MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into cheeks-fixes

This commit is contained in:
Andrew Kingston 2023-09-06 11:34:41 +01:00 committed by GitHub
parent 40611358c5 153fcdb63f
commit 256ee25609
72 changed files with 776 additions and 706 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
.github/workflows/README.md vendored
View File

@ -116,76 +116,3 @@ This job is responsible for deploying to our production, cloud kubernetes enviro
- Kick off cloud deploy job
- Ensure you are running off master
- Enter the version number of the last known good version of budibase. For example `1.0.0`
## Pro
| **NOTE**: When developing for both pro / budibase repositories, your branch names need to match, or else the correct pro doesn't get run within your CI job.
### Installing Pro
The pro package is always installed from source in our CI jobs.
This is done to prevent pro needing to be published prior to CI runs in budiabse. This is required for two reasons:
- To reduce developer need to manually bump versions, i.e:
- release pro, bump pro dep in budibase, now ci can run successfully
- The cyclic dependency on backend-core, i.e:
- pro depends on backend-core
- server depends on pro
- backend-core lives in the monorepo, so it can't be released independently to be used in pro
- therefore the only option is to pull pro from source and release it as a part of the monorepo release, as if it were a mono package
The install is performed using the same steps as local development, via the `yarn bootstrap` command, see the [Contributing Guide#Pro](../../docs/CONTRIBUTING.md#pro)
The branch to install pro from can vary depending on ref of the commit that triggered the budibase CI job. This is done to enable branches which have changes in both the monorepo and the pro repo to have their CI pass successfully.
This is done using the [pro/install.sh](../../scripts/pro/install.sh) script. The script will:
- Clone pro to it's default branch (`develop`)
- Check if the clone worked, on forked versions of budibase this will fail due to no access
- This is fine as the `yarn` command will install the version from NPM
- Community PRs should never touch pro so this will always work
- Checkout the `BRANCH` argument, if this fails fallback to `BASE_BRANCH`
- This enables the more complex case of a feature branch being merged to another feature branch, e.g.
- I am working on a branch `epic/stonks` which exists on budibase and pro.
- I want to merge a change to this branch in budibase from `feature/stonks-ui`, which only exists in budibase
- The base branch ensures that `epic/stonks` in pro will still be checked out for the CI run, rather than falling back to `develop`
- Run `yarn setup` to build and install dependencies
- `yarn`
- `yarn bootstrap`
- `yarn build`
- The will build .ts files, and also update the `main` and `types` of `package.json` to point to `dist` rather than src
- The build command will only ever work in CI, it is prevented in local dev
#### `BRANCH` and `BASE_BRANCH` arguments
These arguments are supplied by the various budibase build and release pipelines
- `budibase_ci`
- `BRANCH: ${{ github.event.pull_request.head.ref }}` -> The branch being merged
- `BASE_BRANCH: ${{ github.event.pull_request.base.ref}}` -> The base branch
- `release-develop`
- `BRANCH: develop` -> always use the `develop` branch in pro
- `release`
- `BRANCH: master` -> always use the `master` branch in pro
### Releasing Pro
After budibase dependencies have been released we will release the new version of pro to match the release version of budibase dependencies. This is to ensure that we are always keeping the version of `backend-core` in sync in the pro package and in budibase packages. Without this we could run into scenarios where different versions are being used when installed via `yarn` inside the docker images, creating very difficult to debug cases.
Pro is released using the [pro/release.sh](../../scripts/pro/release.sh) script. The script will:
- Inspect the `VERSION` from the `lerna.json` file in budibase
- Determine whether to use the `latest` or `develop` tag based on the command argument
- Go to pro directory
- install npm creds
- update the version of `backend-core` to be `VERSION`, the version just released by lerna
- publish to npm. Uses a `lerna publish` command, pro itself is a mono repo.
- force the version to be the same as `VERSION` to keep pro and budibase in sync
- reverts the changes to `main` and `types` in `package.json` that were made by the build step, to point back to source
- commit & push: `Prep next development iteration`
- Go to budibase
- Update to the new version of pro in `server` and `worker` so the latest pro version is used in the docker builds
- commit & push: `Update pro version to $VERSION`
#### `COMMAND` argument
This argument is supplied by the existing `release` and `release:develop` budibase commands, which invoke the pro release
- `release` will supply no command and default to use `latest`
- `release:develop` will supply `develop`

1
.github/workflows/release-selfhost.yml vendored
View File

@ -67,7 +67,6 @@ jobs:
- name: Bootstrap and build (CLI)
run: |
yarn
yarn bootstrap
yarn build
- name: Build OpenAPI spec

12
charts/budibase/templates/secrets.yaml
View File

@ -1,4 +1,5 @@
{{- if .Values.globals.createSecrets -}}
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "budibase.fullname" .) }}
{{- if .Values.globals.createSecrets }}
apiVersion: v1
kind: Secret
metadata:
@ -10,8 +11,15 @@ metadata:
heritage: "{{ .Release.Service }}"
type: Opaque
data:
{{- if $existingSecret }}
internalApiKey: {{ index $existingSecret.data "internalApiKey" }}
jwtSecret: {{ index $existingSecret.data "jwtSecret" }}
objectStoreAccess: {{ index $existingSecret.data "objectStoreAccess" }}
objectStoreSecret: {{ index $existingSecret.data "objectStoreSecret" }}
{{- else }}
internalApiKey: {{ template "budibase.defaultsecret" .Values.globals.internalApiKey }}
jwtSecret: {{ template "budibase.defaultsecret" .Values.globals.jwtSecret }}
objectStoreAccess: {{ template "budibase.defaultsecret" .Values.services.objectStore.accessKey }}
objectStoreSecret: {{ template "budibase.defaultsecret" .Values.services.objectStore.secretKey }}
{{- end -}}
{{- end }}
{{- end }}

2
docs/DEV-SETUP-DEBIAN.md
View File

@ -55,7 +55,7 @@ yarn setup
The yarn setup command runs several build steps i.e.
```
node ./hosting/scripts/setup.js && yarn && yarn bootstrap && yarn build && yarn dev
node ./hosting/scripts/setup.js && yarn && yarn build && yarn dev
```
So this command will actually run the application in dev mode. It creates .env files under `./packages/server` and `./packages/worker` and runs docker containers for each service via docker-compose.

2
docs/DEV-SETUP-MACOSX.md
View File

@ -55,7 +55,7 @@ yarn setup
The yarn setup command runs several build steps i.e.
```
node ./hosting/scripts/setup.js && yarn && yarn bootstrap && yarn build && yarn dev
node ./hosting/scripts/setup.js && yarn && yarn build && yarn dev
```
So this command will actually run the application in dev mode. It creates .env files under `./packages/server` and `./packages/worker` and runs docker containers for each service via docker-compose.

2
docs/DEV-SETUP-WINDOWS.md
View File

@ -74,7 +74,7 @@ yarn setup
The yarn setup command runs several build steps i.e.
```
node ./hosting/scripts/setup.js && yarn && yarn bootstrap && yarn build && yarn dev
node ./hosting/scripts/setup.js && yarn && yarn build && yarn dev
```
So this command will actually run the application in dev mode. It creates .env files under `./packages/server` and `./packages/worker` and runs docker containers for each service via docker-compose.

1
hosting/single/README.md
View File

@ -58,7 +58,6 @@ Node setup:
```
node ./hosting/scripts/setup.js
yarn
yarn bootstrap
yarn build
```
#### Build Image

1
hosting/tests/README.md
View File

@ -47,7 +47,6 @@ Node setup:
```
node ./hosting/scripts/setup.js
yarn
yarn bootstrap
yarn build
```
#### Build Image

2
lerna.json
View File

@ -1,5 +1,5 @@
{
"version": "2.9.33-alpha.11",
"version": "2.9.39-alpha.7",
"npmClient": "yarn",
"packages": [
"packages/*"

12
package.json
View File

@ -33,21 +33,18 @@
"scripts": {
"preinstall": "node scripts/syncProPackage.js",
"setup": "git config submodule.recurse true && git submodule update && node ./hosting/scripts/setup.js && yarn && yarn build && yarn dev",
"bootstrap": "./scripts/link-dependencies.sh && echo '***BOOTSTRAP ONLY REQUIRED FOR USE WITH ACCOUNT PORTAL***'",
"build": "lerna run build --stream",
"build:dev": "lerna run --stream prebuild && yarn nx run-many --target=build --output-style=dynamic --watch --preserveWatchOutput",
"check:types": "lerna run check:types",
"backend:bootstrap": "./scripts/scopeBackend.sh && yarn run bootstrap",
"backend:build": "./scripts/scopeBackend.sh 'lerna run --stream build'",
"build:sdk": "lerna run --stream build:sdk",
"deps:circular": "madge packages/server/dist/index.js packages/worker/src/index.ts packages/backend-core/dist/src/index.js packages/cli/src/index.js --circular",
"release": "lerna publish from-package --yes --force-publish --no-git-tag-version --no-push --no-git-reset",
"release:develop": "yarn release --dist-tag develop",
"restore": "yarn run clean && yarn run bootstrap && yarn run build",
"restore": "yarn run clean && yarn && yarn run build",
"nuke": "yarn run nuke:packages && yarn run nuke:docker",
"nuke:packages": "yarn run restore",
"nuke:docker": "lerna run --stream dev:stack:nuke",
"clean": "lerna clean",
"clean": "lerna clean -y",
"kill-builder": "kill-port 3000",
"kill-server": "kill-port 4001 4002",
"kill-all": "yarn run kill-builder && yarn run kill-server",
@ -93,9 +90,8 @@
"mode:account": "yarn mode:cloud && yarn env:account:enable",
"security:audit": "node scripts/audit.js",
"postinstall": "husky install",
"dep:clean": "yarn clean -y && yarn bootstrap",
"submodules:load": "git submodule init && git submodule update && yarn && yarn bootstrap",
"submodules:unload": "git submodule deinit --all && yarn && yarn bootstrap"
"submodules:load": "git submodule init && git submodule update && yarn",
"submodules:unload": "git submodule deinit --all && yarn"
},
"workspaces": {
"packages": [

2
packages/backend-core/.npmignore
View File

@ -2,3 +2,5 @@
!dist/**/*
dist/tsconfig.build.tsbuildinfo
!package.json
!src/**
!tests/**

2
packages/backend-core/package.json
View File

@ -6,7 +6,7 @@
"types": "dist/src/index.d.ts",
"exports": {
".": "./dist/index.js",
"./tests": "./dist/tests.js",
"./tests": "./dist/tests/index.js",
"./*": "./dist/*.js"
},
"author": "Budibase",

18
packages/backend-core/scripts/build.js
View File

@ -1,6 +1,22 @@
#!/usr/bin/node
const coreBuild = require("../../../scripts/build")
coreBuild("./src/plugin/index.ts", "./dist/plugins.js")
coreBuild("./src/index.ts", "./dist/index.js")
coreBuild("./tests/index.ts", "./dist/tests.js")
const glob = require("glob")
const inputFiles = [
...glob.sync("./src/**/*.[tj]s", { nodir: true }),
...glob.sync("./tests/**/*.[tj]s", { nodir: true }),
]
const path = require("path")
for (const file of inputFiles) {
coreBuild(file, `./${path.join("dist", file.replace(/\.ts$/, ".js"))}`, {
skipMeta: true,
bundle: false,
forcedFormat: "cjs",
silent: true,
})
}

14
packages/backend-core/src/db/couch/DatabaseImpl.ts
View File

@ -8,7 +8,6 @@ import {
DatabasePutOpts,
DatabaseCreateIndexOpts,
DatabaseDeleteIndexOpts,
DocExistsResponse,
Document,
isDocument,
} from "@budibase/types"
@ -121,19 +120,6 @@ export class DatabaseImpl implements Database {
return this.updateOutput(() => db.get(id))
}
async docExists(docId: string): Promise<DocExistsResponse> {
const db = await this.checkSetup()
let _rev, exists
try {
const { etag } = await db.head(docId)
_rev = etag
exists = true
} catch (err) {
exists = false
}
return { _rev, exists }
}
async remove(idOrDoc: string | Document, rev?: string) {
const db = await this.checkSetup()
let _id: string

6
packages/backend-core/src/db/db.ts
View File

@ -11,7 +11,11 @@ export function getDB(dbName?: string, opts?: any): Database {
// we have to use a callback for this so that we can close
// the DB when we're done, without this manual requests would
// need to close the database when done with it to avoid memory leaks
export async function doWithDB(dbName: string, cb: any, opts = {}) {
export async function doWithDB<T>(
dbName: string,
cb: (db: Database) => Promise<T>,
opts = {}
) {
const db = getDB(dbName, opts)
// need this to be async so that we can correctly close DB after all
// async operations have been completed

3
packages/backend-core/src/security/permissions.ts
View File

@ -87,6 +87,7 @@ export const BUILTIN_PERMISSIONS = {
new Permission(PermissionType.QUERY, PermissionLevel.WRITE),
new Permission(PermissionType.TABLE, PermissionLevel.WRITE),
new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
],
},
POWER: {
@ -97,6 +98,7 @@ export const BUILTIN_PERMISSIONS = {
new Permission(PermissionType.USER, PermissionLevel.READ),
new Permission(PermissionType.AUTOMATION, PermissionLevel.EXECUTE),
new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
],
},
ADMIN: {
@ -108,6 +110,7 @@ export const BUILTIN_PERMISSIONS = {
new Permission(PermissionType.AUTOMATION, PermissionLevel.ADMIN),
new Permission(PermissionType.WEBHOOK, PermissionLevel.READ),
new Permission(PermissionType.QUERY, PermissionLevel.ADMIN),
new Permission(PermissionType.LEGACY_VIEW, PermissionLevel.READ),
],
},
}

37
packages/backend-core/src/security/roles.ts
View File

@ -253,7 +253,7 @@ export function checkForRoleResourceArray(
* Given an app ID this will retrieve all of the roles that are currently within that app.
* @return {Promise<object[]>} An array of the role objects that were found.
*/
export async function getAllRoles(appId?: string) {
export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
if (appId) {
return doWithDB(appId, internal)
} else {
@ -312,37 +312,6 @@ export async function getAllRoles(appId?: string) {
}
}
/**
* This retrieves the required role for a resource
* @param permLevel The level of request
* @param resourceId The resource being requested
* @param subResourceId The sub resource being requested
* @return {Promise<{permissions}|Object>} returns the permissions required to access.
*/
export async function getRequiredResourceRole(
permLevel: string,
{ resourceId, subResourceId }: { resourceId?: string; subResourceId?: string }
) {
const roles = await getAllRoles()
let main = [],
sub = []
for (let role of roles) {
// no permissions, ignore it
if (!role.permissions) {
continue
}
const mainRes = resourceId ? role.permissions[resourceId] : undefined
const subRes = subResourceId ? role.permissions[subResourceId] : undefined
if (mainRes && mainRes.indexOf(permLevel) !== -1) {
main.push(role._id)
} else if (subRes && subRes.indexOf(permLevel) !== -1) {
sub.push(role._id)
}
}
// for now just return the IDs
return main.concat(sub)
}
export class AccessController {
userHierarchies: { [key: string]: string[] }
constructor() {
@ -411,8 +380,8 @@ export function getDBRoleID(roleName: string) {
export function getExternalRoleID(roleId: string, version?: string) {
// for built-in roles we want to remove the DB role ID element (role_)
if (
(roleId.startsWith(DocumentType.ROLE) && isBuiltin(roleId)) ||
version === RoleIDVersion.NAME
roleId.startsWith(DocumentType.ROLE) &&
(isBuiltin(roleId) || version === RoleIDVersion.NAME)
) {
return roleId.split(`${DocumentType.ROLE}${SEPARATOR}`)[1]
}

2
packages/bbui/src/Form/Core/Picker.svelte
View File

@ -102,7 +102,7 @@
bind:this={button}
>
{#if fieldIcon}
{#if !useOptionIconImage}x
{#if !useOptionIconImage}
<span class="option-extra icon">
<Icon size="S" name={fieldIcon} />
</span>

2
packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowItem.svelte
View File

@ -73,7 +73,7 @@
if (!perms["execute"]) {
role = "BASIC"
} else {
role = perms["execute"]
role = perms["execute"].role
}
}

11
packages/builder/src/components/backend/DataTable/ViewDataTable.svelte
View File

@ -10,6 +10,7 @@
import ManageAccessButton from "./buttons/ManageAccessButton.svelte"
import HideAutocolumnButton from "./buttons/HideAutocolumnButton.svelte"
import { notifications } from "@budibase/bbui"
import { ROW_EXPORT_FORMATS } from "constants/backend"
export let view = {}
@ -19,6 +20,14 @@
let type = "internal"
$: name = view.name
$: calculation = view.calculation
$: supportedFormats = Object.values(ROW_EXPORT_FORMATS).filter(key => {
if (calculation && key === ROW_EXPORT_FORMATS.JSON_WITH_SCHEMA) {
return false
}
return true
})
// Fetch rows for specified view
$: fetchViewData(name, view.field, view.groupBy, view.calculation)
@ -68,5 +77,5 @@
{/if}
<ManageAccessButton resourceId={decodeURI(name)} />
<HideAutocolumnButton bind:hideAutocolumns />
<ExportButton view={view.name} />
<ExportButton view={view.name} formats={supportedFormats} />
</Table>

3
packages/builder/src/components/backend/DataTable/buttons/ExportButton.svelte
View File

@ -7,6 +7,7 @@
export let sorting
export let disabled = false
export let selectedRows
export let formats
let modal
</script>
@ -15,5 +16,5 @@
Export
</ActionButton>
<Modal bind:this={modal}>
<ExportModal {view} {filters} {sorting} {selectedRows} />
<ExportModal {view} {filters} {sorting} {selectedRows} {formats} />
</Modal>

14
packages/builder/src/components/backend/DataTable/buttons/ManageAccessButton.svelte
View File

@ -5,25 +5,19 @@
export let resourceId
export let disabled = false
export let requiresLicence
let modal
let resourcePermissions
async function openDropdown() {
resourcePermissions = await permissions.forResource(resourceId)
async function openModal() {
resourcePermissions = await permissions.forResourceDetailed(resourceId)
modal.show()
}
</script>
<ActionButton icon="LockClosed" quiet on:click={openDropdown} {disabled}>
<ActionButton icon="LockClosed" quiet on:click={openModal} {disabled}>
Access
</ActionButton>
<Modal bind:this={modal}>
<ManageAccessModal
{resourceId}
{requiresLicence}
levels={$permissions}
permissions={resourcePermissions}
/>
<ManageAccessModal {resourceId} permissions={resourcePermissions} />
</Modal>

14
packages/builder/src/components/backend/DataTable/buttons/grid/GridManageAccessButton.svelte
View File

@ -1,5 +1,4 @@
<script>
import { licensing, admin } from "stores/portal"
import ManageAccessButton from "../ManageAccessButton.svelte"
import { getContext } from "svelte"
@ -13,17 +12,6 @@
}
return datasource.type === "table" ? datasource.tableId : datasource.id
}
var requiresLicence
$: {
if ($datasource.type === "viewV2" && !$licensing.isViewPermissionsEnabled) {
const requiredLicense = $admin?.cloud ? "Premium" : "Business"
requiresLicence = {
tier: requiredLicense,
message: `A ${requiredLicense} subscription is required to specify access level roles for this view.`,
}
}
}
</script>
<ManageAccessButton {resourceId} {requiresLicence} />
<ManageAccessButton {resourceId} />

47
packages/builder/src/components/backend/DataTable/modals/ExportModal.svelte
View File

@ -9,30 +9,43 @@
import download from "downloadjs"
import { API } from "api"
import { Constants, LuceneUtils } from "@budibase/frontend-core"
const FORMATS = [
{
name: "CSV",
key: "csv",
},
{
name: "JSON",
key: "json",
},
{
name: "JSON with Schema",
key: "jsonWithSchema",
},
]
import { ROW_EXPORT_FORMATS } from "constants/backend"
export let view
export let filters
export let sorting
export let selectedRows = []
export let formats
let exportFormat = FORMATS[0].key
const FORMATS = [
{
name: "CSV",
key: ROW_EXPORT_FORMATS.CSV,
},
{
name: "JSON",
key: ROW_EXPORT_FORMATS.JSON,
},
{
name: "JSON with Schema",
key: ROW_EXPORT_FORMATS.JSON_WITH_SCHEMA,
},
]
$: options = FORMATS.filter(format => {
if (formats && !formats.includes(format.key)) {
return false
}
return true
})
let exportFormat
let filterLookup
$: if (options && !exportFormat) {
exportFormat = Array.isArray(options) ? options[0]?.key : []
}
$: luceneFilter = LuceneUtils.buildLuceneQuery(filters)
$: exportOpDisplay = buildExportOpDisplay(sorting, filterDisplay, filters)
@ -190,7 +203,7 @@
<Select
label="Format"
bind:value={exportFormat}
options={FORMATS}
{options}
placeholder={null}
getOptionLabel={x => x.name}
getOptionValue={x => x.key}

94
packages/builder/src/components/backend/DataTable/modals/ManageAccessModal.svelte
View File

@ -1,4 +1,5 @@
<script>
import { PermissionSource } from "@budibase/types"
import { roles, permissions as permissionsStore } from "stores/backend"
import {
Label,
@ -9,59 +10,127 @@
ModalContent,
Tags,
Tag,
Icon,
} from "@budibase/bbui"
import { capitalise } from "helpers"
import { get } from "svelte/store"
export let resourceId
export let permissions
export let requiresLicence
const inheritedRoleId = "inherited"
async function changePermission(level, role) {
try {
if (role === inheritedRoleId) {
await permissionsStore.remove({
level,
role,
resource: resourceId,
})
} else {
await permissionsStore.save({
level,
role,
resource: resourceId,
})
}
// Show updated permissions in UI: REMOVE
permissions = await permissionsStore.forResource(resourceId)
permissions = await permissionsStore.forResourceDetailed(resourceId)
notifications.success("Updated permissions")
} catch (error) {
notifications.error("Error updating permissions")
}
}
$: computedPermissions = Object.entries(permissions.permissions).reduce(
(p, [level, roleInfo]) => {
p[level] = {
selectedValue:
roleInfo.permissionType === PermissionSource.INHERITED
? inheritedRoleId
: roleInfo.role,
options: [...get(roles)],
}
if (roleInfo.inheritablePermission) {
p[level].inheritOption = roleInfo.inheritablePermission
p[level].options.unshift({
_id: inheritedRoleId,
name: `Inherit (${
get(roles).find(x => x._id === roleInfo.inheritablePermission).name
})`,
})
}
return p
},
{}
)
$: requiresPlanToModify = permissions.requiresPlanToModify
let dependantsInfoMessage
async function loadDependantInfo() {
const dependantsInfo = await permissionsStore.getDependantsInfo(resourceId)
const resourceByType = dependantsInfo?.resourceByType
if (resourceByType) {
const total = Object.values(resourceByType).reduce((p, c) => p + c, 0)
let resourceDisplay =
Object.keys(resourceByType).length === 1 && resourceByType.view
? "view"
: "resource"
if (total === 1) {
dependantsInfoMessage = `1 ${resourceDisplay} is inheriting this access.`
} else if (total > 1) {
dependantsInfoMessage = `${total} ${resourceDisplay}s are inheriting this access.`
}
}
}
loadDependantInfo()
</script>
<ModalContent showCancelButton={false} confirmText="Done">
<span slot="header">
Manage Access
{#if requiresLicence}
{#if requiresPlanToModify}
<span class="lock-tag">
<Tags>
<Tag icon="LockClosed">{requiresLicence.tier}</Tag>
<Tag icon="LockClosed">{capitalise(requiresPlanToModify)}</Tag>
</Tags>
</span>
{/if}
</span>
{#if requiresLicence}
<Body size="S">{requiresLicence.message}</Body>
{:else}
<Body size="S">Specify the minimum access level role for this data.</Body>
<div class="row">
<Label extraSmall grey>Level</Label>
<Label extraSmall grey>Role</Label>
{#each Object.keys(permissions) as level}
{#each Object.keys(computedPermissions) as level}
<Input value={capitalise(level)} disabled />
<Select
value={permissions[level]}
disabled={requiresPlanToModify}
placeholder={false}
value={computedPermissions[level].selectedValue}
on:change={e => changePermission(level, e.detail)}
options={$roles}
options={computedPermissions[level].options}
getOptionLabel={x => x.name}
getOptionValue={x => x._id}
/>
{/each}
</div>
{#if dependantsInfoMessage}
<div class="inheriting-resources">
<Icon name="Alert" />
<Body size="S">
<i>
{dependantsInfoMessage}
</i>
</Body>
</div>
{/if}
</ModalContent>
@ -75,4 +144,9 @@
.lock-tag {
padding-left: var(--spacing-s);
}
.inheriting-resources {
display: flex;
gap: var(--spacing-s);
}
</style>

4
packages/builder/src/components/backend/Datasources/CreateEditRelationship.svelte
View File

@ -290,11 +290,11 @@
datasource.entities[getTable(toId).name].schema[toRelationship.name] =
toRelationship
await save()
await save({ action: "saved" })
}
async function deleteRelationship() {
removeExistingRelationship()
await save()
await save({ action: "deleted" })
await tables.fetch()
close()
}

2
packages/builder/src/components/backend/Datasources/CreateEditRelationshipModal.svelte
View File

@ -33,7 +33,7 @@
}
// action is one of 'created', 'updated' or 'deleted'
async function saveRelationship(action) {
async function saveRelationship({ action }) {
try {
await beforeSave({ action, datasource })

2
packages/builder/src/components/integration/AccessLevelSelect.svelte
View File

@ -40,7 +40,7 @@
return
}
try {
roleId = (await permissions.forResource(queryToFetch._id))["read"]
roleId = (await permissions.forResource(queryToFetch._id))["read"].role
} catch (err) {
roleId = Constants.Roles.BASIC
}

6
packages/builder/src/constants/backend/index.js
View File

@ -287,3 +287,9 @@ export const DatasourceTypes = {
GRAPH: "Graph",
API: "API",
}
export const ROW_EXPORT_FORMATS = {
CSV: "csv",
JSON: "json",
JSON_WITH_SCHEMA: "jsonWithSchema",
}

62
packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
View File

@ -120,7 +120,7 @@
await usersFetch.refresh()
filteredUsers = $usersFetch.rows
.filter(user => !user?.admin?.global) // filter out global admins
.filter(user => user.email !== $auth.user.email)
.map(user => {
const isAdminOrGlobalBuilder = sdk.users.isAdminOrGlobalBuilder(
user,
@ -150,13 +150,10 @@
}
const sortInviteRoles = (a, b) => {
const aEmpty =
!a.info?.appBuilders?.length && Object.keys(a.info.apps).length === 0
const bEmpty =
!b.info?.appBuilders?.length && Object.keys(b.info.apps).length === 0
const aAppsEmpty = !a.info?.apps?.length && !a.info?.builder?.apps?.length
const bAppsEmpty = !b.info?.apps?.length && !b.info?.builder?.apps?.length
if (aEmpty && !bEmpty) return 1
if (!aEmpty && bEmpty) return -1
return aAppsEmpty && !bAppsEmpty ? 1 : !aAppsEmpty && bAppsEmpty ? -1 : 0
}
const sortRoles = (a, b) => {
@ -366,18 +363,19 @@
const payload = [
{
email: newUserEmail,
builder: !!creationRoleType === Constants.BudibaseRoles.Admin,
admin: !!creationRoleType === Constants.BudibaseRoles.Admin,
builder: { global: creationRoleType === Constants.BudibaseRoles.Admin },
admin: { global: creationRoleType === Constants.BudibaseRoles.Admin },
},
]
if (creationAccessType === Constants.Roles.CREATOR) {
payload[0].appBuilders = [prodAppId]
} else {
payload[0].apps = {
[prodAppId]: creationAccessType,
}
const notCreatingAdmin = creationRoleType !== Constants.BudibaseRoles.Admin
const isCreator = creationAccessType === Constants.Roles.CREATOR
if (notCreatingAdmin && isCreator) {
payload[0].builder.apps = [prodAppId]
} else if (notCreatingAdmin && !isCreator) {
payload[0].apps = { [prodAppId]: creationAccessType }
}
let userInviteResponse
try {
userInviteResponse = await users.onboard(payload)
@ -438,10 +436,11 @@
}
if (role === Constants.Roles.CREATOR) {
updateBody.appBuilders = [...(updateBody.appBuilders ?? []), prodAppId]
updateBody.builder = updateBody.builder || {}
updateBody.builder.apps = [...(updateBody.builder.apps ?? []), prodAppId]
delete updateBody?.apps?.[prodAppId]
} else if (role !== Constants.Roles.CREATOR && invite?.appBuilders) {
invite.appBuilders = []
} else if (role !== Constants.Roles.CREATOR && invite?.builder?.apps) {
invite.builder.apps = []
}
await users.updateInvite(updateBody)
await filterInvites(query)
@ -494,6 +493,18 @@
}
}
const getInviteRoleValue = invite => {
if (invite.info?.admin?.global && invite.info?.builder?.global) {
return Constants.Roles.ADMIN
}
if (invite.info?.builder?.apps?.includes(prodAppId)) {
return Constants.Roles.CREATOR
}
return invite.info.apps?.[prodAppId]
}
const getRoleFooter = user => {
if (user.group) {
const role = $roles.find(role => role._id === user.role)
@ -531,7 +542,9 @@
<Heading size="S">{invitingFlow ? "Invite new user" : "Users"}</Heading>
</div>
<div class="header">
{#if !invitingFlow}
<Button on:click={openInviteFlow} size="S" cta>Invite user</Button>
{/if}
<Icon
color="var(--spectrum-global-color-gray-600)"
name="RailRightClose"
@ -600,6 +613,11 @@
<div class="auth-entity-access-title">Access</div>
</div>
{#each filteredInvites as invite}
{@const user = {
isAdminOrGlobalBuilder:
invite.info?.admin?.global && invite.info?.builder?.global,
}}
<div class="auth-entity">
<div class="details">
<div class="user-email" title={invite.email}>
@ -608,10 +626,9 @@
</div>
<div class="auth-entity-access">
<RoleSelect
footer={getRoleFooter(user)}
placeholder={false}
value={invite.info?.appBuilders?.includes(prodAppId)
? Constants.Roles.CREATOR
: invite.info.apps?.[prodAppId]}
value={getInviteRoleValue(invite)}
allowRemove={invite.info.apps?.[prodAppId]}
allowPublic={false}
allowCreator={true}
@ -624,6 +641,9 @@
}}
autoWidth
align="right"
allowedRoles={user.isAdminOrGlobalBuilder
? [Constants.Roles.ADMIN]
: null}
/>
</div>
</div>

4
packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte
View File

@ -46,7 +46,7 @@
let loaded = false
let editModal, deleteModal
$: console.log(group)
$: scimEnabled = $features.isScimEnabled
$: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
$: group = $groups.find(x => x._id === groupId)
@ -62,7 +62,7 @@
? Constants.Roles.CREATOR
: group?.roles?.[apps.getProdAppID(app.devId)],
}))
$: console.log(groupApps)
$: {
if (loaded && !group?._id) {
$goto("./")

9
packages/builder/src/pages/builder/portal/users/users/_components/AppsTableRenderer.svelte
View File

@ -5,7 +5,6 @@
export let value
export let row
$: console.log(row)
$: priviliged = sdk.users.isAdminOrBuilder(row)
$: count = getCount(row)
@ -14,10 +13,10 @@
return $apps.length
} else {
return sdk.users.hasAppBuilderPermissions(row)
? row.builder.apps.length +
Object.keys(row.roles || {}).filter(appId =>
row.builder.apps.includes(appId)
).length
? row?.builder?.apps?.length +
Object.keys(row.roles || {}).filter(appId => {
row?.builder?.apps?.includes(appId)
}).length
: value?.length || 0
}
}

2
packages/builder/src/pages/builder/portal/users/users/_components/RoleTableRenderer.svelte
View File

@ -10,7 +10,7 @@
admin: "Full access",
}
$: role = Constants.BudibaseRoleOptions.find(
$: role = Constants.BudibaseRoleOptionsOld.find(
x => x.value === users.getUserRole(row)
)
$: value = role?.label || "Not available"

13
packages/builder/src/stores/backend/permissions.js
View File

@ -13,9 +13,22 @@ export function createPermissionStore() {
level,
})
},
remove: async ({ level, role, resource }) => {
return await API.removePermissionFromResource({
resourceId: resource,
roleId: role,
level,
})
},
forResource: async resourceId => {
return (await API.getPermissionForResource(resourceId)).permissions
},
forResourceDetailed: async resourceId => {
return await API.getPermissionForResource(resourceId)
},
getDependantsInfo: async resourceId => {
return await API.getDependants(resourceId)
},
}
}

7
packages/builder/src/stores/portal/users.js
View File

@ -121,8 +121,11 @@ export function createUsersStore() {
}
const getUserRole = user =>
sdk.users.isAdminOrGlobalBuilder(user) ? "admin" : "appUser"
sdk.users.isAdmin(user)
? "admin"
: sdk.users.isBuilder(user)
? "developer"
: "appUser"
const refreshUsage =
fn =>
async (...args) => {

2
packages/client/src/components/app/forms/InnerForm.svelte
View File

@ -136,7 +136,7 @@
// Check arrays - remove any values not present in the field schema and
// convert any values supplied to strings
if (Array.isArray(value) && type === "array" && schema) {
const options = schema?.constraints.inclusion || []
const options = schema?.constraints?.inclusion || []
return value.map(opt => String(opt)).filter(opt => options.includes(opt))
}
return value

23
packages/frontend-core/src/api/permissions.js
View File

@ -21,4 +21,27 @@ export const buildPermissionsEndpoints = API => ({
url: `/api/permission/${roleId}/${resourceId}/${level}`,
})
},
/**
* Remove the the permissions for a certain resource
* @param resourceId the ID of the resource to update
* @param roleId the ID of the role to update the permissions of
* @param level the level to remove the role for this resource
* @return {Promise<*>}
*/
removePermissionFromResource: async ({ resourceId, roleId, level }) => {
return await API.delete({
url: `/api/permission/${roleId}/${resourceId}/${level}`,
})
},
/**
* Gets info about the resources that depend on this resource permissions
* @param resourceId the resource ID to check
*/
getDependants: async resourceId => {
return await API.get({
url: `/api/permission/${resourceId}/dependants`,
})
},
})

14
packages/frontend-core/src/api/user.js
View File

@ -144,8 +144,8 @@ export const buildUserEndpoints = API => ({
body: {
email,
userInfo: {
admin: admin ? { global: true } : undefined,
builder: builder ? { global: true } : undefined,
admin: admin?.global ? { global: true } : undefined,
builder: builder?.global ? { global: true } : undefined,
apps: apps ? apps : undefined,
},
},
@ -156,14 +156,13 @@ export const buildUserEndpoints = API => ({
return await API.post({
url: "/api/global/users/onboard",
body: payload.map(invite => {
const { email, admin, builder, apps, appBuilders } = invite
const { email, admin, builder, apps } = invite
return {
email,
userInfo: {
admin: admin ? { global: true } : undefined,
builder: builder ? { global: true } : undefined,
admin,
builder,
apps: apps ? apps : undefined,
appBuilders,
},
}
}),
@ -176,12 +175,11 @@ export const buildUserEndpoints = API => ({
* @param invite the invite code sent in the email
*/
updateUserInvite: async invite => {
console.log(invite)
await API.post({
url: `/api/global/users/invite/update/${invite.code}`,
body: {
apps: invite.apps,
appBuilders: invite.appBuilders,
builder: invite.builder,
},
})
},

5
packages/frontend-core/src/constants.js
View File

@ -23,6 +23,11 @@ export const BudibaseRoles = {
Admin: "admin",
}
export const BudibaseRoleOptionsOld = [
{ label: "Developer", value: BudibaseRoles.Developer },
{ label: "Member", value: BudibaseRoles.AppUser },
{ label: "Admin", value: BudibaseRoles.Admin },
]
export const BudibaseRoleOptions = [
{ label: "Member", value: BudibaseRoles.AppUser },
{ label: "Admin", value: BudibaseRoles.Admin },

4
packages/server/src/api/controllers/application.ts
View File

@ -39,8 +39,9 @@ import {
} from "../../db/defaultData/datasource_bb_default"
import { removeAppFromUserRoles } from "../../utilities/workerRequests"
import { stringToReadStream } from "../../utilities"
import { doesUserHaveLock } from "../../utilities/redis"
import { doesUserHaveLock, getLocksById } from "../../utilities/redis"
import { cleanupAutomations } from "../../automations/utils"
import { checkAppMetadata } from "../../automations/logging"
import { getUniqueRows } from "../../utilities/usageQuota/rows"
import { groups, licensing, quotas } from "@budibase/pro"
import {
@ -50,6 +51,7 @@ import {
PlanType,
Screen,
UserCtx,
ContextUser,
} from "@budibase/types"
import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
import sdk from "../../sdk"

29
packages/server/src/api/controllers/automation.ts
View File

@ -20,7 +20,7 @@ import {
Automation,
AutomationActionStepId,
AutomationResults,
Ctx,
BBContext,
} from "@budibase/types"
import { getActionDefinitions as actionDefs } from "../../automations/actions"
import sdk from "../../sdk"
@ -73,7 +73,7 @@ function cleanAutomationInputs(automation: Automation) {
return automation
}
export async function create(ctx: Ctx) {
export async function create(ctx: BBContext) {
const db = context.getAppDB()
let automation = ctx.request.body
automation.appId = ctx.appId
@ -142,7 +142,7 @@ export async function handleStepEvents(
}
}
export async function update(ctx: Ctx) {
export async function update(ctx: BBContext) {
const db = context.getAppDB()
let automation = ctx.request.body
automation.appId = ctx.appId
@ -193,7 +193,7 @@ export async function update(ctx: Ctx) {
builderSocket?.emitAutomationUpdate(ctx, automation)
}
export async function fetch(ctx: Ctx) {
export async function fetch(ctx: BBContext) {
const db = context.getAppDB()
const response = await db.allDocs(
getAutomationParams(null, {
@ -203,11 +203,12 @@ export async function fetch(ctx: Ctx) {
ctx.body = response.rows.map(row => row.doc)
}
export async function find(ctx: Ctx) {
ctx.body = await sdk.automations.get(ctx.params.id)
export async function find(ctx: BBContext) {
const db = context.getAppDB()
ctx.body = await db.get(ctx.params.id)
}
export async function destroy(ctx: Ctx) {
export async function destroy(ctx: BBContext) {
const db = context.getAppDB()
const automationId = ctx.params.id
const oldAutomation = await db.get<Automation>(automationId)
@ -221,11 +222,11 @@ export async function destroy(ctx: Ctx) {
builderSocket?.emitAutomationDeletion(ctx, automationId)
}
export async function logSearch(ctx: Ctx) {
export async function logSearch(ctx: BBContext) {
ctx.body = await automations.logs.logSearch(ctx.request.body)
}
export async function clearLogError(ctx: Ctx) {
export async function clearLogError(ctx: BBContext) {
const { automationId, appId } = ctx.request.body
await context.doInAppContext(appId, async () => {
const db = context.getProdAppDB()
@ -244,15 +245,15 @@ export async function clearLogError(ctx: Ctx) {
})
}
export async function getActionList(ctx: Ctx) {
export async function getActionList(ctx: BBContext) {
ctx.body = await getActionDefinitions()
}
export async function getTriggerList(ctx: Ctx) {
export async function getTriggerList(ctx: BBContext) {
ctx.body = getTriggerDefinitions()
}
export async function getDefinitionList(ctx: Ctx) {
export async function getDefinitionList(ctx: BBContext) {
ctx.body = {
trigger: getTriggerDefinitions(),
action: await getActionDefinitions(),
@ -265,7 +266,7 @@ export async function getDefinitionList(ctx: Ctx) {
* *
*********************/
export async function trigger(ctx: Ctx) {
export async function trigger(ctx: BBContext) {
const db = context.getAppDB()
let automation = await db.get<Automation>(ctx.params.id)
@ -310,7 +311,7 @@ function prepareTestInput(input: any) {
return input
}
export async function test(ctx: Ctx) {
export async function test(ctx: BBContext) {
const db = context.getAppDB()
let automation = await db.get<Automation>(ctx.params.id)
await setTestFlag(automation._id!)

63
packages/server/src/api/controllers/permission.ts
View File

@ -1,5 +1,13 @@
import { permissions, roles, context, HTTPError } from "@budibase/backend-core"
import { UserCtx, Database, Role, PermissionLevel } from "@budibase/types"
import {
UserCtx,
Database,
Role,
PermissionLevel,
GetResourcePermsResponse,
ResourcePermissionInfo,
GetDependantResourcesResponse,
} from "@budibase/types"
import { getRoleParams } from "../../db/utils"
import {
CURRENTLY_SUPPORTED_LEVELS,
@ -145,33 +153,40 @@ export async function fetch(ctx: UserCtx) {
ctx.body = finalPermissions
}
export async function getResourcePerms(ctx: UserCtx) {
export async function getResourcePerms(
ctx: UserCtx<void, GetResourcePermsResponse>
) {
const resourceId = ctx.params.resourceId
const db = context.getAppDB()
const body = await db.allDocs(
getRoleParams(null, {
include_docs: true,
})
)
const rolesList = body.rows.map(row => row.doc)
let permissions: Record<string, string> = {}
for (let level of SUPPORTED_LEVELS) {
// update the various roleIds in the resource permissions
for (let role of rolesList) {
const rolePerms = roles.checkForRoleResourceArray(
role.permissions,
resourceId
)
if (
rolePerms &&
rolePerms[resourceId] &&
rolePerms[resourceId].indexOf(level) !== -1
) {
permissions[level] = roles.getExternalRoleID(role._id, role.version)!
const resourcePermissions = await sdk.permissions.getResourcePerms(resourceId)
const inheritablePermissions =
await sdk.permissions.getInheritablePermissions(resourceId)
ctx.body = {
permissions: Object.entries(resourcePermissions).reduce(
(p, [level, role]) => {
p[level] = {
role: role.role,
permissionType: role.type,
inheritablePermission:
inheritablePermissions && inheritablePermissions[level].role,
}
return p
},
{} as Record<string, ResourcePermissionInfo>
),
requiresPlanToModify: (
await sdk.permissions.allowsExplicitPermissions(resourceId)
).minPlan,
}
}
export async function getDependantResources(
ctx: UserCtx<void, GetDependantResourcesResponse>
) {
const resourceId = ctx.params.resourceId
ctx.body = {
resourceByType: await sdk.permissions.getDependantResources(resourceId),
}
ctx.body = Object.assign(getBasePermissions(resourceId), permissions)
}
export async function addPermission(ctx: UserCtx) {

2
packages/server/src/api/controllers/row/index.ts
View File

@ -95,7 +95,7 @@ export async function fetchView(ctx: any) {
() =>
sdk.rows.fetchView(tableId, viewName, {
calculation,
group,
group: calculation ? group : null,
field,
}),
{

2
packages/server/src/api/controllers/view/exporters.ts
View File

@ -27,7 +27,7 @@ export function json(rows: Row[]) {
export function jsonWithSchema(schema: TableSchema, rows: Row[]) {
const newSchema: TableSchema = {}
Object.values(schema).forEach(column => {
if (!column.autocolumn) {
if (!column.autocolumn && column.name) {
newSchema[column.name] = column
}
})

5
packages/server/src/api/routes/permission.ts
View File

@ -23,6 +23,11 @@ router
authorized(permissions.BUILDER),
controller.getResourcePerms
)
.get(
"/api/permission/:resourceId/dependants",
authorized(permissions.BUILDER),
controller.getDependantResources
)
// adding a specific role/level for the resource overrides the underlying access control
.post(
"/api/permission/:roleId/:resourceId/:level",

37
packages/server/src/api/routes/tests/permissions.spec.ts
View File

@ -1,5 +1,6 @@
const mockedSdk = sdk.permissions as jest.Mocked<typeof sdk.permissions>
jest.mock("../../../sdk/app/permissions", () => ({
...jest.requireActual("../../../sdk/app/permissions"),
resourceActionAllowed: jest.fn(),
}))
@ -78,8 +79,12 @@ describe("/permission", () => {
.set(config.defaultHeaders())
.expect("Content-Type", /json/)
.expect(200)
expect(res.body["read"]).toEqual(STD_ROLE_ID)
expect(res.body["write"]).toEqual(HIGHER_ROLE_ID)
expect(res.body).toEqual({
permissions: {
read: { permissionType: "EXPLICIT", role: STD_ROLE_ID },
write: { permissionType: "BASE", role: HIGHER_ROLE_ID },
},
})
})
it("should get resource permissions with multiple roles", async () => {
@ -89,15 +94,20 @@ describe("/permission", () => {
level: PermissionLevel.WRITE,
})
const res = await config.api.permission.get(table._id)
expect(res.body["read"]).toEqual(STD_ROLE_ID)
expect(res.body["write"]).toEqual(HIGHER_ROLE_ID)
expect(res.body).toEqual({
permissions: {
read: { permissionType: "EXPLICIT", role: STD_ROLE_ID },
write: { permissionType: "EXPLICIT", role: HIGHER_ROLE_ID },
},
})
const allRes = await request
.get(`/api/permission`)
.set(config.defaultHeaders())
.expect("Content-Type", /json/)
.expect(200)
expect(allRes.body[table._id]["write"]).toEqual(HIGHER_ROLE_ID)
expect(allRes.body[table._id]["read"]).toEqual(STD_ROLE_ID)
expect(allRes.body[table._id]["write"]).toEqual(HIGHER_ROLE_ID)
})
it("throw forbidden if the action is not allowed for the resource", async () => {
@ -260,4 +270,21 @@ describe("/permission", () => {
expect(publicPerm.name).toBeDefined()
})
})
describe("default permissions", () => {
it("legacy views", async () => {
const legacyView = await config.createLegacyView()
const res = await config.api.permission.get(legacyView.name)
expect(res.body).toEqual({
permissions: {
read: {
permissionType: "BASE",
role: "BASIC",
},
},
})
})
})
})

86
packages/server/src/api/routes/tests/row.spec.ts
View File

@ -1,11 +1,12 @@
import tk from "timekeeper"
import { outputProcessing } from "../../../utilities/rowProcessor"
import * as setup from "./utilities"
import { context, tenancy } from "@budibase/backend-core"
import { context, roles, tenancy } from "@budibase/backend-core"
import { quotas } from "@budibase/pro"
import {
FieldType,
MonthlyQuotaName,
PermissionLevel,
QuotaUsageType,
Row,
SortOrder,
@ -16,6 +17,7 @@ import {
import {
expectAnyInternalColsAttributes,
generator,
mocks,
structures,
} from "@budibase/backend-core/tests"
@ -37,6 +39,7 @@ describe("/rows", () => {
})
beforeEach(async () => {
mocks.licenses.useCloudFree()
table = await config.createTable()
row = basicRow(table._id!)
})
@ -670,7 +673,7 @@ describe("/rows", () => {
})
it("should be able to run on a view", async () => {
const view = await config.createView()
const view = await config.createLegacyView()
const row = await config.createRow()
const rowUsage = await getRowUsage()
const queryUsage = await getQueryUsage()
@ -1314,6 +1317,85 @@ describe("/rows", () => {
bookmark: expect.any(String),
})
})
describe("permissions", () => {
let viewId: string
let tableId: string
beforeAll(async () => {
const table = await config.createTable(userTable())
const rows = []
for (let i = 0; i < 10; i++) {
rows.push(await config.createRow({ tableId: table._id }))
}
const createViewResponse = await config.api.viewV2.create()
tableId = table._id!
viewId = createViewResponse.id
})
beforeEach(() => {
mocks.licenses.useViewPermissions()
})
it("does not allow public users to fetch by default", async () => {
await config.publish()
await config.api.viewV2.search(viewId, undefined, {
expectStatus: 403,
usePublicUser: true,
})
})
it("allow public users to fetch when permissions are explicit", async () => {
await config.api.permission.set({
roleId: roles.BUILTIN_ROLE_IDS.PUBLIC,
level: PermissionLevel.READ,
resourceId: viewId,
})
await config.publish()
const response = await config.api.viewV2.search(viewId, undefined, {
usePublicUser: true,
})
expect(response.body.rows).toHaveLength(10)
})
it("allow public users to fetch when permissions are inherited", async () => {
await config.api.permission.set({
roleId: roles.BUILTIN_ROLE_IDS.PUBLIC,
level: PermissionLevel.READ,
resourceId: tableId,
})
await config.publish()
const response = await config.api.viewV2.search(viewId, undefined, {
usePublicUser: true,
})
expect(response.body.rows).toHaveLength(10)
})
it("respects inherited permissions, not allowing not public views from public tables", async () => {
await config.api.permission.set({
roleId: roles.BUILTIN_ROLE_IDS.PUBLIC,
level: PermissionLevel.READ,
resourceId: tableId,
})
await config.api.permission.set({
roleId: roles.BUILTIN_ROLE_IDS.POWER,
level: PermissionLevel.READ,
resourceId: viewId,
})
await config.publish()
await config.api.viewV2.search(viewId, undefined, {
usePublicUser: true,
expectStatus: 403,
})
})
})
})
})
})

4
packages/server/src/api/routes/tests/table.spec.ts
View File

@ -87,7 +87,7 @@ describe("/tables", () => {
it("updates all the row fields for a table when a schema key is renamed", async () => {
const testTable = await config.createTable()
await config.createView({
await config.createLegacyView({
name: "TestView",
field: "Price",
calculation: "stats",
@ -254,7 +254,7 @@ describe("/tables", () => {
}))
await config.api.viewV2.create({ tableId })
await config.createView({ tableId, name: generator.guid() })
await config.createLegacyView({ tableId, name: generator.guid() })
const res = await config.api.table.fetch()

12
packages/server/src/api/routes/tests/view.spec.js
View File

@ -249,7 +249,7 @@ describe("/views", () => {
})
it("returns only custom views", async () => {
await config.createView({
await config.createLegacyView({
name: "TestView",
field: "Price",
calculation: "stats",
@ -267,7 +267,7 @@ describe("/views", () => {
describe("query", () => {
it("returns data for the created view", async () => {
await config.createView({
await config.createLegacyView({
name: "TestView",
field: "Price",
calculation: "stats",
@ -295,7 +295,7 @@ describe("/views", () => {
})
it("returns data for the created view using a group by", async () => {
await config.createView({
await config.createLegacyView({
calculation: "stats",
name: "TestView",
field: "Price",
@ -331,7 +331,7 @@ describe("/views", () => {
describe("destroy", () => {
it("should be able to delete a view", async () => {
const table = await config.createTable(priceTable())
const view = await config.createView()
const view = await config.createLegacyView()
const res = await request
.delete(`/api/views/${view.name}`)
.set(config.defaultHeaders())
@ -395,7 +395,7 @@ describe("/views", () => {
it("should be able to export a view as JSON", async () => {
let table = await setupExport()
const view = await config.createView()
const view = await config.createLegacyView()
table = await config.getTable(table._id)
let res = await exportView(view.name, "json")
@ -407,7 +407,7 @@ describe("/views", () => {
it("should be able to export a view as CSV", async () => {
let table = await setupExport()
const view = await config.createView()
const view = await config.createLegacyView()
table = await config.getTable(table._id)
let res = await exportView(view.name, "csv")

2
packages/server/src/api/routes/tests/viewV2.spec.ts
View File

@ -296,7 +296,7 @@ describe.each([
})
it("cannot update views v1", async () => {
const viewV1 = await config.createView()
const viewV1 = await config.createLegacyView()
await config.api.viewV2.update(
{
...viewV1,

10
packages/server/src/api/routes/view.ts
View File

@ -1,7 +1,7 @@
import Router from "@koa/router"
import * as viewController from "../controllers/view"
import * as rowController from "../controllers/row"
import authorized from "../../middleware/authorized"
import authorized, { authorizedResource } from "../../middleware/authorized"
import { paramResource } from "../../middleware/resourceId"
import { permissions } from "@budibase/backend-core"
@ -10,10 +10,10 @@ const router: Router = new Router()
router
.get(
"/api/v2/views/:viewId",
paramResource("viewId"),
authorized(
permissions.PermissionType.TABLE,
permissions.PermissionLevel.READ
authorizedResource(
permissions.PermissionType.VIEW,
permissions.PermissionLevel.READ,
"viewId"
),
viewController.v2.get
)

4
packages/server/src/automations/triggers.ts
View File

@ -6,11 +6,11 @@ import { isDevAppID } from "../db/utils"
// need this to call directly, so we can get a response
import { automationQueue } from "./bullboard"
import { checkTestFlag } from "../utilities/redis"
import * as utils from "./utils"
import env from "../environment"
import { context, db as dbCore } from "@budibase/backend-core"
import { Automation, Row, AutomationData, AutomationJob } from "@budibase/types"
import { executeSynchronously } from "../threads/automation"
import sdk from "../sdk"
export const TRIGGER_DEFINITIONS = definitions
const JOB_OPTS = {
@ -142,7 +142,7 @@ export async function rebootTrigger() {
let automations = await getAllAutomations()
let rebootEvents = []
for (let automation of automations) {
if (sdk.automations.isReboot(automation)) {
if (utils.isRebootTrigger(automation)) {
const job = {
automation,
event: {

67
packages/server/src/automations/utils.ts
View File

@ -17,17 +17,16 @@ import {
import sdk from "../sdk"
import { automationsEnabled } from "../features"
const REBOOT_CRON = "@reboot"
const WH_STEP_ID = definitions.WEBHOOK.stepId
const CRON_STEP_ID = definitions.CRON.stepId
let Runner: Thread
if (automationsEnabled()) {
Runner = new Thread(ThreadType.AUTOMATION)
}
function loggingArgs(
job: AutomationJob,
timing?: { start: number; complete?: boolean }
) {
const logs: any[] = [
function loggingArgs(job: AutomationJob) {
return [
{
_logKey: "automation",
trigger: job.data.automation.definition.trigger.event,
@ -37,53 +36,24 @@ function loggingArgs(
jobId: job.id,
},
]
if (timing?.start) {
logs.push({
_logKey: "startTime",
start: timing.start,
})
}
if (timing?.start && timing?.complete) {
const end = new Date().getTime()
const duration = end - timing.start
logs.push({
_logKey: "endTime",
end,
})
logs.push({
_logKey: "duration",
duration,
})
}
return logs
}
export async function processEvent(job: AutomationJob) {
const appId = job.data.event.appId!
const automationId = job.data.automation._id!
const start = new Date().getTime()
const task = async () => {
try {
// need to actually await these so that an error can be captured properly
console.log("automation running", ...loggingArgs(job, { start }))
console.log("automation running", ...loggingArgs(job))
const runFn = () => Runner.run(job)
const result = await quotas.addAutomation(runFn, {
automationId,
})
const end = new Date().getTime()
const duration = end - start
console.log(
"automation completed",
...loggingArgs(job, { start, complete: true })
)
console.log("automation completed", ...loggingArgs(job))
return result
} catch (err) {
console.error(
`automation was unable to run`,
err,
...loggingArgs(job, { start, complete: true })
)
console.error(`automation was unable to run`, err, ...loggingArgs(job))
return { err }
}
}
@ -163,6 +133,19 @@ export async function clearMetadata() {
await db.bulkDocs(automationMetadata)
}
export function isCronTrigger(auto: Automation) {
return (
auto &&
auto.definition.trigger &&
auto.definition.trigger.stepId === CRON_STEP_ID
)
}
export function isRebootTrigger(auto: Automation) {
const trigger = auto ? auto.definition.trigger : null
return isCronTrigger(auto) && trigger?.inputs.cron === REBOOT_CRON
}
/**
* This function handles checking of any cron jobs that need to be enabled/updated.
* @param {string} appId The ID of the app in which we are checking for webhooks
@ -170,14 +153,14 @@ export async function clearMetadata() {
*/
export async function enableCronTrigger(appId: any, automation: Automation) {
const trigger = automation ? automation.definition.trigger : null
const validCron = sdk.automations.isCron(automation) && trigger?.inputs.cron
const needsCreated =
!sdk.automations.isReboot(automation) &&
!sdk.automations.disabled(automation)
let enabled = false
// need to create cron job
if (validCron && needsCreated) {
if (
isCronTrigger(automation) &&
!isRebootTrigger(automation) &&
trigger?.inputs.cron
) {
// make a job id rather than letting Bull decide, makes it easier to handle on way out
const jobId = `${appId}_cron_${newid()}`
const job: any = await automationQueue.add(

63
packages/server/src/middleware/authorized.ts
View File

@ -6,11 +6,10 @@ import {
users,
} from "@budibase/backend-core"
import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types"
import { features } from "@budibase/pro"
import builderMiddleware from "./builder"
import { isWebhookEndpoint } from "./utils"
import { paramResource } from "./resourceId"
import { extractViewInfoFromID, isViewID } from "../db/utils"
import sdk from "../sdk"
function hasResource(ctx: any) {
return ctx.resourceId != null
@ -77,31 +76,6 @@ const checkAuthorizedResource = async (
}
}
const resourceIdTranformers: Partial<
Record<PermissionType, (ctx: UserCtx) => Promise<void>>
> = {
[PermissionType.VIEW]: async ctx => {
const { resourceId } = ctx
if (!resourceId) {
ctx.throw(400, `Cannot obtain the view id`)
return
}
if (!isViewID(resourceId)) {
ctx.throw(400, `"${resourceId}" is not a valid view id`)
return
}
if (await features.isViewPermissionEnabled()) {
ctx.subResourceId = ctx.resourceId
ctx.resourceId = extractViewInfoFromID(resourceId).tableId
} else {
ctx.resourceId = extractViewInfoFromID(resourceId).tableId
delete ctx.subResourceId
}
},
}
const authorized =
(
permType: PermissionType,
@ -121,8 +95,8 @@ const authorized =
}
// get the resource roles
let resourceRoles: any = []
let otherLevelRoles: any = []
let resourceRoles: string[] = []
let otherLevelRoles: string[] = []
const otherLevel =
permLevel === PermissionLevel.READ
? PermissionLevel.WRITE
@ -133,21 +107,28 @@ const authorized =
paramResource(resourcePath)(ctx, () => {})
}
if (resourceIdTranformers[permType]) {
await resourceIdTranformers[permType]!(ctx)
}
if (hasResource(ctx)) {
const { resourceId, subResourceId } = ctx
resourceRoles = await roles.getRequiredResourceRole(permLevel!, {
resourceId,
subResourceId,
})
const permissions = await sdk.permissions.getResourcePerms(resourceId)
const subPermissions =
!!subResourceId &&
(await sdk.permissions.getResourcePerms(subResourceId))
function getPermLevel(permLevel: string) {
let result: string[] = []
if (permissions[permLevel]) {
result.push(permissions[permLevel].role)
}
if (subPermissions && subPermissions[permLevel]) {
result.push(subPermissions[permLevel].role)
}
return result
}
resourceRoles = getPermLevel(permLevel!)
if (opts && opts.schema) {
otherLevelRoles = await roles.getRequiredResourceRole(otherLevel, {
resourceId,
subResourceId,
})
otherLevelRoles = getPermLevel(otherLevel!)
}
}

98
packages/server/src/middleware/tests/authorized.spec.ts
View File

@ -1,28 +1,20 @@
jest.mock("@budibase/backend-core", () => ({
...jest.requireActual("@budibase/backend-core"),
roles: {
...jest.requireActual("@budibase/backend-core").roles,
getRequiredResourceRole: jest.fn().mockResolvedValue([]),
},
}))
jest.mock("../../environment", () => ({
prod: false,
isTest: () => true,
// @ts-ignore
isProd: () => this.prod,
_set: function (_key: string, value: string) {
this.prod = value === "production"
},
jest.mock("../../sdk/app/permissions", () => ({
...jest.requireActual("../../sdk/app/permissions"),
getResourcePerms: jest.fn().mockResolvedValue([]),
}))
import { PermissionType, PermissionLevel } from "@budibase/types"
import {
PermissionType,
PermissionLevel,
PermissionSource,
} from "@budibase/types"
import authorizedMiddleware from "../authorized"
import env from "../../environment"
import { generateTableID, generateViewID } from "../../db/utils"
import { roles } from "@budibase/backend-core"
import { mocks } from "@budibase/backend-core/tests"
import { generator, mocks } from "@budibase/backend-core/tests"
import { initProMocks } from "../../tests/utilities/mocks/pro"
import { getResourcePerms } from "../../sdk/app/permissions"
const APP_ID = ""
@ -189,13 +181,10 @@ describe("Authorization middleware", () => {
)
})
describe("view type", () => {
const tableId = generateTableID()
const viewId = generateViewID(tableId)
const mockedGetRequiredResourceRole =
roles.getRequiredResourceRole as jest.MockedFunction<
typeof roles.getRequiredResourceRole
describe("with resource", () => {
let resourceId: string
const mockedGetResourcePerms = getResourcePerms as jest.MockedFunction<
typeof getResourcePerms
>
beforeEach(() => {
@ -203,9 +192,15 @@ describe("Authorization middleware", () => {
PermissionType.VIEW,
PermissionLevel.READ
)
config.setResourceId(viewId)
resourceId = generator.guid()
config.setResourceId(resourceId)
mockedGetRequiredResourceRole.mockResolvedValue(["PUBLIC"])
mockedGetResourcePerms.mockResolvedValue({
[PermissionLevel.READ]: {
role: "PUBLIC",
type: PermissionSource.BASE,
},
})
config.setUser({
_id: "user",
@ -215,57 +210,14 @@ describe("Authorization middleware", () => {
})
})
it("will ignore view permissions if flag is off", async () => {
it("will fetch resource permissions when resource is set", async () => {
await config.executeMiddleware()
expect(config.throw).not.toBeCalled()
expect(config.next).toHaveBeenCalled()
expect(mockedGetRequiredResourceRole).toBeCalledTimes(1)
expect(mockedGetRequiredResourceRole).toBeCalledWith(
PermissionLevel.READ,
expect.objectContaining({
resourceId: tableId,
subResourceId: undefined,
})
)
})
it("will use view permissions if flag is on", async () => {
mocks.licenses.useViewPermissions()
await config.executeMiddleware()
expect(config.throw).not.toBeCalled()
expect(config.next).toHaveBeenCalled()
expect(mockedGetRequiredResourceRole).toBeCalledTimes(1)
expect(mockedGetRequiredResourceRole).toBeCalledWith(
PermissionLevel.READ,
expect.objectContaining({
resourceId: tableId,
subResourceId: viewId,
})
)
})
it("throw an exception if the resource id is not provided", async () => {
config.setResourceId(undefined)
await config.executeMiddleware()
expect(config.throw).toHaveBeenNthCalledWith(
1,
400,
"Cannot obtain the view id"
)
})
it("throw an exception if the resource id is not a valid view id", async () => {
config.setResourceId(tableId)
await config.executeMiddleware()
expect(config.throw).toHaveBeenNthCalledWith(
1,
400,
`"${tableId}" is not a valid view id`
)
expect(mockedGetResourcePerms).toBeCalledTimes(1)
expect(mockedGetResourcePerms).toBeCalledWith(resourceId)
})
})
})

4
packages/server/src/migrations/tests/index.spec.ts
View File

@ -50,9 +50,9 @@ describe("migrations", () => {
await config.createRole()
await config.createRole()
await config.createTable()
await config.createView()
await config.createLegacyView()
await config.createTable()
await config.createView(structures.view(config.table!._id!))
await config.createLegacyView(structures.view(config.table!._id!))
await config.createScreen()
await config.createScreen()

38
packages/server/src/sdk/app/automations/automations.ts
View File

@ -1,38 +0,0 @@
import { context } from "@budibase/backend-core"
import { Automation, AutomationState, DocumentType } from "@budibase/types"
import { definitions } from "../../../automations/triggerInfo"
const REBOOT_CRON = "@reboot"
export async function exists(automationId: string) {
if (!automationId?.startsWith(DocumentType.AUTOMATION)) {
throw new Error("Invalid automation ID.")
}
const db = context.getAppDB()
return db.docExists(automationId)
}
export async function get(automationId: string) {
const db = context.getAppDB()
return (await db.get(automationId)) as Automation
}
export function disabled(automation: Automation) {
return automation.state === AutomationState.DISABLED || !hasSteps(automation)
}
export function isCron(automation: Automation) {
return (
automation?.definition.trigger &&
automation?.definition.trigger.stepId === definitions.CRON.stepId
)
}
export function isReboot(automation: Automation) {
const trigger = automation?.definition.trigger
return isCron(automation) && trigger?.inputs.cron === REBOOT_CRON
}
export function hasSteps(automation: Automation) {
return automation?.definition?.steps?.length > 0
}

2
packages/server/src/sdk/app/automations/index.ts
View File

@ -1,9 +1,7 @@
import * as webhook from "./webhook"
import * as utils from "./utils"
import * as automations from "./automations"
export default {
webhook,
utils,
...automations,
}

2
packages/server/src/sdk/app/backups/exports.ts
View File

@ -60,7 +60,7 @@ function tarFilesToTmp(tmpDir: string, files: string[]) {
export async function exportDB(
dbName: string,
opts: DBDumpOpts = {}
): Promise<DBDumpOpts> {
): Promise<string> {
const exportOpts = {
filter: opts?.filter,
batch_size: 1000,

122
packages/server/src/sdk/app/permissions/index.ts
View File

@ -1,10 +1,19 @@
import { db, env, roles } from "@budibase/backend-core"
import { features } from "@budibase/pro"
import {
DocumentType,
PermissionLevel,
PermissionSource,
PlanType,
VirtualDocumentType,
} from "@budibase/types"
import { isViewID } from "../../../db/utils"
import { features } from "@budibase/pro"
import { extractViewInfoFromID, isViewID } from "../../../db/utils"
import {
CURRENTLY_SUPPORTED_LEVELS,
getBasePermissions,
} from "../../../utilities/security"
import sdk from "../../../sdk"
import { isV2 } from "../views"
type ResourceActionAllowedResult =
| { allowed: true }
@ -35,3 +44,112 @@ export async function resourceActionAllowed({
resourceType: VirtualDocumentType.VIEW,
}
}
type ResourcePermissions = Record<
string,
{ role: string; type: PermissionSource }
>
export async function getInheritablePermissions(
resourceId: string
): Promise<ResourcePermissions | undefined> {
if (isViewID(resourceId)) {
return await getResourcePerms(extractViewInfoFromID(resourceId).tableId)
}
}
export async function allowsExplicitPermissions(resourceId: string) {
if (isViewID(resourceId)) {
const allowed = await features.isViewPermissionEnabled()
const minPlan = !allowed
? env.SELF_HOSTED
? PlanType.BUSINESS
: PlanType.PREMIUM
: undefined
return {
allowed,
minPlan,
}
}
return { allowed: true }
}
export async function getResourcePerms(
resourceId: string
): Promise<ResourcePermissions> {
const rolesList = await roles.getAllRoles()
let permissions: ResourcePermissions = {}
const permsToInherit = await getInheritablePermissions(resourceId)
const allowsExplicitPerm = (await allowsExplicitPermissions(resourceId))
.allowed
for (let level of CURRENTLY_SUPPORTED_LEVELS) {
// update the various roleIds in the resource permissions
for (let role of rolesList) {
const rolePerms = allowsExplicitPerm
? roles.checkForRoleResourceArray(role.permissions, resourceId)
: {}
if (rolePerms[resourceId]?.indexOf(level) > -1) {
permissions[level] = {
role: roles.getExternalRoleID(role._id!, role.version),
type: PermissionSource.EXPLICIT,
}
} else if (
!permissions[level] &&
permsToInherit &&
permsToInherit[level]
) {
permissions[level] = {
role: permsToInherit[level].role,
type: PermissionSource.INHERITED,
}
}
}
}
const basePermissions = Object.entries(
getBasePermissions(resourceId)
).reduce<ResourcePermissions>((p, [level, role]) => {
p[level] = { role, type: PermissionSource.BASE }
return p
}, {})
const result = Object.assign(basePermissions, permissions)
return result
}
export async function getDependantResources(
resourceId: string
): Promise<Record<string, number> | undefined> {
if (db.isTableId(resourceId)) {
const dependants: Record<string, Set<string>> = {}
const table = await sdk.tables.getTable(resourceId)
const views = Object.values(table.views || {})
for (const view of views) {
if (!isV2(view)) {
continue
}
const permissions = await getResourcePerms(view.id)
for (const [level, roleInfo] of Object.entries(permissions)) {
if (roleInfo.type === PermissionSource.INHERITED) {
dependants[VirtualDocumentType.VIEW] ??= new Set()
dependants[VirtualDocumentType.VIEW].add(view.id)
}
}
}
return Object.entries(dependants).reduce((p, [type, resources]) => {
p[type] = resources.size
return p
}, {} as Record<string, number>)
}
return
}

7
packages/server/src/tests/utilities/TestConfiguration.ts
View File

@ -10,7 +10,6 @@ mocks.licenses.useUnlimited()
import { init as dbInit } from "../../db"
dbInit()
import env from "../../environment"
import { env as coreEnv } from "@budibase/backend-core"
import {
basicTable,
basicRow,
@ -33,6 +32,7 @@ import {
encryption,
auth,
roles,
env as coreEnv,
} from "@budibase/backend-core"
import * as controllers from "./controllers"
import { cleanup } from "../../utilities/fileSystem"
@ -51,7 +51,6 @@ import {
UserRoles,
Automation,
} from "@budibase/types"
import { BUILTIN_ROLE_IDS } from "@budibase/backend-core/src/security/roles"
import API from "./api"
@ -317,7 +316,7 @@ class TestConfiguration {
}
}
async createGroup(roleId: string = BUILTIN_ROLE_IDS.BASIC) {
async createGroup(roleId: string = roles.BUILTIN_ROLE_IDS.BASIC) {
return context.doInTenant(this.tenantId!, async () => {
const baseGroup = structures.userGroups.userGroup()
baseGroup.roles = {
@ -622,7 +621,7 @@ class TestConfiguration {
// VIEW
async createView(config?: any) {
async createLegacyView(config?: any) {
if (!this.table) {
throw "Test requires table to be configured."
}

26
packages/server/src/threads/automation.ts
View File

@ -1,6 +1,5 @@
import { default as threadUtils } from "./utils"
import { Job } from "bull"
threadUtils.threadSetup()
import {
disableCronById,
isErrorInOutput,
@ -35,8 +34,8 @@ import { cloneDeep } from "lodash/fp"
import { performance } from "perf_hooks"
import * as sdkUtils from "../sdk/utils"
import env from "../environment"
import sdk from "../sdk"
threadUtils.threadSetup()
const FILTER_STEP_ID = actions.BUILTIN_ACTION_DEFINITIONS.FILTER.stepId
const LOOP_STEP_ID = actions.BUILTIN_ACTION_DEFINITIONS.LOOP.stepId
const CRON_STEP_ID = triggerDefs.CRON.stepId
@ -520,8 +519,7 @@ class Orchestrator {
export function execute(job: Job<AutomationData>, callback: WorkerCallback) {
const appId = job.data.event.appId
const automation = job.data.automation
const automationId = automation._id
const automationId = job.data.automation._id
if (!appId) {
throw new Error("Unable to execute, event doesn't contain app ID.")
}
@ -532,30 +530,10 @@ export function execute(job: Job<AutomationData>, callback: WorkerCallback) {
appId,
automationId,
task: async () => {
let automation = job.data.automation,
isCron = sdk.automations.isCron(job.data.automation),
notFound = false
try {
automation = await sdk.automations.get(automationId)
} catch (err: any) {
// automation no longer exists
notFound = err
}
const disabled = sdk.automations.disabled(automation)
const stopAutomation = disabled || notFound
const envVars = await sdkUtils.getEnvironmentVariables()
// put into automation thread for whole context
await context.doInEnvironmentContext(envVars, async () => {
const automationOrchestrator = new Orchestrator(job)
// hard stop on automations
if (isCron && stopAutomation) {
await automationOrchestrator.stopCron(
disabled ? "disabled" : "not_found"
)
}
if (stopAutomation) {
return
}
try {
const response = await automationOrchestrator.execute()
callback(null, response)

3
packages/server/src/utilities/security.ts
View File

@ -23,6 +23,9 @@ export function getPermissionType(resourceId: string) {
case DocumentType.QUERY:
case DocumentType.DATASOURCE:
return permissions.PermissionType.QUERY
default:
// legacy views don't have an ID, will end up here
return permissions.PermissionType.LEGACY_VIEW
}
}

1
packages/types/src/api/web/app/index.ts
View File

@ -4,3 +4,4 @@ export * from "./row"
export * from "./view"
export * from "./rows"
export * from "./table"
export * from "./permission"

16
packages/types/src/api/web/app/permission.ts Normal file
View File

@ -0,0 +1,16 @@
import { PlanType } from "../../../sdk"
export interface ResourcePermissionInfo {
role: string
permissionType: string
inheritablePermission?: string
}
export interface GetResourcePermsResponse {
permissions: Record<string, ResourcePermissionInfo>
requiresPlanToModify?: PlanType
}
export interface GetDependantResourcesResponse {
resourceByType?: Record<string, number>
}

5
packages/types/src/documents/app/automation.ts
View File

@ -100,10 +100,6 @@ export const AutomationStepIdArray = [
...Object.values(AutomationTriggerStepId),
]
export enum AutomationState {
DISABLED = "disabled",
}
export interface Automation extends Document {
definition: {
steps: AutomationStep[]
@ -116,7 +112,6 @@ export interface Automation extends Document {
name: string
internal?: boolean
type?: string
state?: AutomationState
}
interface BaseIOStructure {

6
packages/types/src/sdk/db.ts
View File

@ -40,11 +40,6 @@ export type DatabasePutOpts = {
force?: boolean
}
export type DocExistsResponse = {
_rev?: string
exists: boolean
}
export type DatabaseCreateIndexOpts = {
index: {
fields: string[]
@ -95,7 +90,6 @@ export interface Database {
exists(): Promise<boolean>
checkSetup(): Promise<Nano.DocumentScope<any>>
get<T>(id?: string): Promise<T>
docExists(id: string): Promise<DocExistsResponse>
remove(
id: string | Document,
rev?: string

7
packages/types/src/sdk/permissions.ts
View File

@ -16,4 +16,11 @@ export enum PermissionType {
GLOBAL_BUILDER = "globalBuilder",
QUERY = "query",
VIEW = "view",
LEGACY_VIEW = "legacy_view",
}
export enum PermissionSource {
EXPLICIT = "EXPLICIT",
INHERITED = "INHERITED",
BASE = "BASE",
}

30
packages/worker/src/api/controllers/global/users.ts
View File

@ -266,17 +266,14 @@ export const onboardUsers = async (ctx: Ctx<InviteUsersRequest>) => {
// Temp password to be passed to the user.
createdPasswords[invite.email] = password
let builder: { global: boolean; apps?: string[] } = { global: false }
if (invite.userInfo.appBuilders) {
builder.apps = invite.userInfo.appBuilders
}
return {
email: invite.email,
password,
forceResetPassword: true,
roles: invite.userInfo.apps,
admin: { global: false },
builder,
admin: invite.userInfo.admin,
builder: invite.userInfo.builder,
tenantId: tenancy.getTenantId(),
}
})
@ -371,13 +368,10 @@ export const updateInvite = async (ctx: any) => {
...invite,
}
if (!updateBody?.appBuilders || !updateBody.appBuilders?.length) {
updated.info.appBuilders = []
} else {
updated.info.appBuilders = [
...(invite.info.appBuilders ?? []),
...updateBody.appBuilders,
]
if (!updateBody?.builder?.apps && updated.info?.builder?.apps) {
updated.info.builder.apps = []
} else if (updateBody?.builder) {
updated.info.builder = updateBody.builder
}
if (!updateBody?.apps || !Object.keys(updateBody?.apps).length) {
@ -409,15 +403,17 @@ export const inviteAccept = async (
lastName,
password,
email,
admin: { global: info?.admin?.global || false },
roles: info.apps,
tenantId: info.tenantId,
}
let builder: { global: boolean; apps?: string[] } = { global: false }
let builder: { global: boolean; apps?: string[] } = {
global: info?.builder?.global || false,
}
if (info.appBuilders) {
builder.apps = info.appBuilders
if (info?.builder?.apps) {
builder.apps = info.builder.apps
request.builder = builder
delete info.appBuilders
}
delete info.apps
request = {

28
scripts/build.js
View File

@ -15,7 +15,11 @@ const { nodeExternalsPlugin } = require("esbuild-node-externals")
var argv = require("minimist")(process.argv.slice(2))
function runBuild(entry, outfile) {
function runBuild(
entry,
outfile,
opts = { skipMeta: false, bundle: true, silent: false }
) {
const isDev = process.env.NODE_ENV !== "production"
const tsconfig = argv["p"] || `tsconfig.build.json`
const tsconfigPathPluginContent = JSON.parse(
@ -36,12 +40,16 @@ function runBuild(entry, outfile) {
]
}
const metafile = !opts.skipMeta
const { bundle } = opts
const sharedConfig = {
entryPoints: [entry],
bundle: true,
bundle,
minify: !isDev,
sourcemap: isDev,
tsconfig,
format: opts?.forcedFormat,
plugins: [
TsconfigPathsPlugin({ tsconfig: tsconfigPathPluginContent }),
nodeExternalsPlugin(),
@ -50,15 +58,10 @@ function runBuild(entry, outfile) {
loader: {
".svelte": "copy",
},
metafile: true,
external: [
"deasync",
"mock-aws-s3",
"nock",
"pino",
"koa-pino-logger",
"bull",
],
metafile,
external: bundle
? ["deasync", "mock-aws-s3", "nock", "pino", "koa-pino-logger", "bull"]
: undefined,
}
build({
@ -71,16 +74,19 @@ function runBuild(entry, outfile) {
fs.copyFileSync(file, `${process.cwd()}/dist/${path.basename(file)}`)
}
!opts.silent &&
console.log(
"\x1b[32m%s\x1b[0m",
`Build successfully in ${(Date.now() - start) / 1000} seconds`
)
})
if (metafile) {
fs.writeFileSync(
`dist/${path.basename(outfile)}.meta.json`,
JSON.stringify(result.metafile)
)
}
})
}

89
scripts/link-dependencies.sh
View File

@ -1,89 +0,0 @@
echo "Linking backend-core"
cd packages/backend-core
yarn unlink
yarn link
cd -
echo "Linking string-templates"
cd packages/string-templates
yarn unlink
yarn link
cd -
echo "Linking types"
cd packages/types
yarn unlink
yarn link
cd -
echo "Linking bbui"
cd packages/bbui
yarn unlink
yarn link
cd -
echo "Linking frontend-core"
cd packages/frontend-core
yarn unlink
yarn link
cd -
echo "Linking shared-core"
cd packages/shared-core
yarn unlink
yarn link
cd -
if [ -d packages/pro/src ]; then
pro_loaded_locally=true
else
pro_loaded_locally=false
fi
if [ $pro_loaded_locally = true ]; then
echo "Linking pro"
cd packages/pro
yarn unlink
yarn link
cd -
fi
if [ -d "../account-portal" ]; then
cd ../account-portal
echo "Bootstrapping account-portal"
yarn bootstrap
cd packages/server
echo "Linking backend-core to account-portal (server)"
yarn link "@budibase/backend-core"
echo "Linking string-templates to account-portal (server)"
yarn link "@budibase/string-templates"
echo "Linking types to account-portal (server)"
yarn link "@budibase/types"
echo "Linking shared-core to account-portal (server)"
yarn link "@budibase/shared-core"
if [ $pro_loaded_locally = true ]; then
echo "Linking pro to account-portal (server)"
yarn link "@budibase/pro"
fi
cd ../ui
echo "Linking bbui to account-portal (ui)"
yarn link "@budibase/bbui"
echo "Linking shared-core to account-portal (ui)"
yarn link "@budibase/shared-core"
echo "Linking string-templates to account-portal (ui)"
yarn link "@budibase/string-templates"
echo "Linking types to account-portal (ui)"
yarn link "@budibase/types"
echo "Linking frontend-core to account-portal (ui)"
yarn link "@budibase/frontend-core"
fi

16
scripts/scopeBackend.sh
View File

@ -1,16 +0,0 @@
#!/bin/bash
# Define the packages
PACKAGES=("@budibase/backend-core" "@budibase/worker" "@budibase/server" "@budibase/string-templates" "@budibase/types" "@budibase/shared-core")
# Generate the scope arguments
SCOPE_ARGS=""
for PACKAGE in "${PACKAGES[@]}"; do
SCOPE_ARGS+="--scope $PACKAGE "
done
# Run the commands with the scope arguments
for COMMAND in "$@"; do
echo "Running: $COMMAND $SCOPE_ARGS"
yarn $COMMAND $SCOPE_ARGS
done