Merge branch 'v3-ui' into budi-8792-bigint-and-boolean-fields-dont-support-default-values

packages/backend-core/src/security/roles.ts

@@ -237,7 +237,10 @@ export function validInherits(
 export function builtinRoleToNumber(id: string) {
   const builtins = getBuiltinRoles()
   const MAX = Object.values(builtins).length + 1
-  if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) {
+  if (
+    compareRoleIds(id, BUILTIN_IDS.ADMIN) ||
+    compareRoleIds(id, BUILTIN_IDS.BUILDER)
+  ) {
     return MAX
   }
   let role = builtins[id],
@@ -274,7 +277,9 @@ export async function roleToNumber(id: string) {
       // find the built-in roles, get their number, sort it, then get the last one
       const highestBuiltin: number | undefined = role.inherits
         .map(roleId => {
-          const foundRole = hierarchy.find(role => role._id === roleId)
+          const foundRole = hierarchy.find(role =>
+            compareRoleIds(role._id!, roleId)
+          )
           if (foundRole) {
             return findNumber(foundRole) + 1
           }
@@ -398,7 +403,7 @@ async function getAllUserRoles(
 ): Promise<RoleDoc[]> {
   const allRoles = await getAllRoles()
   // admins have access to all roles
-  if (userRoleId === BUILTIN_IDS.ADMIN) {
+  if (compareRoleIds(userRoleId, BUILTIN_IDS.ADMIN)) {
     return allRoles
   }
 
@@ -509,17 +514,21 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
     // need to combine builtin with any DB record of them (for sake of permissions)
     for (let builtinRoleId of externalBuiltinRoles) {
       const builtinRole = builtinRoles[builtinRoleId]
-      const dbBuiltin = roles.filter(
+      const dbBuiltin = roles.filter(dbRole =>
-        dbRole =>
+        compareRoleIds(dbRole._id!, builtinRoleId)
-          getExternalRoleID(dbRole._id!, dbRole.version) === builtinRoleId
       )[0]
       if (dbBuiltin == null) {
         roles.push(builtinRole || builtinRoles.BASIC)
       } else {
         // remove role and all back after combining with the builtin
         roles = roles.filter(role => role._id !== dbBuiltin._id)
-        dbBuiltin._id = getExternalRoleID(dbBuiltin._id!, dbBuiltin.version)
+        dbBuiltin._id = getExternalRoleID(builtinRole._id!, dbBuiltin.version)
-        roles.push(Object.assign(builtinRole, dbBuiltin))
+        roles.push({
+          ...builtinRole,
+          ...dbBuiltin,
+          name: builtinRole.name,
+          _id: getExternalRoleID(builtinRole._id!, builtinRole.version),
+        })
       }
     }
     // check permissions
@@ -565,9 +574,9 @@ export class AccessController {
     if (
       tryingRoleId == null ||
       tryingRoleId === "" ||
-      tryingRoleId === userRoleId ||
+      compareRoleIds(tryingRoleId, BUILTIN_IDS.BUILDER) ||
-      tryingRoleId === BUILTIN_IDS.BUILDER ||
+      compareRoleIds(userRoleId!, tryingRoleId) ||
-      userRoleId === BUILTIN_IDS.BUILDER
+      compareRoleIds(userRoleId!, BUILTIN_IDS.BUILDER)
     ) {
       return true
     }