Minor update to make use of new client header to state the request is from the client, not the builder.

This commit is contained in:
Michael Drury 2020-11-19 20:16:37 +00:00
parent 21a9840b8b
commit 7fb26408cf
4 changed files with 15 additions and 15 deletions

View File

@ -62,11 +62,10 @@ exports.fetch = async ctx => {
exports.clientFetch = async ctx => {
const routing = await getRoutingStructure(ctx.appId)
const accessLevelId = ctx.user.accessLevel._id
let accessLevelId = ctx.user.accessLevel._id
// builder is a special case, always return the full routing structure
if (accessLevelId === BUILTIN_LEVEL_IDS.BUILDER) {
ctx.body = routing
return
accessLevelId = BUILTIN_LEVEL_IDS.ADMIN
}
const accessLevelIds = await getUserAccessLevelHierarchy(
ctx.appId,

View File

@ -1,9 +1,9 @@
const jwt = require("jsonwebtoken")
const STATUS_CODES = require("../utilities/statusCodes")
const { getAccessLevel } = require("../utilities/security/accessLevels")
const { getAccessLevel, BUILTIN_LEVELS } = require("../utilities/security/accessLevels")
const env = require("../environment")
const { AuthTypes } = require("../constants")
const { getAppId, getCookieName, setCookie } = require("../utilities")
const { getAppId, getCookieName, setCookie, isClient } = require("../utilities")
module.exports = async (ctx, next) => {
if (ctx.path === "/_builder") {
@ -21,17 +21,13 @@ module.exports = async (ctx, next) => {
appId = cookieAppId
}
const appToken = ctx.cookies.get(getCookieName(appId))
const builderToken = ctx.cookies.get(getCookieName())
let token
// if running locally in the builder itself
if (!env.CLOUD && !appToken) {
token = builderToken
ctx.auth.authenticated = AuthTypes.BUILDER
} else {
token = appToken
if (isClient(ctx)) {
ctx.auth.authenticated = AuthTypes.APP
token = ctx.cookies.get(getCookieName(appId))
} else {
ctx.auth.authenticated = AuthTypes.BUILDER
token = ctx.cookies.get(getCookieName())
}
if (!token) {
@ -39,6 +35,7 @@ module.exports = async (ctx, next) => {
ctx.appId = appId
ctx.user = {
appId,
accessLevel: BUILTIN_LEVELS.PUBLIC,
}
await next()
return

View File

@ -70,3 +70,7 @@ exports.setCookie = (ctx, name, value) => {
overwrite: true,
})
}
exports.isClient = ctx => {
return ctx.headers["x-budibase-type"] === "client"
}

View File

@ -21,7 +21,7 @@ exports.BUILTIN_LEVELS = {
ADMIN: new AccessLevel(BUILTIN_IDS.ADMIN, "Admin", BUILTIN_IDS.POWER),
POWER: new AccessLevel(BUILTIN_IDS.POWER, "Power", BUILTIN_IDS.BASIC),
BASIC: new AccessLevel(BUILTIN_IDS.BASIC, "Basic", BUILTIN_IDS.PUBLIC),
ANON: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
PUBLIC: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
BUILDER: new AccessLevel(BUILTIN_IDS.BUILDER, "Builder"),
}