Merge branch 'master' into default-view-permissions-taylor-version
This commit is contained in:
commit
52069f429f
|
@ -17,11 +17,8 @@ import {
|
||||||
ContextUser,
|
ContextUser,
|
||||||
CouchFindOptions,
|
CouchFindOptions,
|
||||||
DatabaseQueryOpts,
|
DatabaseQueryOpts,
|
||||||
SearchFilters,
|
|
||||||
SearchUsersRequest,
|
SearchUsersRequest,
|
||||||
User,
|
User,
|
||||||
BasicOperator,
|
|
||||||
ArrayOperator,
|
|
||||||
} from "@budibase/types"
|
} from "@budibase/types"
|
||||||
import * as context from "../context"
|
import * as context from "../context"
|
||||||
import { getGlobalDB } from "../context"
|
import { getGlobalDB } from "../context"
|
||||||
|
@ -45,32 +42,6 @@ function removeUserPassword(users: User | User[]) {
|
||||||
return users
|
return users
|
||||||
}
|
}
|
||||||
|
|
||||||
export function isSupportedUserSearch(query: SearchFilters) {
|
|
||||||
const allowed = [
|
|
||||||
{ op: BasicOperator.STRING, key: "email" },
|
|
||||||
{ op: BasicOperator.EQUAL, key: "_id" },
|
|
||||||
{ op: ArrayOperator.ONE_OF, key: "_id" },
|
|
||||||
]
|
|
||||||
for (let [key, operation] of Object.entries(query)) {
|
|
||||||
if (typeof operation !== "object") {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
const fields = Object.keys(operation || {})
|
|
||||||
// this filter doesn't contain options - ignore
|
|
||||||
if (fields.length === 0) {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
const allowedOperation = allowed.find(
|
|
||||||
allow =>
|
|
||||||
allow.op === key && fields.length === 1 && fields[0] === allow.key
|
|
||||||
)
|
|
||||||
if (!allowedOperation) {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
export async function bulkGetGlobalUsersById(
|
export async function bulkGetGlobalUsersById(
|
||||||
userIds: string[],
|
userIds: string[],
|
||||||
opts?: GetOpts
|
opts?: GetOpts
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
import { ArrayOperator, BasicOperator, SearchFilters } from "@budibase/types"
|
||||||
import * as Constants from "./constants"
|
import * as Constants from "./constants"
|
||||||
|
|
||||||
export function unreachable(
|
export function unreachable(
|
||||||
|
@ -77,3 +78,29 @@ export function trimOtherProps(object: any, allowedProps: string[]) {
|
||||||
)
|
)
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export function isSupportedUserSearch(query: SearchFilters) {
|
||||||
|
const allowed = [
|
||||||
|
{ op: BasicOperator.STRING, key: "email" },
|
||||||
|
{ op: BasicOperator.EQUAL, key: "_id" },
|
||||||
|
{ op: ArrayOperator.ONE_OF, key: "_id" },
|
||||||
|
]
|
||||||
|
for (let [key, operation] of Object.entries(query)) {
|
||||||
|
if (typeof operation !== "object") {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
const fields = Object.keys(operation || {})
|
||||||
|
// this filter doesn't contain options - ignore
|
||||||
|
if (fields.length === 0) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
const allowedOperation = allowed.find(
|
||||||
|
allow =>
|
||||||
|
allow.op === key && fields.length === 1 && fields[0] === allow.key
|
||||||
|
)
|
||||||
|
if (!allowedOperation) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
|
@ -37,7 +37,7 @@ import {
|
||||||
} from "@budibase/backend-core"
|
} from "@budibase/backend-core"
|
||||||
import { checkAnyUserExists } from "../../../utilities/users"
|
import { checkAnyUserExists } from "../../../utilities/users"
|
||||||
import { isEmailConfigured } from "../../../utilities/email"
|
import { isEmailConfigured } from "../../../utilities/email"
|
||||||
import { BpmStatusKey, BpmStatusValue } from "@budibase/shared-core"
|
import { BpmStatusKey, BpmStatusValue, utils } from "@budibase/shared-core"
|
||||||
|
|
||||||
const MAX_USERS_UPLOAD_LIMIT = 1000
|
const MAX_USERS_UPLOAD_LIMIT = 1000
|
||||||
|
|
||||||
|
@ -256,7 +256,7 @@ export const search = async (ctx: Ctx<SearchUsersRequest>) => {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Validate we aren't trying to search on any illegal fields
|
// Validate we aren't trying to search on any illegal fields
|
||||||
if (!userSdk.core.isSupportedUserSearch(body.query)) {
|
if (!utils.isSupportedUserSearch(body.query)) {
|
||||||
ctx.throw(400, "Can only search by string.email, equal._id or oneOf._id")
|
ctx.throw(400, "Can only search by string.email, equal._id or oneOf._id")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue