diff --git a/packages/builder/src/pages/builder/portal/manage/auth/_layout.svelte b/packages/builder/src/pages/builder/portal/manage/auth/_layout.svelte
index f9c2067a94..12cbf48b22 100644
--- a/packages/builder/src/pages/builder/portal/manage/auth/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/manage/auth/_layout.svelte
@@ -1,5 +1,12 @@
diff --git a/packages/builder/src/pages/builder/portal/manage/email/_layout.svelte b/packages/builder/src/pages/builder/portal/manage/email/_layout.svelte
index 188f0bb016..22e786bcb9 100644
--- a/packages/builder/src/pages/builder/portal/manage/email/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/manage/email/_layout.svelte
@@ -1,5 +1,12 @@
diff --git a/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte b/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte
index b9cfe1cc7d..983b31168c 100644
--- a/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte
+++ b/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte
@@ -129,10 +129,10 @@
{/if}
diff --git a/packages/builder/src/pages/builder/portal/manage/users/_layout.svelte b/packages/builder/src/pages/builder/portal/manage/users/_layout.svelte
index f9c2067a94..8b8295d2a3 100644
--- a/packages/builder/src/pages/builder/portal/manage/users/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/manage/users/_layout.svelte
@@ -1,5 +1,12 @@
diff --git a/packages/builder/src/pages/builder/portal/settings/index.svelte b/packages/builder/src/pages/builder/portal/settings/index.svelte
index 9e264e0583..57825a095b 100644
--- a/packages/builder/src/pages/builder/portal/settings/index.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/index.svelte
@@ -1,4 +1,4 @@
diff --git a/packages/builder/src/pages/builder/portal/settings/organisation.svelte b/packages/builder/src/pages/builder/portal/settings/organisation.svelte
index ec278fa0e4..938e48039e 100644
--- a/packages/builder/src/pages/builder/portal/settings/organisation.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/organisation.svelte
@@ -11,10 +11,16 @@
Dropzone,
notifications,
} from "@budibase/bbui"
- import { organisation } from "stores/portal"
+ import { auth, organisation } from "stores/portal"
import { post } from "builderStore/api"
import analytics from "analytics"
import { writable } from "svelte/store"
+ import { redirect } from "@roxi/routify"
+
+ // only admins allowed here
+ if (!$auth.isAdmin) {
+ $redirect("../../portal")
+ }
const values = writable({
analytics: !analytics.disabled(),
diff --git a/packages/builder/src/stores/portal/auth.js b/packages/builder/src/stores/portal/auth.js
index 517aad9fc4..d0739f2a0f 100644
--- a/packages/builder/src/stores/portal/auth.js
+++ b/packages/builder/src/stores/portal/auth.js
@@ -5,19 +5,27 @@ export function createAuthStore() {
const user = writable(null)
const store = derived(user, $user => {
let initials = null
+ let isAdmin = false
+ let isBuilder = false
if ($user) {
if ($user.firstName) {
initials = $user.firstName[0]
if ($user.lastName) {
initials += $user.lastName[0]
}
- } else {
+ } else if ($user.email) {
initials = $user.email[0]
+ } else {
+ initials = "Unknown"
}
+ isAdmin = !!$user.admin?.global
+ isBuilder = !!$user.builder?.global
}
return {
user: $user,
initials,
+ isAdmin,
+ isBuilder,
}
})
@@ -29,6 +37,7 @@ export function createAuthStore() {
user.set(null)
} else {
const json = await response.json()
+ console.log(json)
user.set(json)
}
},
diff --git a/packages/worker/src/api/routes/admin/users.js b/packages/worker/src/api/routes/admin/users.js
index 6a6654f5e6..f334f05e7d 100644
--- a/packages/worker/src/api/routes/admin/users.js
+++ b/packages/worker/src/api/routes/admin/users.js
@@ -56,7 +56,6 @@ router
)
.get("/api/admin/users", adminOnly, controller.fetch)
.delete("/api/admin/users/:id", adminOnly, controller.destroy)
- .get("/api/admin/users/:id", adminOnly, controller.find)
.get("/api/admin/roles/:appId")
.post(
"/api/admin/users/invite",
@@ -77,5 +76,7 @@ router
)
.post("/api/admin/users/init", controller.adminUser)
.get("/api/admin/users/self", controller.getSelf)
+ // admin endpoint but needs to come at end (blocks other endpoints otherwise)
+ .get("/api/admin/users/:id", adminOnly, controller.find)
module.exports = router
diff --git a/packages/worker/src/middleware/adminOnly.js b/packages/worker/src/middleware/adminOnly.js
index 8f56eb7943..4bfdf83848 100644
--- a/packages/worker/src/middleware/adminOnly.js
+++ b/packages/worker/src/middleware/adminOnly.js
@@ -1,5 +1,8 @@
module.exports = async (ctx, next) => {
- if (!ctx.internal && (!ctx.user || !ctx.user.admin || !ctx.user.admin.global)) {
+ if (
+ !ctx.internal &&
+ (!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
+ ) {
ctx.throw(403, "Admin user only endpoint.")
}
return next()