Some other minor changes to fully support the per app builder from groups, making sure middlewares are properly aware.
This commit is contained in:
parent
656870db8b
commit
3395a5b96b
|
@ -4,6 +4,8 @@ import * as context from "../context"
|
||||||
import * as platform from "../platform"
|
import * as platform from "../platform"
|
||||||
import env from "../environment"
|
import env from "../environment"
|
||||||
import * as accounts from "../accounts"
|
import * as accounts from "../accounts"
|
||||||
|
import { UserDB } from "../users"
|
||||||
|
import { sdk } from "@budibase/shared-core"
|
||||||
|
|
||||||
const EXPIRY_SECONDS = 3600
|
const EXPIRY_SECONDS = 3600
|
||||||
|
|
||||||
|
@ -60,6 +62,18 @@ export async function getUser(
|
||||||
// make sure the tenant ID is always correct/set
|
// make sure the tenant ID is always correct/set
|
||||||
user.tenantId = tenantId
|
user.tenantId = tenantId
|
||||||
}
|
}
|
||||||
|
// if has groups, could have builder permissions granted by a group
|
||||||
|
if (user.userGroups && !sdk.users.isGlobalBuilder(user)) {
|
||||||
|
await context.doInTenant(tenantId, async () => {
|
||||||
|
const appIds = await UserDB.getGroupBuilderAppIds(user)
|
||||||
|
if (appIds.length) {
|
||||||
|
const existing = user.builder?.apps || []
|
||||||
|
user.builder = {
|
||||||
|
apps: [...new Set(existing.concat(appIds))],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
return user
|
return user
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,11 +5,12 @@ import env from "../environment"
|
||||||
|
|
||||||
export default async (ctx: UserCtx, next: any) => {
|
export default async (ctx: UserCtx, next: any) => {
|
||||||
const appId = getAppId()
|
const appId = getAppId()
|
||||||
const builderFn = env.isWorker()
|
const builderFn =
|
||||||
? hasBuilderPermissions
|
env.isWorker() || !appId
|
||||||
: env.isApps()
|
? hasBuilderPermissions
|
||||||
? isBuilder
|
: env.isApps()
|
||||||
: undefined
|
? isBuilder
|
||||||
|
: undefined
|
||||||
if (!builderFn) {
|
if (!builderFn) {
|
||||||
throw new Error("Service name unknown - middleware inactive.")
|
throw new Error("Service name unknown - middleware inactive.")
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,11 +5,12 @@ import env from "../environment"
|
||||||
|
|
||||||
export default async (ctx: UserCtx, next: any) => {
|
export default async (ctx: UserCtx, next: any) => {
|
||||||
const appId = getAppId()
|
const appId = getAppId()
|
||||||
const builderFn = env.isWorker()
|
const builderFn =
|
||||||
? hasBuilderPermissions
|
env.isWorker() || !appId
|
||||||
: env.isApps()
|
? hasBuilderPermissions
|
||||||
? isBuilder
|
: env.isApps()
|
||||||
: undefined
|
? isBuilder
|
||||||
|
: undefined
|
||||||
if (!builderFn) {
|
if (!builderFn) {
|
||||||
throw new Error("Service name unknown - middleware inactive.")
|
throw new Error("Service name unknown - middleware inactive.")
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,6 +20,8 @@ import {
|
||||||
SaveUserOpts,
|
SaveUserOpts,
|
||||||
User,
|
User,
|
||||||
UserStatus,
|
UserStatus,
|
||||||
|
UserGroup,
|
||||||
|
ContextUser,
|
||||||
} from "@budibase/types"
|
} from "@budibase/types"
|
||||||
import {
|
import {
|
||||||
getAccountHolderFromUserIds,
|
getAccountHolderFromUserIds,
|
||||||
|
@ -32,8 +34,14 @@ import { hash } from "../utils"
|
||||||
type QuotaUpdateFn = (change: number, cb?: () => Promise<any>) => Promise<any>
|
type QuotaUpdateFn = (change: number, cb?: () => Promise<any>) => Promise<any>
|
||||||
type GroupUpdateFn = (groupId: string, userIds: string[]) => Promise<any>
|
type GroupUpdateFn = (groupId: string, userIds: string[]) => Promise<any>
|
||||||
type FeatureFn = () => Promise<Boolean>
|
type FeatureFn = () => Promise<Boolean>
|
||||||
|
type GroupGetFn = (ids: string[]) => Promise<UserGroup[]>
|
||||||
|
type GroupBuildersFn = (user: User) => Promise<string[]>
|
||||||
type QuotaFns = { addUsers: QuotaUpdateFn; removeUsers: QuotaUpdateFn }
|
type QuotaFns = { addUsers: QuotaUpdateFn; removeUsers: QuotaUpdateFn }
|
||||||
type GroupFns = { addUsers: GroupUpdateFn }
|
type GroupFns = {
|
||||||
|
addUsers: GroupUpdateFn
|
||||||
|
getBulk: GroupGetFn
|
||||||
|
getGroupBuilderAppIds: GroupBuildersFn
|
||||||
|
}
|
||||||
type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }
|
type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }
|
||||||
|
|
||||||
const bulkDeleteProcessing = async (dbUser: User) => {
|
const bulkDeleteProcessing = async (dbUser: User) => {
|
||||||
|
@ -465,4 +473,12 @@ export class UserDB {
|
||||||
await cache.user.invalidateUser(userId)
|
await cache.user.invalidateUser(userId)
|
||||||
await sessions.invalidateSessions(userId, { reason: "deletion" })
|
await sessions.invalidateSessions(userId, { reason: "deletion" })
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static async getGroups(groupIds: string[]) {
|
||||||
|
return await this.groups.getBulk(groupIds)
|
||||||
|
}
|
||||||
|
|
||||||
|
static async getGroupBuilderAppIds(user: User) {
|
||||||
|
return await this.groups.getGroupBuilderAppIds(user)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,7 +38,8 @@ export async function processUser(
|
||||||
: await groups.getBulk(user.userGroups)
|
: await groups.getBulk(user.userGroups)
|
||||||
}
|
}
|
||||||
// check if a group provides builder access
|
// check if a group provides builder access
|
||||||
const builderAppIds = await groups.getGroupBuilderAppIds(user, appId, {
|
const builderAppIds = await groups.getGroupBuilderAppIds(user, {
|
||||||
|
appId,
|
||||||
groups: groupList,
|
groups: groupList,
|
||||||
})
|
})
|
||||||
if (builderAppIds.length && !users.isBuilder(user, appId)) {
|
if (builderAppIds.length && !users.isBuilder(user, appId)) {
|
||||||
|
|
Loading…
Reference in New Issue