MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix for an issue found with custom role naming.

This commit is contained in:
mike12345567 2024-10-10 16:13:32 +01:00
parent f0d52f2ea0
commit 5f4694d4d8
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/backend-core/src/security/roles.ts
View File

@ -435,7 +435,9 @@ export function getExternalRoleID(roleId: string, version?: string) {
roleId.startsWith(DocumentType.ROLE) && roleId.startsWith(DocumentType.ROLE) &&
(isBuiltin(roleId) || version === RoleIDVersion.NAME) (isBuiltin(roleId) || version === RoleIDVersion.NAME)
) { ) {
return roleId.split(`${DocumentType.ROLE}${SEPARATOR}`)[1] const parts = roleId.split(SEPARATOR)
parts.shift()
return parts.join(SEPARATOR)
} }
return roleId return roleId
} }

6
packages/server/src/api/routes/tests/role.spec.js
View File

@ -161,7 +161,7 @@ describe("/roles", () => {
it("should not fetch higher level accessible roles when a custom role header is provided", async () => { it("should not fetch higher level accessible roles when a custom role header is provided", async () => {
await createRole({ await createRole({
name: `CUSTOM_ROLE`, name: `custom_role_1`,
inherits: roles.BUILTIN_ROLE_IDS.BASIC, inherits: roles.BUILTIN_ROLE_IDS.BASIC,
permissionId: permissions.BuiltinPermissionID.READ_ONLY, permissionId: permissions.BuiltinPermissionID.READ_ONLY,
version: "name", version: "name",
@ -170,11 +170,11 @@ describe("/roles", () => {
.get("/api/roles/accessible") .get("/api/roles/accessible")
.set({ .set({
...config.defaultHeaders(), ...config.defaultHeaders(),
"x-budibase-role": "CUSTOM_ROLE", "x-budibase-role": "custom_role_1",
}) })
.expect(200) .expect(200)
expect(res.body.length).toBe(3) expect(res.body.length).toBe(3)
expect(res.body[0]).toBe("CUSTOM_ROLE") expect(res.body[0]).toBe("custom_role_1")
expect(res.body[1]).toBe("BASIC") expect(res.body[1]).toBe("BASIC")
expect(res.body[2]).toBe("PUBLIC") expect(res.body[2]).toBe("PUBLIC")
}) })