Merge pull request #2614 from Budibase/feature/onboarding-backend

Access controls for cloud, self, and regular budibase users
This commit is contained in:
Rory Powell 2021-09-16 15:39:14 +01:00 committed by GitHub
commit 23d354ceda
6 changed files with 30 additions and 20 deletions

View File

@ -6,8 +6,10 @@ const EXPIRY_SECONDS = 3600
/**
* The default populate user function
*/
const populateFromDB = (userId, tenantId) => {
return getGlobalDB(tenantId).get(userId)
const populateFromDB = async (userId, tenantId) => {
const user = await getGlobalDB(tenantId).get(userId)
user.budibaseAccess = true
return user
}
/**

View File

@ -6,16 +6,19 @@
let loaded = false
$: multiTenancyEnabled = $admin.multiTenancy
$: hasAdminUser = $admin?.checklist?.adminUser.checked
$: hasAdminUser = $admin?.checklist?.adminUser?.checked
$: tenantSet = $auth.tenantSet
$: cloud = $admin.cloud
onMount(async () => {
await admin.init()
await auth.checkAuth()
await admin.init()
loaded = true
})
$: {
// We should never see the org or admin user creation screens in the cloud
if (!cloud) {
const apiReady = $admin.loaded && $auth.loaded
// if tenant is not set go to it
if (loaded && apiReady && multiTenancyEnabled && !tenantSet) {
@ -26,11 +29,12 @@
$redirect("./admin")
}
}
}
// Redirect to log in at any time if the user isn't authenticated
$: {
if (
loaded &&
hasAdminUser &&
(hasAdminUser || cloud) &&
!$auth.user &&
!$isActive("./auth") &&
!$isActive("./invite")

View File

@ -8,6 +8,7 @@
let tenantId = get(auth).tenantSet ? get(auth).tenantId : ""
$: multiTenancyEnabled = $admin.multiTenancy
$: cloud = $admin.cloud
async function setOrg() {
if (tenantId == null || tenantId === "") {
@ -25,7 +26,7 @@
onMount(async () => {
await auth.checkQueryString()
if (!multiTenancyEnabled) {
if (!multiTenancyEnabled || cloud) {
$goto("../")
} else {
admin.unload()

View File

@ -60,7 +60,7 @@
}
// add link to account portal if the user has access
if ($auth?.user?.account) {
if ($auth?.user?.accountPortalAccess) {
menu = menu.concat([
{
title: "Account",

View File

@ -197,10 +197,10 @@ exports.getSelf = async ctx => {
// this will set the body
await exports.find(ctx)
// append the account portal session information if present
if (ctx.user.account) {
// forward session information not found in db
ctx.body.account = ctx.user.account
}
ctx.body.budibaseAccess = ctx.user.budibaseAccess
ctx.body.accountPortalAccess = ctx.user.accountPortalAccess
}
exports.updateSelf = async ctx => {

View File

@ -84,7 +84,10 @@ router
.use(buildTenancyMiddleware(PUBLIC_ENDPOINTS, NO_TENANCY_ENDPOINTS))
// for now no public access is allowed to worker (bar health check)
.use((ctx, next) => {
if (!ctx.isAuthenticated && !ctx.publicEndpoint) {
if (ctx.publicEndpoint) {
return next()
}
if (!ctx.isAuthenticated || !ctx.user.budibaseAccess) {
ctx.throw(403, "Unauthorized - no public worker access")
}
return next()