Merge branch 'master' into default-view-permissions-taylor-version
This commit is contained in:
commit
52069f429f
|
@ -17,11 +17,8 @@ import {
|
|||
ContextUser,
|
||||
CouchFindOptions,
|
||||
DatabaseQueryOpts,
|
||||
SearchFilters,
|
||||
SearchUsersRequest,
|
||||
User,
|
||||
BasicOperator,
|
||||
ArrayOperator,
|
||||
} from "@budibase/types"
|
||||
import * as context from "../context"
|
||||
import { getGlobalDB } from "../context"
|
||||
|
@ -45,32 +42,6 @@ function removeUserPassword(users: User | User[]) {
|
|||
return users
|
||||
}
|
||||
|
||||
export function isSupportedUserSearch(query: SearchFilters) {
|
||||
const allowed = [
|
||||
{ op: BasicOperator.STRING, key: "email" },
|
||||
{ op: BasicOperator.EQUAL, key: "_id" },
|
||||
{ op: ArrayOperator.ONE_OF, key: "_id" },
|
||||
]
|
||||
for (let [key, operation] of Object.entries(query)) {
|
||||
if (typeof operation !== "object") {
|
||||
return false
|
||||
}
|
||||
const fields = Object.keys(operation || {})
|
||||
// this filter doesn't contain options - ignore
|
||||
if (fields.length === 0) {
|
||||
continue
|
||||
}
|
||||
const allowedOperation = allowed.find(
|
||||
allow =>
|
||||
allow.op === key && fields.length === 1 && fields[0] === allow.key
|
||||
)
|
||||
if (!allowedOperation) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
export async function bulkGetGlobalUsersById(
|
||||
userIds: string[],
|
||||
opts?: GetOpts
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import { ArrayOperator, BasicOperator, SearchFilters } from "@budibase/types"
|
||||
import * as Constants from "./constants"
|
||||
|
||||
export function unreachable(
|
||||
|
@ -77,3 +78,29 @@ export function trimOtherProps(object: any, allowedProps: string[]) {
|
|||
)
|
||||
return result
|
||||
}
|
||||
|
||||
export function isSupportedUserSearch(query: SearchFilters) {
|
||||
const allowed = [
|
||||
{ op: BasicOperator.STRING, key: "email" },
|
||||
{ op: BasicOperator.EQUAL, key: "_id" },
|
||||
{ op: ArrayOperator.ONE_OF, key: "_id" },
|
||||
]
|
||||
for (let [key, operation] of Object.entries(query)) {
|
||||
if (typeof operation !== "object") {
|
||||
return false
|
||||
}
|
||||
const fields = Object.keys(operation || {})
|
||||
// this filter doesn't contain options - ignore
|
||||
if (fields.length === 0) {
|
||||
continue
|
||||
}
|
||||
const allowedOperation = allowed.find(
|
||||
allow =>
|
||||
allow.op === key && fields.length === 1 && fields[0] === allow.key
|
||||
)
|
||||
if (!allowedOperation) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
|
|
@ -37,7 +37,7 @@ import {
|
|||
} from "@budibase/backend-core"
|
||||
import { checkAnyUserExists } from "../../../utilities/users"
|
||||
import { isEmailConfigured } from "../../../utilities/email"
|
||||
import { BpmStatusKey, BpmStatusValue } from "@budibase/shared-core"
|
||||
import { BpmStatusKey, BpmStatusValue, utils } from "@budibase/shared-core"
|
||||
|
||||
const MAX_USERS_UPLOAD_LIMIT = 1000
|
||||
|
||||
|
@ -256,7 +256,7 @@ export const search = async (ctx: Ctx<SearchUsersRequest>) => {
|
|||
}
|
||||
}
|
||||
// Validate we aren't trying to search on any illegal fields
|
||||
if (!userSdk.core.isSupportedUserSearch(body.query)) {
|
||||
if (!utils.isSupportedUserSearch(body.query)) {
|
||||
ctx.throw(400, "Can only search by string.email, equal._id or oneOf._id")
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue