowedRoles={user.isAdminOrGlobalBuilder
? [Constants.Roles.ADMIN]
? [Constants.Roles.CREATOR]
: null}
labelPrefix="Can use as"
/>
</div>
</div>
@ -695,19 +705,16 @@
allowRemove={group.role}
allowPublic={false}
quiet={true}
allowCreator={true}
allowCreator={group.role === Constants.Roles.CREATOR}
on:change={e => {
if (e.detail === Constants.Roles.CREATOR) {
addGroupAppBuilder(group._id)
} else {
onUpdateGroup(group, e.detail)
}
}}
on:remove={() => {
onUpdateGroup(group)
}}
autoWidth
align="right"
labelPrefix="Can use as"
/>
</div>
</div>
@ -753,6 +760,7 @@
allowedRoles={user.isAdminOrGlobalBuilder
? [Constants.Roles.CREATOR]
: null}
labelPrefix="Can use as"
/>
</div>
</div>
@ -804,33 +812,34 @@
<FancySelect
bind:value={creationRoleType}
options={sdk.users.isAdmin($auth.user)
? Constants.BudibaseRoleOptionsNew
: Constants.BudibaseRoleOptionsNew.filter(
? Constants.BudibaseRoleOptions
: Constants.BudibaseRoleOptions.filter(
option => option.value !== Constants.BudibaseRoles.Admin
)}
label="Access"
label="Role"
on:change={checkAppAccess}
/>
{#if creationRoleType !== Constants.BudibaseRoles.Admin}
<span class="role-wrap">
<RoleSelect
placeholder={false}
bind:value={creationAccessType}
allowPublic={false}
allowCreator={true}
allowCreator={creationRoleType !==
Constants.BudibaseRoles.AppUser}
quiet={true}
autoWidth
align="right"
fancySelect
allowedRoles={creationRoleType === Constants.BudibaseRoles.Admin
? [Constants.Roles.CREATOR]
: null}
footer={getRoleFooter({
isAdminOrGlobalBuilder:
creationRoleType === Constants.BudibaseRoles.Admin,
})}
/>
</span>
{/if}
</FancyForm>
{#if creationRoleType === Constants.BudibaseRoles.Admin}
<div class="admin-info">
<Icon name="Info" />
Admins will get full access to all apps and settings
</div>
{/if}
<span class="add-user">
<Button
newStyles
@ -871,16 +880,6 @@
display: grid;
}
.admin-info {
margin-top: var(--spacing-xl);
padding: var(--spacing-l) var(--spacing-l) var(--spacing-l) var(--spacing-l);
display: flex;
align-items: center;
gap: var(--spacing-xl);
height: 30px;
background-color: var(--background-alt);
}
.underlined {
text-decoration: underline;
cursor: pointer;
@ -898,7 +897,6 @@
display: flex;
flex-direction: column;
gap: var(--spacing-s);
width: 400px;
}
.auth-entity-meta {
@ -927,7 +925,7 @@
.auth-entity,
.auth-entity-header {
display: grid;
grid-template-columns: 1fr 110px;
grid-template-columns: 1fr 180px;
align-items: center;
gap: var(--spacing-xl);
}
@ -958,7 +956,7 @@
overflow-y: auto;
overflow-x: hidden;
position: absolute;
width: 400px;
width: 440px;
right: 0;
height: 100%;
box-shadow: 0 0 40px 10px rgba(0, 0, 0, 0.1);

View File

@ -4,8 +4,6 @@
import { url, isActive } from "@roxi/routify"
import DeleteModal from "components/deploy/DeleteModal.svelte"
import { isOnlyUser } from "builderStore"
import { auth } from "stores/portal"
import { sdk } from "@budibase/shared-core"
let deleteModal
</script>
@ -46,7 +44,6 @@
url={$url("./version")}
active={$isActive("./version")}
/>
{#if sdk.users.isGlobalBuilder($auth.user)}
<div class="delete-action">
<AbsTooltip
position={TooltipPosition.Bottom}
@ -63,7 +60,6 @@
/>
</AbsTooltip>
</div>
{/if}
</SideNav>
<slot />
</Content>

View File

@ -16,7 +16,7 @@
let activeTab = "Apps"
$: $url(), updateActiveTab($menu)
$: isOnboarding = !$apps.length && sdk.users.isGlobalBuilder($auth.user)
$: isOnboarding = !$apps.length && sdk.users.hasBuilderPermissions($auth.user)
const updateActiveTab = menu => {
for (let entry of menu) {

View File

@ -34,7 +34,7 @@
}
// Go to new app page if no apps exists
if (!$apps.length && sdk.users.isGlobalBuilder($auth.user)) {
if (!$apps.length && sdk.users.hasBuilderPermissions($auth.user)) {
$redirect("./onboarding")
}
} catch (error) {

View File

@ -237,7 +237,7 @@
{#if enrichedApps.length}
<Layout noPadding gap="L">
<div class="title">
{#if $auth.user && sdk.users.isGlobalBuilder($auth.user)}
{#if $auth.user && sdk.users.canCreateApps($auth.user)}
<div class="buttons">
<Button
size="M"

View File

@ -52,7 +52,7 @@
goToApp()
} catch (e) {
loading = false
notifications.error("There was a problem creating your app")
notifications.error(e.message || "There was a problem creating your app")
}
}
</script>

View File

@ -55,6 +55,7 @@
},
role: {
width: "1fr",
displayName: "Access",
},
}
const customGroupTableRenderers = [
@ -98,7 +99,7 @@
return y._id === userId
})
})
$: globalRole = sdk.users.isAdmin(user) ? "admin" : "appUser"
$: globalRole = users.getUserRole(user)
const getAvailableApps = (appList, privileged, roles) => {
let availableApps = appList.slice()
@ -177,12 +178,21 @@
}
async function updateUserRole({ detail }) {
if (detail === "developer") {
if (detail === Constants.BudibaseRoles.Developer) {
toggleFlags({ admin: { global: false }, builder: { global: true } })
} else if (detail === "admin") {
} else if (detail === Constants.BudibaseRoles.Admin) {
toggleFlags({ admin: { global: true }, builder: { global: true } })
} else if (detail === "appUser") {
} else if (detail === Constants.BudibaseRoles.AppUser) {
toggleFlags({ admin: { global: false }, builder: { global: false } })
} else if (detail === Constants.BudibaseRoles.Creator) {
toggleFlags({
admin: { global: false },
builder: {
global: false,
creator: true,
apps: user?.builder?.apps || [],
},
})
}
}
@ -295,6 +305,7 @@
<div class="field">
<Label size="L">Role</Label>
<Select
placeholder={null}
disabled={!sdk.users.isAdmin($auth.user)}
value={globalRole}
options={Constants.BudibaseRoleOptions}

View File

@ -29,7 +29,6 @@
},
]
$: hasError = userData.find(x => x.error != null)
$: userCount = $licensing.userCount + userData.length
$: reached = licensing.usersLimitReached(userCount)
$: exceeded = licensing.usersLimitExceeded(userCount)
@ -98,7 +97,7 @@
align-items: center;
flex-direction: row;"
>
<div style="width: 90%">
<div style="flex: 1 1 auto;">
<InputDropdown
inputType="email"
bind:inputValue={input.email}

View File

@ -14,6 +14,10 @@
}
</script>
<StatusLight square color={RoleUtils.getRoleColour(value)}>
{getRoleLabel(value)}
</StatusLight>
{#if value === Constants.Roles.CREATOR}
Can edit
{:else}
<StatusLight square color={RoleUtils.getRoleColour(value)}>
Can use as {getRoleLabel(value)}
</StatusLight>
{/if}

View File

@ -15,6 +15,7 @@
const BYTES_IN_MB = 1000000
const FILE_SIZE_LIMIT = BYTES_IN_MB * 5
const MAX_USERS_UPLOAD_LIMIT = 1000
export let createUsersFromCsv
let files = []
@ -22,13 +23,16 @@
let userEmails = []
let userGroups = []
let usersRole = null
$: invalidEmails = []
$: invalidEmails = []
$: userCount = $licensing.userCount + userEmails.length
$: exceed = licensing.usersLimitExceeded(userCount)
$: importDisabled =
!userEmails.length || !validEmails(userEmails) || !usersRole || exceed
$: roleOptions = Constants.BudibaseRoleOptions.map(option => ({
...option,
label: `${option.label} - ${option.subtitle}`,
}))
const validEmails = userEmails => {
if ($admin.cloud && userEmails.length > MAX_USERS_UPLOAD_LIMIT) {
@ -100,10 +104,7 @@
users. Upgrade your plan to add more users
</div>
{/if}
<RadioGroup
bind:value={usersRole}
options={Constants.BuilderRoleDescriptions}
/>
<RadioGroup bind:value={usersRole} options={roleOptions} />
{#if $licensing.groupsEnabled}
<Multiselect

View File

@ -4,17 +4,11 @@
export let row
const TooltipMap = {
appUser: "Only has access to assigned apps",
developer: "Access to the app builder",
admin: "Full access",
}
$: role = Constants.BudibaseRoleOptionsOld.find(
$: role = Constants.BudibaseRoleOptions.find(
x => x.value === users.getUserRole(row)
)
$: value = role?.label || "Not available"
$: tooltip = TooltipMap[role?.value] || ""
$: tooltip = role.subtitle || ""
</script>
<div on:click|stopPropagation title={tooltip}>

View File

@ -172,6 +172,7 @@
const payload = userData?.users?.map(user => ({
email: user.email,
builder: user.role === Constants.BudibaseRoles.Developer,
creator: user.role === Constants.BudibaseRoles.Creator,
admin: user.role === Constants.BudibaseRoles.Admin,
groups: userData.groups,
}))
@ -190,18 +191,18 @@
for (const user of userData?.users ?? []) {
const { email } = user
if (
newUsers.find(x => x.email === email) ||
currentUserEmails.includes(email)
)
) {
continue
}
newUsers.push(user)
}
if (!newUsers.length)
if (!newUsers.length) {
notifications.info("Duplicated! There is no new users to add.")
}
return { ...userData, users: newUsers }
}
@ -266,7 +267,6 @@
try {
await groups.actions.init()
groupsLoaded = true
pendingInvites = await users.getInvites()
invitesLoaded = true
} catch (error) {

View File

@ -3,6 +3,7 @@ import { API } from "api"
import { update } from "lodash"
import { licensing } from "."
import { sdk } from "@budibase/shared-core"
import { Constants } from "@budibase/frontend-core"
export function createUsersStore() {
const { subscribe, set } = writable({})
@ -77,6 +78,9 @@ export function createUsersStore() {
case "developer":
body.builder = { global: true }
break
case "creator":
body.builder = { creator: true, global: false }
break
case "admin":
body.admin = { global: true }
body.builder = { global: true }
@ -120,12 +124,18 @@ export function createUsersStore() {
return await API.removeAppBuilder({ userId, appId })
}
const getUserRole = user =>
sdk.users.isAdmin(user)
? "admin"
: sdk.users.isBuilder(user)
? "developer"
: "appUser"
const getUserRole = user => {
if (sdk.users.isAdmin(user)) {
return Constants.BudibaseRoles.Admin
} else if (sdk.users.isBuilder(user)) {
return Constants.BudibaseRoles.Developer
} else if (sdk.users.hasCreatorPermissions(user)) {
return Constants.BudibaseRoles.Creator
} else {
return Constants.BudibaseRoles.AppUser
}
}
const refreshUsage =
fn =>
async (...args) => {

View File

@ -214,15 +214,23 @@ export const buildUserEndpoints = API => ({
inviteUsers: async users => {
return await API.post({
url: "/api/global/users/multi/invite",
body: users.map(user => ({
body: users.map(user => {
let builder = undefined
if (user.admin || user.builder) {
builder = { global: true }
} else if (user.creator) {
builder = { creator: true }
}
return {
email: user.email,
userInfo: {
admin: user.admin ? { global: true } : undefined,
builder: user.admin || user.builder ? { global: true } : undefined,
builder,
userGroups: user.groups,
roles: user.apps ? user.apps : undefined,
},
})),
}
}),
})
},

View File

@ -20,42 +20,31 @@ export const TableNames = {
export const BudibaseRoles = {
AppUser: "appUser",
Developer: "developer",
Creator: "creator",
Admin: "admin",
}
export const BudibaseRoleOptionsOld = [
{ label: "Developer", value: BudibaseRoles.Developer },
{ label: "Member", value: BudibaseRoles.AppUser },
{ label: "Admin", value: BudibaseRoles.Admin },
{
label: "Developer",
value: BudibaseRoles.Developer,
},
]
export const BudibaseRoleOptions = [
{ label: "Member", value: BudibaseRoles.AppUser },
{ label: "Admin", value: BudibaseRoles.Admin },
]
export const BudibaseRoleOptionsNew = [
{
label: "Admin",
value: "admin",
label: "Account admin",
value: BudibaseRoles.Admin,
subtitle: "Has full access to all apps and settings in your account",
},
{
label: "Member",
value: "appUser",
subtitle: "Can only view apps they have access to",
label: "Creator",
value: BudibaseRoles.Creator,
subtitle: "Can create and edit apps they have access to",
},
]
export const BuilderRoleDescriptions = [
{
label: "App user",
value: BudibaseRoles.AppUser,
icon: "User",
label: "App user - Only has access to published apps",
},
{
value: BudibaseRoles.Admin,
icon: "Draw",
label: "Admin - Full access",
subtitle: "Can only use published apps they have access to",
},
]

View File

@ -51,6 +51,7 @@ import {
import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
import sdk from "../../sdk"
import { builderSocket } from "../../websockets"
import { sdk as sharedCoreSDK } from "@budibase/shared-core"
// utility function, need to do away with this
async function getLayouts() {
@ -394,6 +395,12 @@ async function appPostCreate(ctx: UserCtx, app: App) {
}
}
}
// If the user is a creator, we need to give them access to the new app
if (sharedCoreSDK.users.hasCreatorPermissions(ctx.user)) {
const user = await users.UserDB.getUser(ctx.user._id!)
await users.addAppBuilder(user, app.appId)
}
}
export async function create(ctx: UserCtx) {

View File

@ -16,7 +16,7 @@ router
)
.post(
"/api/applications",
authorized(permissions.GLOBAL_BUILDER),
authorized(permissions.CREATOR),
applicationValidator(),
controller.create
)

View File

@ -5,7 +5,7 @@ import {
roles,
users,
} from "@budibase/backend-core"
import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types"
import { PermissionLevel, PermissionType, UserCtx } from "@budibase/types"
import builderMiddleware from "./builder"
import { isWebhookEndpoint } from "./utils"
import { paramResource } from "./resourceId"
@ -31,13 +31,20 @@ const checkAuthorized = async (
) => {
const appId = context.getAppId()
const isGlobalBuilderApi = permType === PermissionType.GLOBAL_BUILDER
const isCreatorApi = permType === PermissionType.CREATOR
const isBuilderApi = permType === PermissionType.BUILDER
const globalBuilder = users.isGlobalBuilder(ctx.user)
let isBuilder = appId
const isGlobalBuilder = users.isGlobalBuilder(ctx.user)
const isCreator = users.isCreator(ctx.user)
const isBuilder = appId
? users.isBuilder(ctx.user, appId)
: users.hasBuilderPermissions(ctx.user)
// check if this is a builder api and the user is not a builder
if ((isGlobalBuilderApi && !globalBuilder) || (isBuilderApi && !isBuilder)) {
// check api permission type against user
if (
(isGlobalBuilderApi && !isGlobalBuilder) ||
(isCreatorApi && !isCreator) ||
(isBuilderApi && !isBuilder)
) {
return ctx.throw(403, "Not Authorized")
}
@ -148,6 +155,7 @@ const authorized =
// to find API endpoints which are builder focused
if (
permType === PermissionType.BUILDER ||
permType === PermissionType.CREATOR ||
permType === PermissionType.GLOBAL_BUILDER
) {
await builderMiddleware(ctx)

View File

@ -25,6 +25,10 @@ export function isGlobalBuilder(user: User | ContextUser): boolean {
return (isBuilder(user) && !hasAppBuilderPermissions(user)) || isAdmin(user)
}
export function canCreateApps(user: User | ContextUser): boolean {
return isGlobalBuilder(user) || hasCreatorPermissions(user)
}
// alias for hasAdminPermission, currently do the same thing
// in future whether someone has admin permissions and whether they are
// an admin for a specific resource could be separated
@ -66,7 +70,7 @@ export function hasAppCreatorPermissions(user?: User | ContextUser): boolean {
return _.flow(
_.get("roles"),
_.values,
_.find(x => ["CREATOR", "ADMIN"].includes(x)),
_.find(x => x === "CREATOR"),
x => !!x
)(user)
}
@ -76,7 +80,11 @@ export function hasBuilderPermissions(user?: User | ContextUser): boolean {
if (!user) {
return false
}
return user.builder?.global || hasAppBuilderPermissions(user)
return (
user.builder?.global ||
hasAppBuilderPermissions(user) ||
hasCreatorPermissions(user)
)
}
// checks if a user is capable of being an admin
@ -87,13 +95,21 @@ export function hasAdminPermissions(user?: User | ContextUser): boolean {
return !!user.admin?.global
}
export function hasCreatorPermissions(user?: User | ContextUser): boolean {
if (!user) {
return false
}
return !!user.builder?.creator
}
export function isCreator(user?: User | ContextUser): boolean {
if (!user) {
return false
}
return (
isGlobalBuilder(user) ||
isGlobalBuilder(user!) ||
hasAdminPermissions(user) ||
hasCreatorPermissions(user) ||
hasAppBuilderPermissions(user) ||
hasAppCreatorPermissions(user)
)

View File

@ -44,6 +44,7 @@ export interface User extends Document {
builder?: {
global?: boolean
apps?: string[]
creator?: boolean
}
admin?: {
global: boolean

View File

@ -13,6 +13,7 @@ export enum PermissionType {
AUTOMATION = "automation",
WEBHOOK = "webhook",
BUILDER = "builder",
CREATOR = "creator",
GLOBAL_BUILDER = "globalBuilder",
QUERY = "query",
VIEW = "view",

View File

@ -51,10 +51,22 @@ export async function removeAppRole(ctx: Ctx) {
const users = await sdk.users.db.allUsers()
const bulk = []
const cacheInvalidations = []
const prodAppId = dbCore.getProdAppID(appId)
for (let user of users) {
if (user.roles[appId]) {
cacheInvalidations.push(cache.user.invalidateUser(user._id))
delete user.roles[appId]
let updated = false
if (user.roles[prodAppId]) {
cacheInvalidations.push(cache.user.invalidateUser(user._id!))
delete user.roles[prodAppId]
updated = true
}
if (user.builder && Array.isArray(user.builder?.apps)) {
const idx = user.builder.apps.indexOf(prodAppId)
if (idx !== -1) {
user.builder.apps.splice(idx, 1)
updated = true
}
}
if (updated) {
bulk.push(user)
}
}