Merge branch 'v3-ui' into budi-8792-bigint-and-boolean-fields-dont-support-default-values

2024-10-29 11:55:31 +00:00 · 2024-10-29 11:55:31 +00:00 · 22ae19aa90
parent 8b5dc8c877 3f006550d9
commit 22ae19aa90
1 changed files with 20 additions and 11 deletions
--- a/packages/backend-core/src/security/roles.ts
+++ b/packages/backend-core/src/security/roles.ts
@ -237,7 +237,10 @@ export function validInherits(
 export function builtinRoleToNumber(id: string) {
  const builtins = getBuiltinRoles()
  const MAX = Object.values(builtins).length + 1
-  if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) {
+  if (
+    compareRoleIds(id, BUILTIN_IDS.ADMIN) ||
+    compareRoleIds(id, BUILTIN_IDS.BUILDER)
+  ) {
    return MAX
  }
  let role = builtins[id],
@ -274,7 +277,9 @@ export async function roleToNumber(id: string) {
      // find the built-in roles, get their number, sort it, then get the last one
      const highestBuiltin: number | undefined = role.inherits
        .map(roleId => {
-          const foundRole = hierarchy.find(role => role._id === roleId)
+          const foundRole = hierarchy.find(role =>
+            compareRoleIds(role._id!, roleId)
+          )
          if (foundRole) {
            return findNumber(foundRole) + 1
          }
@ -398,7 +403,7 @@ async function getAllUserRoles(
 ): Promise<RoleDoc[]> {
  const allRoles = await getAllRoles()
  // admins have access to all roles
-  if (userRoleId === BUILTIN_IDS.ADMIN) {
+  if (compareRoleIds(userRoleId, BUILTIN_IDS.ADMIN)) {
    return allRoles
  }

@ -509,17 +514,21 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
    // need to combine builtin with any DB record of them (for sake of permissions)
    for (let builtinRoleId of externalBuiltinRoles) {
      const builtinRole = builtinRoles[builtinRoleId]
-      const dbBuiltin = roles.filter(
-        dbRole =>
-          getExternalRoleID(dbRole._id!, dbRole.version) === builtinRoleId
+      const dbBuiltin = roles.filter(dbRole =>
+        compareRoleIds(dbRole._id!, builtinRoleId)
      )[0]
      if (dbBuiltin == null) {
        roles.push(builtinRole || builtinRoles.BASIC)
      } else {
        // remove role and all back after combining with the builtin
        roles = roles.filter(role => role._id !== dbBuiltin._id)
-        dbBuiltin._id = getExternalRoleID(dbBuiltin._id!, dbBuiltin.version)
-        roles.push(Object.assign(builtinRole, dbBuiltin))
+        dbBuiltin._id = getExternalRoleID(builtinRole._id!, dbBuiltin.version)
+        roles.push({
+          ...builtinRole,
+          ...dbBuiltin,
+          name: builtinRole.name,
+          _id: getExternalRoleID(builtinRole._id!, builtinRole.version),
+        })
      }
    }
    // check permissions
@ -565,9 +574,9 @@ export class AccessController {
    if (
      tryingRoleId == null ||
      tryingRoleId === "" ||
-      tryingRoleId === userRoleId ||
-      tryingRoleId === BUILTIN_IDS.BUILDER ||
-      userRoleId === BUILTIN_IDS.BUILDER
+      compareRoleIds(tryingRoleId, BUILTIN_IDS.BUILDER) ||
+      compareRoleIds(userRoleId!, tryingRoleId) ||
+      compareRoleIds(userRoleId!, BUILTIN_IDS.BUILDER)
    ) {
      return true
    }