Merge branch 'develop' into api-tests-user-management

charts/budibase/templates/app-service-deployment.yaml

@@ -159,6 +159,18 @@ spec:
         - name: ELASTIC_APM_SERVER_URL
           value: {{ .Values.globals.elasticApmServerUrl | quote }}
         {{ end }}
+        {{ if .Values.globals.globalAgentHttpProxy }}
+        - name: GLOBAL_AGENT_HTTP_PROXY
+          value: {{ .Values.globals.globalAgentHttpProxy | quote }}
+        {{ end }}
+        {{ if .Values.globals.globalAgentHttpsProxy }}
+        - name: GLOBAL_AGENT_HTTPS_PROXY
+          value: {{ .Values.globals.globalAgentHttpsProxy | quote }}
+        {{ end }}
+        {{ if .Values.globals.globalAgentNoProxy }}
+        - name: GLOBAL_AGENT_NO_PROXY
+          value: {{ .Values.globals.globalAgentNoProxy | quote }}
+        {{ end }}
         - name: CDN_URL
           value: {{ .Values.globals.cdnUrl }}
         {{ if .Values.services.tlsRejectUnauthorized }}

charts/budibase/templates/worker-service-deployment.yaml

@@ -150,6 +150,18 @@ spec:
         - name: ELASTIC_APM_SERVER_URL
           value: {{ .Values.globals.elasticApmServerUrl | quote }}
         {{ end }}
+        {{ if .Values.globals.globalAgentHttpProxy }}
+        - name: GLOBAL_AGENT_HTTP_PROXY
+          value: {{ .Values.globals.globalAgentHttpProxy | quote }}
+        {{ end }}
+        {{ if .Values.globals.globalAgentHttpsProxy }}
+        - name: GLOBAL_AGENT_HTTPS_PROXY
+          value: {{ .Values.globals.globalAgentHttpsProxy | quote }}
+        {{ end }}
+        {{ if .Values.globals.globalAgentNoProxy }}
+        - name: GLOBAL_AGENT_NO_PROXY
+          value: {{ .Values.globals.globalAgentNoProxy | quote }}
+        {{ end }}
         - name: CDN_URL
           value: {{ .Values.globals.cdnUrl }}
         {{ if .Values.services.tlsRejectUnauthorized }}

charts/budibase/values.yaml

@@ -112,6 +112,9 @@ globals:
 #  elasticApmEnabled:
 #  elasticApmSecretToken:
 #  elasticApmServerUrl:
+#  globalAgentHttpProxy:
+#  globalAgentHttpsProxy:
+#  globalAgentNoProxy:
 
 services:
   budibaseVersion: latest

lerna.json

@@ -1,5 +1,5 @@
 {
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "npmClient": "yarn",
   "packages": [
     "packages/*"

packages/backend-core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/backend-core",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "description": "Budibase backend core libraries used in server and worker",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",
@@ -20,7 +20,7 @@
     "test:watch": "jest --watchAll"
   },
   "dependencies": {
-    "@budibase/types": "2.1.43-alpha.9",
+    "@budibase/types": "2.1.46-alpha.1",
     "@shopify/jest-koa-mocks": "5.0.1",
     "@techpass/passport-openidconnect": "0.3.2",
     "aws-sdk": "2.1030.0",

packages/backend-core/src/middleware/passport/google.ts

@@ -1,9 +1,9 @@
 import { ssoCallbackUrl } from "./utils"
-import { authenticateThirdParty } from "./third-party-common"
+import { authenticateThirdParty, SaveUserFunction } from "./third-party-common"
 import { ConfigType, GoogleConfig, Database, SSOProfile } from "@budibase/types"
 const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
 
-export function buildVerifyFn(saveUserFn?: Function) {
+export function buildVerifyFn(saveUserFn?: SaveUserFunction) {
   return (
     accessToken: string,
     refreshToken: string,
@@ -39,7 +39,7 @@ export function buildVerifyFn(saveUserFn?: Function) {
 export async function strategyFactory(
   config: GoogleConfig["config"],
   callbackUrl: string,
-  saveUserFn?: Function
+  saveUserFn?: SaveUserFunction
 ) {
   try {
     const { clientID, clientSecret } = config

packages/backend-core/src/middleware/passport/oidc.ts

@@ -1,5 +1,5 @@
 import fetch from "node-fetch"
-import { authenticateThirdParty } from "./third-party-common"
+import { authenticateThirdParty, SaveUserFunction } from "./third-party-common"
 import { ssoCallbackUrl } from "./utils"
 import {
   Config,
@@ -17,7 +17,7 @@ type JwtClaims = {
   email: string
 }
 
-export function buildVerifyFn(saveUserFn?: Function) {
+export function buildVerifyFn(saveUserFn?: SaveUserFunction) {
   /**
    * @param {*} issuer The identity provider base URL
    * @param {*} sub The user ID
@@ -106,7 +106,7 @@ function validEmail(value: string) {
  */
 export async function strategyFactory(
   config: OIDCConfiguration,
-  saveUserFn?: Function
+  saveUserFn?: SaveUserFunction
 ) {
   try {
     const verify = buildVerifyFn(saveUserFn)

packages/backend-core/src/middleware/passport/third-party-common.ts

@@ -9,6 +9,17 @@ import fetch from "node-fetch"
 import { ThirdPartyUser } from "@budibase/types"
 const jwt = require("jsonwebtoken")
 
+type SaveUserOpts = {
+  requirePassword?: boolean
+  hashPassword?: boolean
+  currentUserId?: string
+}
+
+export type SaveUserFunction = (
+  user: ThirdPartyUser,
+  opts: SaveUserOpts
+) => Promise<any>
+
 /**
  * Common authentication logic for third parties. e.g. OAuth, OIDC.
  */
@@ -16,7 +27,7 @@ export async function authenticateThirdParty(
   thirdPartyUser: ThirdPartyUser,
   requireLocalAccount: boolean = true,
   done: Function,
-  saveUserFn?: Function
+  saveUserFn?: SaveUserFunction
 ) {
   if (!saveUserFn) {
     throw new Error("Save user function must be provided")
@@ -81,7 +92,7 @@ export async function authenticateThirdParty(
 
   // create or sync the user
   try {
-    await saveUserFn(dbUser, false, false)
+    await saveUserFn(dbUser, { hashPassword: false, requirePassword: false })
   } catch (err: any) {
     return authError(done, err)
   }

packages/bbui/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/bbui",
   "description": "A UI solution used in the different Budibase projects.",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "license": "MPL-2.0",
   "svelte": "src/index.js",
   "module": "dist/bbui.es.js",
@@ -38,7 +38,7 @@
   ],
   "dependencies": {
     "@adobe/spectrum-css-workflow-icons": "^1.2.1",
-    "@budibase/string-templates": "2.1.43-alpha.9",
+    "@budibase/string-templates": "2.1.46-alpha.1",
     "@spectrum-css/actionbutton": "^1.0.1",
     "@spectrum-css/actiongroup": "^1.0.1",
     "@spectrum-css/avatar": "^3.0.2",
@@ -67,19 +67,19 @@
     "@spectrum-css/search": "^3.0.2",
     "@spectrum-css/sidenav": "^3.0.2",
     "@spectrum-css/slider": "3.0.1",
-    "@spectrum-css/statuslight": "^3.0.2",
+    "@spectrum-css/statuslight": "3.0.2",
-    "@spectrum-css/stepper": "^3.0.3",
+    "@spectrum-css/stepper": "3.0.3",
-    "@spectrum-css/switch": "^1.0.2",
+    "@spectrum-css/switch": "1.0.2",
-    "@spectrum-css/table": "^3.0.1",
+    "@spectrum-css/table": "3.0.1",
-    "@spectrum-css/tabs": "^3.2.12",
+    "@spectrum-css/tabs": "3.2.12",
-    "@spectrum-css/tags": "^3.0.2",
+    "@spectrum-css/tags": "3.0.2",
-    "@spectrum-css/textfield": "^3.0.1",
+    "@spectrum-css/textfield": "3.0.1",
-    "@spectrum-css/toast": "^3.0.1",
+    "@spectrum-css/toast": "3.0.1",
-    "@spectrum-css/tooltip": "^3.0.3",
+    "@spectrum-css/tooltip": "3.0.3",
-    "@spectrum-css/treeview": "^3.0.2",
+    "@spectrum-css/treeview": "3.0.2",
-    "@spectrum-css/typography": "^3.0.1",
+    "@spectrum-css/typography": "3.0.1",
-    "@spectrum-css/underlay": "^2.0.9",
+    "@spectrum-css/underlay": "2.0.9",
-    "@spectrum-css/vars": "^3.0.1",
+    "@spectrum-css/vars": "3.0.1",
     "dayjs": "^1.10.4",
     "easymde": "^2.16.1",
     "svelte-flatpickr": "^3.2.3",

packages/bbui/src/Form/Core/Picker.svelte

@@ -205,7 +205,10 @@
     width: 100%;
   }
   .spectrum-Popover.auto-width :global(.spectrum-Menu-itemLabel) {
+    max-width: 400px;
     white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
   }
   .spectrum-Picker {
     width: 100%;

packages/builder/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/builder",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "license": "GPL-3.0",
   "private": true,
   "scripts": {
@@ -71,10 +71,10 @@
     }
   },
   "dependencies": {
-    "@budibase/bbui": "2.1.43-alpha.9",
+    "@budibase/bbui": "2.1.46-alpha.1",
-    "@budibase/client": "2.1.43-alpha.9",
+    "@budibase/client": "2.1.46-alpha.1",
-    "@budibase/frontend-core": "2.1.43-alpha.9",
+    "@budibase/frontend-core": "2.1.46-alpha.1",
-    "@budibase/string-templates": "2.1.43-alpha.9",
+    "@budibase/string-templates": "2.1.46-alpha.1",
     "@sentry/browser": "5.19.1",
     "@spectrum-css/page": "^3.0.1",
     "@spectrum-css/vars": "^3.0.1",

packages/builder/src/builderStore/dataBinding.js

@@ -481,6 +481,7 @@ const getSelectedRowsBindings = asset => {
           block._id + "-table"
         )}.${makePropSafe("selectedRows")}`,
         readableBinding: `${block._instanceName}.Selected rows`,
+        category: "Selected rows",
       }))
     )
   }
@@ -1004,7 +1005,10 @@ const bindingReplacement = (
  * {{ literal [componentId] }}
  */
 const extractLiteralHandlebarsID = value => {
-  return value?.match(/{{\s*literal\s*\[+([^\]]+)].*}}/)?.[1]
+  if (!value || typeof value !== "string") {
+    return null
+  }
+  return value.match(/{{\s*literal\s*\[+([^\]]+)].*}}/)?.[1]
 }
 
 /**

packages/builder/src/builderStore/store/frontend.js

@@ -1049,8 +1049,8 @@ export const getFrontendStore = () => {
           const updatedSetting = settings.find(setting => setting.key === name)
 
           if (
-            updatedSetting.type === "dataSource" ||
+            updatedSetting?.type === "dataSource" ||
-            updatedSetting.type === "table"
+            updatedSetting?.type === "table"
           ) {
             const { schema } = getSchemaForDatasource(null, value)
             const columnNames = Object.keys(schema || {})

packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte

@@ -38,13 +38,15 @@
   export let testData
   export let schemaProperties
   export let isTestModal = false
+
   let webhookModal
   let drawer
-  let tempFilters = lookForFilters(schemaProperties) || []
   let fillWidth = true
   let codeBindingOpen = false
   let inputData
 
+  $: filters = lookForFilters(schemaProperties) || []
+  $: tempFilters = filters
   $: stepId = block.stepId
   $: bindings = getAvailableBindings(
     block || $automationStore.selectedBlock,
@@ -222,16 +224,17 @@
       {:else if value.customType === "filters"}
         <ActionButton on:click={drawer.show}>Define filters</ActionButton>
         <Drawer bind:this={drawer} {fillWidth} title="Filtering">
-          <Button cta slot="buttons" on:click={() => saveFilters(key)}
+          <Button cta slot="buttons" on:click={() => saveFilters(key)}>
-            >Save</Button
+            Save
-          >
+          </Button>
           <FilterDrawer
             slot="body"
-            bind:filters={tempFilters}
+            {filters}
             {bindings}
             {schemaFields}
             panel={AutomationBindingPanel}
             fillWidth
+            on:change={e => (tempFilters = e.detail)}
           />
         </Drawer>
       {:else if value.customType === "password"}

packages/builder/src/components/backend/DataTable/DataTable.svelte

@@ -25,6 +25,7 @@
   import { API } from "api"
 
   let hideAutocolumns = true
+  let filters
 
   $: isUsersTable = $tables.selected?._id === TableNames.USERS
   $: type = $tables.selected?.type
@@ -36,6 +37,7 @@
   $: hasCols = checkHasCols(schema)
   $: hasRows = !!$fetch.rows?.length
   $: showError($fetch.error)
+  $: id, (filters = null)
 
   const showError = error => {
     if (error) {
@@ -102,8 +104,9 @@
 
   // Fetch data whenever filters change
   const onFilter = e => {
+    filters = e.detail
     fetch.update({
-      filter: e.detail,
+      filter: filters,
     })
   }
 
@@ -117,6 +120,12 @@
   const onUpdateRows = () => {
     fetch.refresh()
   }
+
+  // When importing new rows it is better to reinitialise request/paging data.
+  // Not doing so causes inconsistency in paging behaviour and content.
+  const onImportData = () => {
+    fetch.getInitialData()
+  }
 </script>
 
 <div>
@@ -169,7 +178,7 @@
         <ImportButton
           disabled={$tables.selected?._id === "ta_users"}
           tableId={$tables.selected?._id}
-          on:updaterows={onUpdateRows}
+          on:importrows={onImportData}
         />
         <ExportButton
           disabled={!hasRows || !hasCols}
@@ -178,6 +187,7 @@
         {#key id}
           <TableFilterButton
             {schema}
+            {filters}
             on:change={onFilter}
             disabled={!hasCols}
           />

packages/builder/src/components/backend/DataTable/buttons/ImportButton.svelte

@@ -12,5 +12,5 @@
   Import
 </ActionButton>
 <Modal bind:this={modal}>
-  <ImportModal {tableId} on:updaterows />
+  <ImportModal {tableId} on:importrows />
 </Modal>

packages/builder/src/components/backend/DataTable/buttons/TableFilterButton.svelte

@@ -8,9 +8,10 @@
   export let disabled = false
 
   const dispatch = createEventDispatcher()
-  let modal
-  let tempValue = filters || []
 
+  let modal
+
+  $: tempValue = filters || []
   $: schemaFields = Object.values(schema || {})
 </script>
 
@@ -34,8 +35,9 @@
     <div class="wrapper">
       <FilterDrawer
         allowBindings={false}
-        bind:filters={tempValue}
+        {filters}
         {schemaFields}
+        on:change={e => (tempValue = e.detail)}
       />
     </div>
   </ModalContent>

packages/builder/src/components/backend/DataTable/modals/ImportModal.svelte

@@ -29,7 +29,7 @@
     }
 
     // Always refresh rows just to be sure
-    dispatch("updaterows")
+    dispatch("importrows")
   }
 </script>
 

packages/builder/src/components/backend/TableNavigator/popovers/EditTablePopover.svelte

@@ -1,6 +1,7 @@
 <script>
   import { goto } from "@roxi/routify"
   import { store } from "builderStore"
+  import { cloneDeep } from "lodash/fp"
   import { tables, datasources } from "stores/backend"
   import {
     ActionMenu,
@@ -18,7 +19,10 @@
   let editorModal
   let confirmDeleteDialog
   let error = ""
-  let originalName = table.name
+
+  let originalName
+  let updatedName
+
   let templateScreens
   let willBeDeleted
   let deleteTableName
@@ -59,7 +63,9 @@
   }
 
   async function save() {
-    await tables.save(table)
+    const updatedTable = cloneDeep(table)
+    updatedTable.name = updatedName
+    await tables.save(updatedTable)
     notifications.success("Table renamed successfully")
   }
 
@@ -70,6 +76,11 @@
         ? `Table with name ${tableName} already exists. Please choose another name.`
         : ""
   }
+
+  const initForm = () => {
+    originalName = table.name + ""
+    updatedName = table.name + ""
+  }
 </script>
 
 {#if allowDeletion}
@@ -84,17 +95,17 @@
   </ActionMenu>
 {/if}
 
-<Modal bind:this={editorModal}>
+<Modal bind:this={editorModal} on:show={initForm}>
   <ModalContent
     title="Edit Table"
     confirmText="Save"
     onConfirm={save}
-    disabled={table.name === originalName || error}
+    disabled={updatedName === originalName || error}
   >
     <Input
       label="Table Name"
       thin
-      bind:value={table.name}
+      bind:value={updatedName}
       on:input={checkValid}
       {error}
     />

packages/builder/src/components/backend/TableNavigator/popovers/EditViewPopover.svelte

@@ -1,6 +1,7 @@
 <script>
   import { goto } from "@roxi/routify"
   import { views } from "stores/backend"
+  import { cloneDeep } from "lodash/fp"
   import ConfirmDialog from "components/common/ConfirmDialog.svelte"
   import {
     notifications,
@@ -15,13 +16,17 @@
   export let view
 
   let editorModal
-  let originalName = view.name
+  let originalName
+  let updatedName
   let confirmDeleteDialog
 
   async function save() {
+    const updatedView = cloneDeep(view)
+    updatedView.name = updatedName
+
     await views.save({
       originalName,
-      ...view,
+      ...updatedView,
     })
     notifications.success("View renamed successfully")
   }
@@ -37,6 +42,11 @@
       notifications.error("Error deleting view")
     }
   }
+
+  const initForm = () => {
+    updatedName = view.name + ""
+    originalName = view.name + ""
+  }
 </script>
 
 <ActionMenu>
@@ -46,9 +56,9 @@
   <MenuItem icon="Edit" on:click={editorModal.show}>Edit</MenuItem>
   <MenuItem icon="Delete" on:click={confirmDeleteDialog.show}>Delete</MenuItem>
 </ActionMenu>
-<Modal bind:this={editorModal}>
+<Modal bind:this={editorModal} on:show={initForm}>
   <ModalContent title="Edit View" onConfirm={save} confirmText="Save">
-    <Input label="View Name" thin bind:value={view.name} />
+    <Input label="View Name" thin bind:value={updatedName} />
   </ModalContent>
 </Modal>
 <ConfirmDialog

packages/builder/src/components/common/bindings/BindingPanel.svelte

@@ -39,6 +39,7 @@
   export let value = ""
   export let valid
   export let allowJS = false
+  export let allowHelpers = true
 
   let helpers = handlebarsCompletions()
   let getCaretPosition
@@ -85,7 +86,7 @@
     return helper.label.match(searchRgx) || helper.description.match(searchRgx)
   })
 
-  $: categoryNames = [...categories.map(cat => cat[0]), "Helpers"]
+  $: categoryNames = getCategoryNames(categories)
 
   $: codeMirrorHints = bindings?.map(x => `$("${x.readableBinding}")`)
 
@@ -96,6 +97,14 @@
     }
   }
 
+  const getCategoryNames = categories => {
+    let names = [...categories.map(cat => cat[0])]
+    if (allowHelpers) {
+      names.push("Helpers")
+    }
+    return names
+  }
+
   // Adds a JS/HBS helper to the expression
   const addHelper = (helper, js) => {
     let tempVal
@@ -343,7 +352,7 @@
               for more details.
             </p>
           {/if}
-          {#if $admin.isDev}
+          {#if $admin.isDev && allowJS}
             <div class="convert">
               <Button secondary on:click={convert}>Convert to JS</Button>
             </div>

packages/builder/src/components/common/bindings/ClientBindingPanel.svelte

@@ -5,6 +5,7 @@
   export let valid
   export let value = ""
   export let allowJS = false
+  export let allowHelpers = true
 
   $: enrichedBindings = enrichBindings(bindings)
 
@@ -25,5 +26,6 @@
   bindings={enrichedBindings}
   {value}
   {allowJS}
+  {allowHelpers}
   on:change
 />

packages/builder/src/components/common/bindings/DrawerBindableInput.svelte

@@ -17,6 +17,7 @@
   export let disabled = false
   export let fillWidth
   export let allowJS = true
+  export let allowHelpers = true
   export let updateOnChange = true
   export let drawerLeft
 
@@ -77,6 +78,7 @@
     on:change={event => (tempValue = event.detail)}
     {bindings}
     {allowJS}
+    {allowHelpers}
   />
 </Drawer>
 

packages/builder/src/components/common/bindings/utils.js

@@ -24,7 +24,7 @@ export function addJSBinding(value, caretPos, binding, { helper } = {}) {
   if (!helper) {
     binding = `$("${binding}")`
   } else {
-    binding = `helper.${binding}()`
+    binding = `helpers.${binding}()`
   }
   if (caretPos.start) {
     value =

packages/builder/src/components/design/settings/controls/FilterEditor/FilterDrawer.svelte

@@ -17,22 +17,30 @@
   import { generate } from "shortid"
   import { LuceneUtils, Constants } from "@budibase/frontend-core"
   import { getFields } from "helpers/searchFields"
-  import { createEventDispatcher, onMount } from "svelte"
+  import { createEventDispatcher } from "svelte"
-
-  const dispatch = createEventDispatcher()
-  const { OperatorOptions } = Constants
-  const { getValidOperatorsForType } = LuceneUtils
 
   export let schemaFields
   export let filters = []
   export let bindings = []
   export let panel = ClientBindingPanel
   export let allowBindings = true
-  export let allOr = false
   export let fillWidth = false
   export let tableId
 
-  $: dispatch("change", filters)
+  const dispatch = createEventDispatcher()
+  const { OperatorOptions } = Constants
+  const { getValidOperatorsForType } = LuceneUtils
+  const KeyedFieldRegex = /\d[0-9]*:/g
+  const behaviourOptions = [
+    { value: "and", label: "Match all filters" },
+    { value: "or", label: "Match any filter" },
+  ]
+
+  let rawFilters
+  let matchAny = false
+
+  $: parseFilters(filters)
+  $: dispatch("change", enrichFilters(rawFilters, matchAny))
   $: enrichedSchemaFields = getFields(
     schemaFields || [],
     { allowLinks: true },
@@ -41,14 +49,41 @@
   $: fieldOptions = enrichedSchemaFields.map(field => field.name) || []
   $: valueTypeOptions = allowBindings ? ["Value", "Binding"] : ["Value"]
 
-  let behaviourValue
+  // Remove field key prefixes and determine whether to use the "match all"
-  const behaviourOptions = [
+  // or "match any" behaviour
-    { value: "and", label: "Match all of the following filters" },
+  const parseFilters = filters => {
-    { value: "or", label: "Match any of the following filters" },
+    matchAny = filters?.find(filter => filter.operator === "allOr") != null
-  ]
+    rawFilters = (filters || [])
+      .filter(filter => filter.operator !== "allOr")
+      .map(filter => {
+        const { field } = filter
+        let newFilter = { ...filter }
+        delete newFilter.allOr
+        if (typeof field === "string" && field.match(KeyedFieldRegex) != null) {
+          const parts = field.split(":")
+          parts.shift()
+          newFilter.field = parts.join(":")
+        }
+        return newFilter
+      })
+  }
+
+  // Add field key prefixes and a special metadata filter object to indicate
+  // whether to use the "match all" or "match any" behaviour
+  const enrichFilters = (rawFilters, matchAny) => {
+    let count = 1
+    return rawFilters
+      .filter(filter => filter.field)
+      .map(filter => ({
+        ...filter,
+        field: `${count++}:${filter.field}`,
+      }))
+      .concat(matchAny ? [{ operator: "allOr" }] : [])
+  }
+
   const addFilter = () => {
-    filters = [
+    rawFilters = [
-      ...filters,
+      ...rawFilters,
       {
         id: generate(),
         field: null,
@@ -60,13 +95,13 @@
   }
 
   const removeFilter = id => {
-    filters = filters.filter(field => field.id !== id)
+    rawFilters = rawFilters.filter(field => field.id !== id)
   }
 
   const duplicateFilter = id => {
-    const existingFilter = filters.find(filter => filter.id === id)
+    const existingFilter = rawFilters.find(filter => filter.id === id)
     const duplicate = { ...existingFilter, id: generate() }
-    filters = [...filters, duplicate]
+    rawFilters = [...rawFilters, duplicate]
   }
 
   const getSchema = filter => {
@@ -133,32 +168,22 @@
     const schema = enrichedSchemaFields.find(x => x.name === field)
     return schema?.constraints?.inclusion || []
   }
-
-  onMount(() => {
-    behaviourValue = allOr ? "or" : "and"
-  })
 </script>
 
 <DrawerContent>
   <div class="container">
     <Layout noPadding>
-      <Body size="S">
+      {#if !rawFilters?.length}
-        {#if !filters?.length}
+        <Body size="S">Add your first filter expression.</Body>
-          Add your first filter expression.
+      {:else}
-        {:else}
-          Results are filtered to only those which match all of the following
-          constraints.
-        {/if}
-      </Body>
-      {#if filters?.length}
         <div class="fields">
           <Select
             label="Behaviour"
-            value={behaviourValue}
+            value={matchAny ? "or" : "and"}
             options={behaviourOptions}
             getOptionLabel={opt => opt.label}
             getOptionValue={opt => opt.value}
-            on:change={e => (allOr = e.detail === "or")}
+            on:change={e => (matchAny = e.detail === "or")}
             placeholder={null}
           />
         </div>
@@ -167,7 +192,7 @@
             <Label>Filters</Label>
           </div>
           <div class="fields">
-            {#each filters as filter, idx}
+            {#each rawFilters as filter, idx}
               <Select
                 bind:value={filter.field}
                 options={fieldOptions}
@@ -269,7 +294,7 @@
     column-gap: var(--spacing-l);
     row-gap: var(--spacing-s);
     align-items: center;
-    grid-template-columns: 1fr 150px 120px 1fr 16px 16px;
+    grid-template-columns: minmax(150px, 1fr) 170px 120px minmax(150px, 1fr) 16px 16px;
   }
 
   .filter-label {

packages/builder/src/components/design/settings/controls/FilterEditor/FilterEditor.svelte

@@ -8,74 +8,22 @@
   import FilterDrawer from "./FilterDrawer.svelte"
   import { currentAsset } from "builderStore"
 
-  const QUERY_START_REGEX = /\d[0-9]*:/g
   const dispatch = createEventDispatcher()
 
   export let value = []
   export let componentInstance
   export let bindings = []
 
-  let drawer,
+  let drawer
-    toSaveFilters = null,
-    allOr,
-    initialAllOr
 
-  $: initialFilters = correctFilters(value || [])
+  $: tempValue = value
   $: dataSource = getDatasourceForProvider($currentAsset, componentInstance)
   $: schema = getSchemaForDatasource($currentAsset, dataSource)?.schema
   $: schemaFields = Object.values(schema || {})
 
-  function addNumbering(filters) {
-    let count = 1
-    for (let value of filters) {
-      if (value.field && value.field?.match(QUERY_START_REGEX) == null) {
-        value.field = `${count++}:${value.field}`
-      }
-    }
-    return filters
-  }
-
-  function correctFilters(filters) {
-    const corrected = []
-    for (let filter of filters) {
-      let field = filter.field
-      if (filter.operator === "allOr") {
-        initialAllOr = allOr = true
-        continue
-      }
-      if (
-        typeof filter.field === "string" &&
-        filter.field.match(QUERY_START_REGEX) != null
-      ) {
-        const parts = field.split(":")
-        const number = parts[0]
-        // it's the new format, remove number
-        if (!isNaN(parseInt(number))) {
-          parts.shift()
-          field = parts.join(":")
-        }
-      }
-      corrected.push({
-        ...filter,
-        field,
-      })
-    }
-    return corrected
-  }
-
   async function saveFilter() {
-    if (!toSaveFilters && allOr !== initialAllOr) {
+    dispatch("change", tempValue)
-      toSaveFilters = initialFilters
+    notifications.success("Filters saved")
-    }
-    const filters = toSaveFilters?.filter(filter => filter.operator !== "allOr")
-    if (allOr && filters) {
-      filters.push({ operator: "allOr" })
-    }
-    // only save if anything was updated
-    if (filters) {
-      dispatch("change", addNumbering(filters))
-    }
-    notifications.success("Filters saved.")
     drawer.hide()
   }
 </script>
@@ -85,13 +33,10 @@
   <Button cta slot="buttons" on:click={saveFilter}>Save</Button>
   <FilterDrawer
     slot="body"
-    filters={initialFilters}
+    filters={value}
     {bindings}
     {schemaFields}
     tableId={dataSource.tableId}
-    bind:allOr
+    on:change={e => (tempValue = e.detail)}
-    on:change={event => {
-      toSaveFilters = event.detail
-    }}
   />
 </Drawer>

packages/builder/src/components/integration/KeyValueBuilder.svelte

@@ -33,6 +33,7 @@
   export let showMenu = false
   export let bindings = []
   export let bindingDrawerLeft
+  export let allowHelpers = true
 
   let fields = Object.entries(object || {}).map(([name, value]) => ({
     name,
@@ -122,6 +123,7 @@
           disabled={readOnly}
           value={field.value}
           allowJS={false}
+          {allowHelpers}
           fillWidth={true}
           drawerLeft={bindingDrawerLeft}
         />

packages/builder/src/components/integration/QueryViewer.svelte

@@ -223,6 +223,7 @@
   .config {
     display: grid;
     grid-gap: var(--spacing-s);
+    z-index: 1;
   }
 
   .config-field {

packages/builder/src/components/integration/QueryViewerBindingBuilder.svelte

@@ -37,6 +37,7 @@
       valuePlaceholder="Default"
       bindings={[...userBindings]}
       bindingDrawerLeft="260px"
+      allowHelpers={false}
       on:change
     />
   </div>

packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/AppPanel.svelte

@@ -61,6 +61,13 @@
     align-items: center;
     gap: var(--spacing-l);
   }
+  .header-left {
+    flex: 1 1 auto;
+    width: 0;
+  }
+  .header-left :global(> *) {
+    max-width: 100%;
+  }
   .header-left :global(.spectrum-Picker) {
     font-weight: 600;
     color: var(--spectrum-global-color-gray-900);

packages/builder/src/pages/builder/app/[application]/design/[screenId]/components/[componentId]/_components/settings/ConditionalUIDrawer.svelte

@@ -282,12 +282,16 @@
     gap: var(--spacing-l);
     display: grid;
     align-items: center;
-    grid-template-columns: auto 160px auto 1fr 130px 130px 1fr auto auto;
+    grid-template-columns:
+      auto 150px auto minmax(140px, 1fr) 120px 100px minmax(140px, 1fr)
+      auto auto;
     border-radius: var(--border-radius-s);
     transition: background-color ease-in-out 130ms;
   }
   .condition.update {
-    grid-template-columns: auto 160px 1fr auto 1fr auto 1fr 130px 130px 1fr auto auto;
+    grid-template-columns:
+      auto 150px minmax(140px, 1fr) auto minmax(140px, 1fr) auto
+      minmax(140px, 1fr) 120px 100px minmax(140px, 1fr) auto auto;
   }
   .condition:hover {
     background-color: var(--spectrum-global-color-gray-100);

packages/builder/src/pages/builder/portal/_layout.svelte

@@ -48,7 +48,6 @@
           ? {
               title: "User Groups",
               href: "/builder/portal/manage/groups",
-              badge: "New",
             }
           : undefined,
         { title: "Auth", href: "/builder/portal/manage/auth" },
@@ -56,7 +55,6 @@
         {
           title: "Plugins",
           href: "/builder/portal/manage/plugins",
-          badge: "New",
         },
 
         {
@@ -119,14 +117,12 @@
           {
             title: "Upgrade",
             href: $adminStore.accountPortalUrl + "/portal/upgrade",
-            badge: "New",
           },
         ])
       } else if (!$adminStore.cloud && admin) {
         menu = menu.concat({
           title: "Upgrade",
           href: "/builder/portal/settings/upgrade",
-          badge: "New",
         })
       }
 

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/cli",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "description": "Budibase CLI, for developers, self hosting and migrations.",
   "main": "src/index.js",
   "bin": {
@@ -26,9 +26,9 @@
     "outputPath": "build"
   },
   "dependencies": {
-    "@budibase/backend-core": "2.1.43-alpha.9",
+    "@budibase/backend-core": "2.1.46-alpha.1",
-    "@budibase/string-templates": "2.1.43-alpha.9",
+    "@budibase/string-templates": "2.1.46-alpha.1",
-    "@budibase/types": "2.1.43-alpha.9",
+    "@budibase/types": "2.1.46-alpha.1",
     "axios": "0.21.2",
     "chalk": "4.1.0",
     "cli-progress": "3.11.2",

packages/client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/client",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "license": "MPL-2.0",
   "module": "dist/budibase-client.js",
   "main": "dist/budibase-client.js",
@@ -19,9 +19,9 @@
     "dev:builder": "rollup -cw"
   },
   "dependencies": {
-    "@budibase/bbui": "2.1.43-alpha.9",
+    "@budibase/bbui": "2.1.46-alpha.1",
-    "@budibase/frontend-core": "2.1.43-alpha.9",
+    "@budibase/frontend-core": "2.1.46-alpha.1",
-    "@budibase/string-templates": "2.1.43-alpha.9",
+    "@budibase/string-templates": "2.1.46-alpha.1",
     "@spectrum-css/button": "^3.0.3",
     "@spectrum-css/card": "^3.0.3",
     "@spectrum-css/divider": "^1.0.3",

packages/client/src/components/app/SidePanel.svelte

@@ -29,6 +29,17 @@
   // Derive visibility
   $: open = $sidePanelStore.contentId === $component.id
 
+  // Derive a render key which is only changed whenever this panel is made
+  // visible after being hidden. We need to key the content to avoid showing
+  // stale data when re-revealing a side panel that was closed, but we cannot
+  // hide the content altogether when hidden as this breaks ejection.
+  let renderKey = null
+  $: {
+    if (open) {
+      renderKey = Math.random()
+    }
+  }
+
   const showInSidePanel = (el, visible) => {
     const update = visible => {
       const target = document.getElementById("side-panel-container")
@@ -47,7 +58,10 @@
     // Apply initial visibility
     update(visible)
 
-    return { update }
+    return {
+      update,
+      destroy: () => update(false),
+    }
   }
 </script>
 
@@ -57,9 +71,9 @@
   class="side-panel"
   class:open
 >
-  {#if $sidePanelStore.open}
+  {#key renderKey}
     <slot />
-  {/if}
+  {/key}
 </div>
 
 <style>

packages/frontend-core/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@budibase/frontend-core",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "description": "Budibase frontend core libraries used in builder and client",
   "author": "Budibase",
   "license": "MPL-2.0",
   "svelte": "src/index.js",
   "dependencies": {
-    "@budibase/bbui": "2.1.43-alpha.9",
+    "@budibase/bbui": "2.1.46-alpha.1",
     "lodash": "^4.17.21",
     "svelte": "^3.46.2"
   }

packages/frontend-core/src/constants.js

@@ -28,11 +28,11 @@ export const OperatorOptions = {
   },
   MoreThan: {
     value: "rangeLow",
-    label: "More than",
+    label: "More than or equal to",
   },
   LessThan: {
     value: "rangeHigh",
-    label: "Less than",
+    label: "Less than or equal to",
   },
   Contains: {
     value: "contains",

packages/sdk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/sdk",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "description": "Budibase Public API SDK",
   "author": "Budibase",
   "license": "MPL-2.0",

packages/server/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/server",
   "email": "hi@budibase.com",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "description": "Budibase Web Server",
   "main": "src/index.ts",
   "repository": {
@@ -43,11 +43,11 @@
   "license": "GPL-3.0",
   "dependencies": {
     "@apidevtools/swagger-parser": "10.0.3",
-    "@budibase/backend-core": "2.1.43-alpha.9",
+    "@budibase/backend-core": "2.1.46-alpha.1",
-    "@budibase/client": "2.1.43-alpha.9",
+    "@budibase/client": "2.1.46-alpha.1",
-    "@budibase/pro": "2.1.43-alpha.9",
+    "@budibase/pro": "2.1.46-alpha.0",
-    "@budibase/string-templates": "2.1.43-alpha.9",
+    "@budibase/string-templates": "2.1.46-alpha.1",
-    "@budibase/types": "2.1.43-alpha.9",
+    "@budibase/types": "2.1.46-alpha.1",
     "@bull-board/api": "3.7.0",
     "@bull-board/koa": "3.9.4",
     "@elastic/elasticsearch": "7.10.0",

packages/server/src/api/controllers/deploy/index.ts

@@ -8,6 +8,7 @@ import {
 } from "../../../automations/utils"
 import { backups } from "@budibase/pro"
 import { AppBackupTrigger } from "@budibase/types"
+import sdk from "../../../sdk"
 
 // the max time we can wait for an invalidation to complete before considering it failed
 const MAX_PENDING_TIME_MS = 30 * 60000
@@ -86,6 +87,11 @@ async function initDeployedApp(prodAppId: any) {
   }
   await Promise.all(promises)
   console.log("Enabled cron triggers for deployed app..")
+  // sync the automations back to the dev DB - since there is now cron
+  // information attached
+  await sdk.applications.syncApp(dbCore.getDevAppID(prodAppId), {
+    automationOnly: true,
+  })
 }
 
 async function deployApp(deployment: any, userId: string) {

packages/server/src/api/controllers/public/users.ts

@@ -5,9 +5,18 @@ import {
   saveGlobalUser,
 } from "../../../utilities/workerRequests"
 import { publicApiUserFix } from "../../../utilities/users"
+import { db as dbCore } from "@budibase/backend-core"
 import { search as stringSearch } from "./utils"
+import { BBContext, User } from "@budibase/types"
 
-function getUser(ctx: any, userId?: string) {
+function isLoggedInUser(ctx: BBContext, user: User) {
+  const loggedInId = ctx.user?._id
+  const globalUserId = dbCore.getGlobalIDFromUserMetadataID(loggedInId!)
+  // check both just incase
+  return globalUserId === user._id || loggedInId === user._id
+}
+
+function getUser(ctx: BBContext, userId?: string) {
   if (userId) {
     ctx.params = { userId }
   } else if (!ctx.params?.userId) {
@@ -16,37 +25,47 @@ function getUser(ctx: any, userId?: string) {
   return readGlobalUser(ctx)
 }
 
-export async function search(ctx: any, next: any) {
+export async function search(ctx: BBContext, next: any) {
   const { name } = ctx.request.body
   const users = await allGlobalUsers(ctx)
   ctx.body = stringSearch(users, name, "email")
   await next()
 }
 
-export async function create(ctx: any, next: any) {
+export async function create(ctx: BBContext, next: any) {
   const response = await saveGlobalUser(publicApiUserFix(ctx))
   ctx.body = await getUser(ctx, response._id)
   await next()
 }
 
-export async function read(ctx: any, next: any) {
+export async function read(ctx: BBContext, next: any) {
   ctx.body = await readGlobalUser(ctx)
   await next()
 }
 
-export async function update(ctx: any, next: any) {
+export async function update(ctx: BBContext, next: any) {
   const user = await readGlobalUser(ctx)
   ctx.request.body = {
     ...ctx.request.body,
     _rev: user._rev,
   }
+  // disallow updating your own role - always overwrite with DB roles
+  if (isLoggedInUser(ctx, user)) {
+    ctx.request.body.builder = user.builder
+    ctx.request.body.admin = user.admin
+    ctx.request.body.roles = user.roles
+  }
   const response = await saveGlobalUser(publicApiUserFix(ctx))
   ctx.body = await getUser(ctx, response._id)
   await next()
 }
 
-export async function destroy(ctx: any, next: any) {
+export async function destroy(ctx: BBContext, next: any) {
   const user = await getUser(ctx)
+  // disallow deleting yourself
+  if (isLoggedInUser(ctx, user)) {
+    ctx.throw(405, "Cannot delete user using its own API key.")
+  }
   await deleteGlobalUser(ctx)
   ctx.body = user
   await next()

packages/server/src/api/routes/public/tests/compare.spec.js

@@ -1,41 +1,23 @@
 const jestOpenAPI = require("jest-openapi").default
 const generateSchema = require("../../../../../specs/generate")
 const setup = require("../../tests/utilities")
-const { checkSlashesInUrl } = require("../../../../utilities")
+const { generateMakeRequest } = require("./utils")
 
 const yamlPath = generateSchema()
 jestOpenAPI(yamlPath)
 
-let request = setup.getRequest()
 let config = setup.getConfig()
-let apiKey, table, app
+let apiKey, table, app, makeRequest
 
 beforeAll(async () => {
   app = await config.init()
   table = await config.updateTable()
   apiKey = await config.generateApiKey()
+  makeRequest = generateMakeRequest(apiKey, setup)
 })
 
 afterAll(setup.afterAll)
 
-async function makeRequest(method, endpoint, body, appId = config.getAppId()) {
-  const extraHeaders = {
-    "x-budibase-api-key": apiKey,
-  }
-  if (appId) {
-    extraHeaders["x-budibase-app-id"] = appId
-  }
-  const req = request
-    [method](checkSlashesInUrl(`/api/public/v1/${endpoint}`))
-    .set(config.defaultHeaders(extraHeaders))
-  if (body) {
-    req.send(body)
-  }
-  const res = await req
-  expect(res.body).toBeDefined()
-  return res
-}
-
 describe("check the applications endpoints", () => {
   it("should allow retrieving applications through search", async () => {
     const res = await makeRequest("post", "/applications/search")

packages/server/src/api/routes/public/tests/users.spec.js

@@ -0,0 +1,38 @@
+const setup = require("../../tests/utilities")
+const { generateMakeRequest } = require("./utils")
+
+const workerRequests = require("../../../../utilities/workerRequests")
+
+let config = setup.getConfig()
+let apiKey, globalUser, makeRequest
+
+beforeAll(async () => {
+  await config.init()
+  globalUser = await config.globalUser()
+  apiKey = await config.generateApiKey(globalUser._id)
+  makeRequest = generateMakeRequest(apiKey, setup)
+  workerRequests.readGlobalUser.mockReturnValue(globalUser)
+})
+
+afterAll(setup.afterAll)
+
+describe("check user endpoints", () => {
+  it("should not allow a user to update their own roles", async () => {
+    const res = await makeRequest("put", `/users/${globalUser._id}`, {
+      ...globalUser,
+      roles: {
+        "app_1": "ADMIN",
+      }
+    })
+    expect(workerRequests.saveGlobalUser.mock.lastCall[0].body.data.roles["app_1"]).toBeUndefined()
+    expect(res.status).toBe(200)
+    expect(res.body.data.roles["app_1"]).toBeUndefined()
+  })
+
+  it("should not allow a user to delete themselves", async () => {
+    const res = await makeRequest("delete", `/users/${globalUser._id}`)
+    expect(res.status).toBe(405)
+    expect(workerRequests.deleteGlobalUser.mock.lastCall).toBeUndefined()
+  })
+})
+

packages/server/src/api/routes/public/tests/utils.ts

@@ -0,0 +1,28 @@
+import { checkSlashesInUrl } from "../../../../utilities"
+
+export function generateMakeRequest(apiKey: string, setup: any) {
+  const request = setup.getRequest()
+  const config = setup.getConfig()
+  return async (
+    method: string,
+    endpoint: string,
+    body?: any,
+    intAppId: string = config.getAppId()
+  ) => {
+    const extraHeaders: any = {
+      "x-budibase-api-key": apiKey,
+    }
+    if (intAppId) {
+      extraHeaders["x-budibase-app-id"] = intAppId
+    }
+    const req = request[method](
+      checkSlashesInUrl(`/api/public/v1/${endpoint}`)
+    ).set(config.defaultHeaders(extraHeaders))
+    if (body) {
+      req.send(body)
+    }
+    const res = await req
+    expect(res.body).toBeDefined()
+    return res
+  }
+}

packages/server/src/sdk/app/applications/sync.ts

@@ -2,7 +2,10 @@ import env from "../../../environment"
 import { db as dbCore, context } from "@budibase/backend-core"
 import sdk from "../../"
 
-export async function syncApp(appId: string) {
+export async function syncApp(
+  appId: string,
+  opts?: { automationOnly?: boolean }
+) {
   if (env.DISABLE_AUTO_PROD_APP_SYNC) {
     return {
       message:
@@ -33,7 +36,12 @@ export async function syncApp(appId: string) {
   })
   let error
   try {
-    await replication.replicate(replication.appReplicateOpts())
+    const replOpts = replication.appReplicateOpts()
+    if (opts?.automationOnly) {
+      replOpts.filter = (doc: any) =>
+        doc._id.startsWith(dbCore.DocumentType.AUTOMATION)
+    }
+    await replication.replicate(replOpts)
   } catch (err) {
     error = err
   } finally {

packages/server/src/utilities/workerRequests.ts

@@ -3,7 +3,7 @@ import env from "../environment"
 import { checkSlashesInUrl } from "./index"
 import { db as dbCore, constants, tenancy } from "@budibase/backend-core"
 import { updateAppRole } from "./global"
-import { BBContext, Automation } from "@budibase/types"
+import { BBContext, User } from "@budibase/types"
 
 export function request(ctx?: BBContext, request?: any) {
   if (!request.headers) {
@@ -138,7 +138,7 @@ export async function deleteGlobalUser(ctx: BBContext) {
   return checkResponse(response, "delete user", { ctx })
 }
 
-export async function readGlobalUser(ctx: BBContext) {
+export async function readGlobalUser(ctx: BBContext): Promise<User> {
   const response = await fetch(
     checkSlashesInUrl(
       env.WORKER_URL + `/api/global/users/${ctx.params.userId}`

packages/server/yarn.lock

@@ -1273,12 +1273,12 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@budibase/backend-core@2.1.43-alpha.9":
+"@budibase/backend-core@2.1.46-alpha.0":
-  version "2.1.43-alpha.9"
+  version "2.1.46-alpha.0"
-  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.1.43-alpha.9.tgz#c2e59c710390a0816e6a77f2444f378cc1843cd2"
+  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.1.46-alpha.0.tgz#d9063b055cb3c4edb3994a13664c6a070e701a71"
-  integrity sha512-tkRV2noQ8GMuJmCh0TQAbmwOXH2HdFxnD8aNHuBMxbWEVCF3ICydozr1i+zCGnGQCtYVCtk1bgedPUwtDkvB7Q==
+  integrity sha512-ulpK2u+5+yIjIyMWhr2cre2ncdZsq5uPt1meNO+kvsetmv37ZnLtmM2gqIe1RNjYkf+mIZlUDA9QDkZowIiTUg==
   dependencies:
-    "@budibase/types" "2.1.43-alpha.9"
+    "@budibase/types" "2.1.46-alpha.0"
     "@shopify/jest-koa-mocks" "5.0.1"
     "@techpass/passport-openidconnect" "0.3.2"
     aws-sdk "2.1030.0"
@@ -1360,13 +1360,13 @@
     svelte-flatpickr "^3.2.3"
     svelte-portal "^1.0.0"
 
-"@budibase/pro@2.1.43-alpha.9":
+"@budibase/pro@2.1.46-alpha.0":
-  version "2.1.43-alpha.9"
+  version "2.1.46-alpha.0"
-  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.1.43-alpha.9.tgz#60756ded5eb190cbe3cbc74fc18614021a74afaf"
+  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.1.46-alpha.0.tgz#69bf09007edc0f2be275824ba09f27422081c490"
-  integrity sha512-ibmQO3MqllynwqMsQcfUPyZ9gJdgiLMOZXnq7rFsyKgGsPtddgb2M3hMROGS6wGQ4osqp1cShg5MykstTpL6HA==
+  integrity sha512-04iCZVU6BN0afei0wFITgvjRhQ46G/vI51FCBZ9ZiuyTsWBPuAhNqXVAQ/Y48+OVDBMtIvsvJ/S1kCbWUa6x3g==
   dependencies:
-    "@budibase/backend-core" "2.1.43-alpha.9"
+    "@budibase/backend-core" "2.1.46-alpha.0"
-    "@budibase/types" "2.1.43-alpha.9"
+    "@budibase/types" "2.1.46-alpha.0"
     "@koa/router" "8.0.8"
     bull "4.10.1"
     joi "17.6.0"
@@ -1390,10 +1390,10 @@
     svelte-apexcharts "^1.0.2"
     svelte-flatpickr "^3.1.0"
 
-"@budibase/types@2.1.43-alpha.9":
+"@budibase/types@2.1.46-alpha.0":
-  version "2.1.43-alpha.9"
+  version "2.1.46-alpha.0"
-  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.1.43-alpha.9.tgz#6b677230232efc29bb26d34e073033838632031e"
+  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.1.46-alpha.0.tgz#83ecd2c1a26e933fbf27ba6b7a7ef1fed82a8840"
-  integrity sha512-PAI+rTGEvxfOKhvvf/18bc2uR69k1n3qvX+KFzGqcGj0f1PglPz8+/9R4nW/kT2kSVPkT7SN7M5ILsuZnd6jjQ==
+  integrity sha512-TTpyax8U0EAsaXqCLACHcfuejZ2x2isyHiM/ia8Ua6R+1rDK9kjYPsiTlJ169/Jq2hv65TzScyaqnHX+g+eJnQ==
 
 "@bull-board/api@3.7.0":
   version "3.7.0"

packages/string-templates/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/string-templates",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "description": "Handlebars wrapper for Budibase templating.",
   "main": "src/index.cjs",
   "module": "dist/bundle.mjs",

packages/string-templates/test/javascript.spec.js

@@ -129,3 +129,15 @@ describe("Test the JavaScript helper", () => {
     expect(output).toBe("Error while executing JS")
   })
 })
+
+describe("check JS helpers", () => {
+  it("should error if using the format helper. not helpers.", () => {
+    const output = processJS(`return helper.toInt(4.3)`)
+    expect(output).toBe("Error while executing JS")
+  })
+
+  it("should be able to use toInt", () => {
+    const output = processJS(`return helpers.toInt(4.3)`)
+    expect(output).toBe(4)
+  })
+})

packages/types/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/types",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "description": "Budibase types",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -13,6 +13,7 @@
   },
   "jest": {},
   "devDependencies": {
+    "@types/json5": "^2.2.0",
     "@types/koa": "2.13.4",
     "@types/node": "14.18.20",
     "@types/pouchdb": "6.4.0",

packages/types/src/documents/global/user.ts

@@ -25,6 +25,7 @@ export interface ThirdPartyUser extends Document {
   email: string
   userId?: string
   forceResetPassword?: boolean
+  userGroups?: string[]
 }
 
 export interface User extends ThirdPartyUser {
@@ -42,7 +43,6 @@ export interface User extends ThirdPartyUser {
   password?: string
   status?: string
   createdAt?: number // override the default createdAt behaviour - users sdk historically set this to Date.now()
-  userGroups?: string[]
   dayPassRecordedAt?: string
   account?: {
     authType: string

packages/types/yarn.lock

@@ -75,6 +75,13 @@
   resolved "https://registry.yarnpkg.com/@types/http-errors/-/http-errors-1.8.2.tgz#7315b4c4c54f82d13fa61c228ec5c2ea5cc9e0e1"
   integrity sha512-EqX+YQxINb+MeXaIqYDASb6U6FCHbWjkj4a1CKDBks3d/QiB2+PqBLyO72vLDgAO1wUI4O+9gweRcQK11bTL/w==
 
+"@types/json5@^2.2.0":
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/@types/json5/-/json5-2.2.0.tgz#afff29abf9182a7d4a7e39105ca051f11c603d13"
+  integrity sha512-NrVug5woqbvNZ0WX+Gv4R+L4TGddtmFek2u8RtccAgFZWtS9QXF2xCXY22/M4nzkaKF0q9Fc6M/5rxLDhfwc/A==
+  dependencies:
+    json5 "*"
+
 "@types/keygrip@*":
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/@types/keygrip/-/keygrip-1.0.2.tgz#513abfd256d7ad0bf1ee1873606317b33b1b2a72"
@@ -447,6 +454,11 @@ inherits@2:
   resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
 
+json5@*:
+  version "2.2.1"
+  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.1.tgz#655d50ed1e6f95ad1a3caababd2b0efda10b395c"
+  integrity sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==
+
 mime-db@1.52.0:
   version "1.52.0"
   resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70"

packages/worker/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/worker",
   "email": "hi@budibase.com",
-  "version": "2.1.43-alpha.9",
+  "version": "2.1.46-alpha.1",
   "description": "Budibase background service",
   "main": "src/index.ts",
   "repository": {
@@ -36,10 +36,10 @@
   "author": "Budibase",
   "license": "GPL-3.0",
   "dependencies": {
-    "@budibase/backend-core": "2.1.43-alpha.9",
+    "@budibase/backend-core": "2.1.46-alpha.1",
-    "@budibase/pro": "2.1.43-alpha.9",
+    "@budibase/pro": "2.1.46-alpha.0",
-    "@budibase/string-templates": "2.1.43-alpha.9",
+    "@budibase/string-templates": "2.1.46-alpha.1",
-    "@budibase/types": "2.1.43-alpha.9",
+    "@budibase/types": "2.1.46-alpha.1",
     "@koa/router": "8.0.8",
     "@sentry/node": "6.17.7",
     "@techpass/passport-openidconnect": "0.3.2",

packages/worker/src/api/controllers/global/users.ts

@@ -24,7 +24,8 @@ const MAX_USERS_UPLOAD_LIMIT = 1000
 
 export const save = async (ctx: any) => {
   try {
-    ctx.body = await sdk.users.save(ctx.request.body)
+    const currentUserId = ctx.user._id
+    ctx.body = await sdk.users.save(ctx.request.body, { currentUserId })
   } catch (err: any) {
     ctx.throw(err.status || 400, err)
   }

packages/worker/src/api/routes/global/tests/users.spec.ts

@@ -1,4 +1,4 @@
-import { InviteUsersResponse } from "@budibase/types"
+import { InviteUsersResponse, User } from "@budibase/types"
 
 jest.mock("nodemailer")
 import {
@@ -298,6 +298,23 @@ describe("/api/global/users", () => {
       expect(events.user.passwordForceReset).not.toBeCalled()
     })
 
+    it("should not allow a user to update their own admin/builder status", async () => {
+      const user = (await config.api.users.getUser(config.defaultUser?._id!))
+        .body as User
+      await config.api.users.saveUser({
+        ...user,
+        admin: {
+          global: false,
+        },
+        builder: {
+          global: false,
+        },
+      })
+      const userOut = (await config.api.users.getUser(user._id!)).body
+      expect(userOut.admin.global).toBe(true)
+      expect(userOut.builder.global).toBe(true)
+    })
+
     it("should be able to force reset password", async () => {
       const user = await config.createUser()
       jest.clearAllMocks()

packages/worker/src/sdk/users/users.ts

@@ -29,6 +29,7 @@ import {
   RowResponse,
   SearchUsersRequest,
   User,
+  ThirdPartyUser,
 } from "@budibase/types"
 import { sendEmail } from "../../utilities/email"
 import { EmailTemplatePurpose } from "../../constants"
@@ -103,13 +104,14 @@ export const getUser = async (userId: string) => {
   return user
 }
 
-interface SaveUserOpts {
+export interface SaveUserOpts {
   hashPassword?: boolean
   requirePassword?: boolean
+  currentUserId?: string
 }
 
 const buildUser = async (
-  user: User,
+  user: User | ThirdPartyUser,
   opts: SaveUserOpts = {
     hashPassword: true,
     requirePassword: true,
@@ -117,7 +119,8 @@ const buildUser = async (
   tenantId: string,
   dbUser?: any
 ): Promise<User> => {
-  let { password, _id } = user
+  let fullUser = user as User
+  let { password, _id } = fullUser
 
   let hashedPassword
   if (password) {
@@ -130,24 +133,24 @@ const buildUser = async (
 
   _id = _id || dbUtils.generateGlobalUserID()
 
-  user = {
+  fullUser = {
     createdAt: Date.now(),
     ...dbUser,
-    ...user,
+    ...fullUser,
     _id,
     password: hashedPassword,
     tenantId,
   }
   // make sure the roles object is always present
-  if (!user.roles) {
+  if (!fullUser.roles) {
-    user.roles = {}
+    fullUser.roles = {}
   }
   // add the active status to a user if its not provided
-  if (user.status == null) {
+  if (fullUser.status == null) {
-    user.status = constants.UserStatus.ACTIVE
+    fullUser.status = constants.UserStatus.ACTIVE
   }
 
-  return user
+  return fullUser
 }
 
 const validateUniqueUser = async (email: string, tenantId: string) => {
@@ -169,12 +172,16 @@ const validateUniqueUser = async (email: string, tenantId: string) => {
 }
 
 export const save = async (
-  user: User,
+  user: User | ThirdPartyUser,
-  opts: SaveUserOpts = {
+  opts: SaveUserOpts = {}
-    hashPassword: true,
-    requirePassword: true,
-  }
 ): Promise<CreateUserResponse> => {
+  // default booleans to true
+  if (opts.hashPassword == null) {
+    opts.hashPassword = true
+  }
+  if (opts.requirePassword == null) {
+    opts.requirePassword = true
+  }
   const tenantId = tenancy.getTenantId()
   const db = tenancy.getGlobalDB()
 
@@ -213,6 +220,12 @@ export const save = async (
   await validateUniqueUser(email, tenantId)
 
   let builtUser = await buildUser(user, opts, tenantId, dbUser)
+  // don't allow a user to update its own roles/perms
+  if (opts.currentUserId && opts.currentUserId === dbUser?._id) {
+    builtUser.builder = dbUser.builder
+    builtUser.admin = dbUser.admin
+    builtUser.roles = dbUser.roles
+  }
 
   // make sure we set the _id field for a new user
   // Also if this is a new user, associate groups with them

packages/worker/yarn.lock

@@ -470,12 +470,12 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@budibase/backend-core@2.1.43-alpha.9":
+"@budibase/backend-core@2.1.46-alpha.0":
-  version "2.1.43-alpha.9"
+  version "2.1.46-alpha.0"
-  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.1.43-alpha.9.tgz#c2e59c710390a0816e6a77f2444f378cc1843cd2"
+  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.1.46-alpha.0.tgz#d9063b055cb3c4edb3994a13664c6a070e701a71"
-  integrity sha512-tkRV2noQ8GMuJmCh0TQAbmwOXH2HdFxnD8aNHuBMxbWEVCF3ICydozr1i+zCGnGQCtYVCtk1bgedPUwtDkvB7Q==
+  integrity sha512-ulpK2u+5+yIjIyMWhr2cre2ncdZsq5uPt1meNO+kvsetmv37ZnLtmM2gqIe1RNjYkf+mIZlUDA9QDkZowIiTUg==
   dependencies:
-    "@budibase/types" "2.1.43-alpha.9"
+    "@budibase/types" "2.1.46-alpha.0"
     "@shopify/jest-koa-mocks" "5.0.1"
     "@techpass/passport-openidconnect" "0.3.2"
     aws-sdk "2.1030.0"
@@ -507,22 +507,22 @@
     uuid "8.3.2"
     zlib "1.0.5"
 
-"@budibase/pro@2.1.43-alpha.9":
+"@budibase/pro@2.1.46-alpha.0":
-  version "2.1.43-alpha.9"
+  version "2.1.46-alpha.0"
-  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.1.43-alpha.9.tgz#60756ded5eb190cbe3cbc74fc18614021a74afaf"
+  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.1.46-alpha.0.tgz#69bf09007edc0f2be275824ba09f27422081c490"
-  integrity sha512-ibmQO3MqllynwqMsQcfUPyZ9gJdgiLMOZXnq7rFsyKgGsPtddgb2M3hMROGS6wGQ4osqp1cShg5MykstTpL6HA==
+  integrity sha512-04iCZVU6BN0afei0wFITgvjRhQ46G/vI51FCBZ9ZiuyTsWBPuAhNqXVAQ/Y48+OVDBMtIvsvJ/S1kCbWUa6x3g==
   dependencies:
-    "@budibase/backend-core" "2.1.43-alpha.9"
+    "@budibase/backend-core" "2.1.46-alpha.0"
-    "@budibase/types" "2.1.43-alpha.9"
+    "@budibase/types" "2.1.46-alpha.0"
     "@koa/router" "8.0.8"
     bull "4.10.1"
     joi "17.6.0"
     node-fetch "^2.6.1"
 
-"@budibase/types@2.1.43-alpha.9":
+"@budibase/types@2.1.46-alpha.0":
-  version "2.1.43-alpha.9"
+  version "2.1.46-alpha.0"
-  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.1.43-alpha.9.tgz#6b677230232efc29bb26d34e073033838632031e"
+  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.1.46-alpha.0.tgz#83ecd2c1a26e933fbf27ba6b7a7ef1fed82a8840"
-  integrity sha512-PAI+rTGEvxfOKhvvf/18bc2uR69k1n3qvX+KFzGqcGj0f1PglPz8+/9R4nW/kT2kSVPkT7SN7M5ILsuZnd6jjQ==
+  integrity sha512-TTpyax8U0EAsaXqCLACHcfuejZ2x2isyHiM/ia8Ua6R+1rDK9kjYPsiTlJ169/Jq2hv65TzScyaqnHX+g+eJnQ==
 
 "@cspotcode/source-map-support@^0.8.0":
   version "0.8.1"