From 55685e83fb8af3eb6ef8c01811903748e8ef185b Mon Sep 17 00:00:00 2001
From: mike12345567 <me@michaeldrury.co.uk>
Date: Fri, 23 Sep 2022 17:45:26 +0100
Subject: [PATCH] Fixing a few issues with roles being correctly reverted.

---
 packages/server/src/api/controllers/auth.ts | 10 ++--------
 packages/server/src/utilities/global.js     |  3 ++-
 packages/server/src/utilities/users.js      |  5 ++++-
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/packages/server/src/api/controllers/auth.ts b/packages/server/src/api/controllers/auth.ts
index 3a5e44c8bb..ef2cb29385 100644
--- a/packages/server/src/api/controllers/auth.ts
+++ b/packages/server/src/api/controllers/auth.ts
@@ -23,13 +23,13 @@ export async function fetchSelf(ctx: any) {
     return
   }
 
+  const appId = context.getAppId()
   const user = await getFullUser(ctx, userId)
   // this shouldn't be returned by the app self
   delete user.roles
   // forward the csrf token from the session
   user.csrfToken = ctx.user.csrfToken
 
-  const appId = context.getAppId()
   if (appId) {
     const db = context.getAppDB()
     // check for group permissions
@@ -41,14 +41,8 @@ export async function fetchSelf(ctx: any) {
     delete user.roles
     try {
       const userTable = await db.get(InternalTables.USER_METADATA)
-      const metadata = await db.get(userId)
-      // make sure there is never a stale csrf token
-      delete metadata.csrfToken
       // specifically needs to make sure is enriched
-      ctx.body = await outputProcessing(userTable, {
-        ...user,
-        ...metadata,
-      })
+      ctx.body = await outputProcessing(userTable, user)
     } catch (err: any) {
       let response
       // user didn't exist in app, don't pretend they do
diff --git a/packages/server/src/utilities/global.js b/packages/server/src/utilities/global.js
index 3a2c7dff41..6d82f79ce2 100644
--- a/packages/server/src/utilities/global.js
+++ b/packages/server/src/utilities/global.js
@@ -75,8 +75,9 @@ exports.getRawGlobalUser = async userId => {
 }
 
 exports.getGlobalUser = async userId => {
+  const appId = getAppId()
   let user = await exports.getRawGlobalUser(userId)
-  return processUser(user)
+  return processUser(user, { appId })
 }
 
 exports.getGlobalUsers = async (users = null) => {
diff --git a/packages/server/src/utilities/users.js b/packages/server/src/utilities/users.js
index e769441322..44a57f23e7 100644
--- a/packages/server/src/utilities/users.js
+++ b/packages/server/src/utilities/users.js
@@ -2,6 +2,7 @@ const { InternalTables } = require("../db/utils")
 const { getGlobalUser } = require("../utilities/global")
 const { getAppDB } = require("@budibase/backend-core/context")
 const { getProdAppID } = require("@budibase/backend-core/db")
+const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
 
 exports.getFullUser = async (ctx, userId) => {
   const global = await getGlobalUser(userId)
@@ -15,9 +16,11 @@ exports.getFullUser = async (ctx, userId) => {
     delete global._id
     delete global._rev
   }
+  delete metadata.csrfToken
   return {
-    ...global,
     ...metadata,
+    ...global,
+    roleId: global.roleId || BUILTIN_ROLE_IDS.PUBLIC,
     tableId: InternalTables.USER_METADATA,
     // make sure the ID is always a local ID, not a global one
     _id: userId,