Merge pull request #11769 from Budibase/fix/BUDI-7258
Don't allow adding new users to user metadata table within apps
This commit is contained in:
commit
3588984af2
|
@ -72,6 +72,11 @@ export const save = async (ctx: UserCtx<Row, Row>) => {
|
||||||
const tableId = utils.getTableId(ctx)
|
const tableId = utils.getTableId(ctx)
|
||||||
const body = ctx.request.body
|
const body = ctx.request.body
|
||||||
|
|
||||||
|
// user metadata doesn't exist yet - don't allow creation
|
||||||
|
if (utils.isUserMetadataTable(tableId) && !body._rev) {
|
||||||
|
ctx.throw(400, "Cannot create new user entry.")
|
||||||
|
}
|
||||||
|
|
||||||
// if it has an ID already then its a patch
|
// if it has an ID already then its a patch
|
||||||
if (body && body._id) {
|
if (body && body._id) {
|
||||||
return patch(ctx as UserCtx<PatchRowRequest, PatchRowResponse>)
|
return patch(ctx as UserCtx<PatchRowRequest, PatchRowResponse>)
|
||||||
|
|
|
@ -146,3 +146,36 @@ export async function validate({
|
||||||
}
|
}
|
||||||
return { valid: Object.keys(errors).length === 0, errors }
|
return { valid: Object.keys(errors).length === 0, errors }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// don't do a pure falsy check, as 0 is included
|
||||||
|
// https://github.com/Budibase/budibase/issues/10118
|
||||||
|
export function removeEmptyFilters(filters: SearchFilters) {
|
||||||
|
for (let filterField of NoEmptyFilterStrings) {
|
||||||
|
if (!filters[filterField]) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
for (let filterType of Object.keys(filters)) {
|
||||||
|
if (filterType !== filterField) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
// don't know which one we're checking, type could be anything
|
||||||
|
const value = filters[filterType] as unknown
|
||||||
|
if (typeof value === "object") {
|
||||||
|
for (let [key, value] of Object.entries(
|
||||||
|
filters[filterType] as object
|
||||||
|
)) {
|
||||||
|
if (value == null || value === "") {
|
||||||
|
// @ts-ignore
|
||||||
|
delete filters[filterField][key]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return filters
|
||||||
|
}
|
||||||
|
|
||||||
|
export function isUserMetadataTable(tableId: string) {
|
||||||
|
return tableId === InternalTables.USER_METADATA
|
||||||
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@ import { databaseTestProviders } from "../../../integrations/tests/utils"
|
||||||
import tk from "timekeeper"
|
import tk from "timekeeper"
|
||||||
import { outputProcessing } from "../../../utilities/rowProcessor"
|
import { outputProcessing } from "../../../utilities/rowProcessor"
|
||||||
import * as setup from "./utilities"
|
import * as setup from "./utilities"
|
||||||
import { context, roles, tenancy } from "@budibase/backend-core"
|
import { context, InternalTable, roles, tenancy } from "@budibase/backend-core"
|
||||||
import { quotas } from "@budibase/pro"
|
import { quotas } from "@budibase/pro"
|
||||||
import {
|
import {
|
||||||
FieldType,
|
FieldType,
|
||||||
|
@ -1415,6 +1415,23 @@ describe.each([
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
isInternal &&
|
||||||
|
it("doesn't allow creating in user table", async () => {
|
||||||
|
const userTableId = InternalTable.USER_METADATA
|
||||||
|
const response = await config.api.row.save(
|
||||||
|
userTableId,
|
||||||
|
{
|
||||||
|
tableId: userTableId,
|
||||||
|
firstName: "Joe",
|
||||||
|
lastName: "Joe",
|
||||||
|
email: "joe@joe.com",
|
||||||
|
roles: {},
|
||||||
|
},
|
||||||
|
{ expectStatus: 400 }
|
||||||
|
)
|
||||||
|
expect(response.message).toBe("Cannot create new user entry.")
|
||||||
|
})
|
||||||
|
|
||||||
describe("permissions", () => {
|
describe("permissions", () => {
|
||||||
let viewId: string
|
let viewId: string
|
||||||
let tableId: string
|
let tableId: string
|
||||||
|
|
Loading…
Reference in New Issue