Merge pull request #2614 from Budibase/feature/onboarding-backend
Access controls for cloud, self, and regular budibase users
This commit is contained in:
commit
23d354ceda
|
@ -6,8 +6,10 @@ const EXPIRY_SECONDS = 3600
|
|||
/**
|
||||
* The default populate user function
|
||||
*/
|
||||
const populateFromDB = (userId, tenantId) => {
|
||||
return getGlobalDB(tenantId).get(userId)
|
||||
const populateFromDB = async (userId, tenantId) => {
|
||||
const user = await getGlobalDB(tenantId).get(userId)
|
||||
user.budibaseAccess = true
|
||||
return user
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -6,31 +6,35 @@
|
|||
let loaded = false
|
||||
|
||||
$: multiTenancyEnabled = $admin.multiTenancy
|
||||
$: hasAdminUser = $admin?.checklist?.adminUser.checked
|
||||
$: hasAdminUser = $admin?.checklist?.adminUser?.checked
|
||||
$: tenantSet = $auth.tenantSet
|
||||
$: cloud = $admin.cloud
|
||||
|
||||
onMount(async () => {
|
||||
await admin.init()
|
||||
await auth.checkAuth()
|
||||
await admin.init()
|
||||
loaded = true
|
||||
})
|
||||
|
||||
$: {
|
||||
const apiReady = $admin.loaded && $auth.loaded
|
||||
// if tenant is not set go to it
|
||||
if (loaded && apiReady && multiTenancyEnabled && !tenantSet) {
|
||||
$redirect("./auth/org")
|
||||
}
|
||||
// Force creation of an admin user if one doesn't exist
|
||||
else if (loaded && apiReady && !hasAdminUser) {
|
||||
$redirect("./admin")
|
||||
// We should never see the org or admin user creation screens in the cloud
|
||||
if (!cloud) {
|
||||
const apiReady = $admin.loaded && $auth.loaded
|
||||
// if tenant is not set go to it
|
||||
if (loaded && apiReady && multiTenancyEnabled && !tenantSet) {
|
||||
$redirect("./auth/org")
|
||||
}
|
||||
// Force creation of an admin user if one doesn't exist
|
||||
else if (loaded && apiReady && !hasAdminUser) {
|
||||
$redirect("./admin")
|
||||
}
|
||||
}
|
||||
}
|
||||
// Redirect to log in at any time if the user isn't authenticated
|
||||
$: {
|
||||
if (
|
||||
loaded &&
|
||||
hasAdminUser &&
|
||||
(hasAdminUser || cloud) &&
|
||||
!$auth.user &&
|
||||
!$isActive("./auth") &&
|
||||
!$isActive("./invite")
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
|
||||
let tenantId = get(auth).tenantSet ? get(auth).tenantId : ""
|
||||
$: multiTenancyEnabled = $admin.multiTenancy
|
||||
$: cloud = $admin.cloud
|
||||
|
||||
async function setOrg() {
|
||||
if (tenantId == null || tenantId === "") {
|
||||
|
@ -25,7 +26,7 @@
|
|||
|
||||
onMount(async () => {
|
||||
await auth.checkQueryString()
|
||||
if (!multiTenancyEnabled) {
|
||||
if (!multiTenancyEnabled || cloud) {
|
||||
$goto("../")
|
||||
} else {
|
||||
admin.unload()
|
||||
|
|
|
@ -60,7 +60,7 @@
|
|||
}
|
||||
|
||||
// add link to account portal if the user has access
|
||||
if ($auth?.user?.account) {
|
||||
if ($auth?.user?.accountPortalAccess) {
|
||||
menu = menu.concat([
|
||||
{
|
||||
title: "Account",
|
||||
|
|
|
@ -197,10 +197,10 @@ exports.getSelf = async ctx => {
|
|||
// this will set the body
|
||||
await exports.find(ctx)
|
||||
|
||||
// append the account portal session information if present
|
||||
if (ctx.user.account) {
|
||||
ctx.body.account = ctx.user.account
|
||||
}
|
||||
// forward session information not found in db
|
||||
ctx.body.account = ctx.user.account
|
||||
ctx.body.budibaseAccess = ctx.user.budibaseAccess
|
||||
ctx.body.accountPortalAccess = ctx.user.accountPortalAccess
|
||||
}
|
||||
|
||||
exports.updateSelf = async ctx => {
|
||||
|
|
|
@ -84,7 +84,10 @@ router
|
|||
.use(buildTenancyMiddleware(PUBLIC_ENDPOINTS, NO_TENANCY_ENDPOINTS))
|
||||
// for now no public access is allowed to worker (bar health check)
|
||||
.use((ctx, next) => {
|
||||
if (!ctx.isAuthenticated && !ctx.publicEndpoint) {
|
||||
if (ctx.publicEndpoint) {
|
||||
return next()
|
||||
}
|
||||
if (!ctx.isAuthenticated || !ctx.user.budibaseAccess) {
|
||||
ctx.throw(403, "Unauthorized - no public worker access")
|
||||
}
|
||||
return next()
|
||||
|
|
Loading…
Reference in New Issue