From b0bb2a23dbbafa7d5002ab6be8e755989ed1079a Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 14 Jun 2021 15:23:24 +0100 Subject: [PATCH 1/5] Fix for #1710 - don't allow setting setting info from within apps and making the user portal a bit more clear about builders being global admins. --- .../DataTable/modals/CreateEditUser.svelte | 1 + .../builder/portal/manage/users/[userId].svelte | 15 ++++++++++----- packages/server/src/utilities/global.js | 14 +++++++------- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditUser.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditUser.svelte index 62985d4285..32f369ce3d 100644 --- a/packages/builder/src/components/backend/DataTable/modals/CreateEditUser.svelte +++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditUser.svelte @@ -104,6 +104,7 @@ options={$roles} getOptionLabel={role => role.name} getOptionValue={role => role._id} + disabled={!creating} /> {#each customSchemaKeys as [key, meta]} {#if !meta.autocolumn} diff --git a/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte b/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte index 983b31168c..8c5ffeb79f 100644 --- a/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte +++ b/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte @@ -33,12 +33,17 @@ role: {}, } + $: defaultRoleId = $userFetch?.data?.builder?.global ? "ADMIN" : "" + $: console.log(defaultRoleId) // Merge the Apps list and the roles response to get something that makes sense for the table - $: appList = Object.keys($apps?.data).map(id => ({ - ...$apps?.data?.[id], - _id: id, - role: [$userFetch?.data?.roles?.[id]], - })) + $: appList = Object.keys($apps?.data).map(id => { + const role = $userFetch?.data?.roles?.[id] || defaultRoleId + return { + ...$apps?.data?.[id], + _id: id, + role: [role], + } + }) let selectedApp const userFetch = fetchData(`/api/admin/users/${userId}`) diff --git a/packages/server/src/utilities/global.js b/packages/server/src/utilities/global.js index eda0e61cff..17ce066551 100644 --- a/packages/server/src/utilities/global.js +++ b/packages/server/src/utilities/global.js @@ -12,14 +12,14 @@ exports.updateAppRole = (appId, user) => { if (!user.roles) { return user } - if (user.builder && user.builder.global) { + + // always use the deployed app + user.roleId = user.roles[getDeployedAppID(appId)] + // if a role wasn't found then either set as admin (builder) or public (everyone else) + if (!user.roleId && user.builder && user.builder.global) { user.roleId = BUILTIN_ROLE_IDS.ADMIN - } else { - // always use the deployed app - user.roleId = user.roles[getDeployedAppID(appId)] - if (!user.roleId) { - user.roleId = BUILTIN_ROLE_IDS.PUBLIC - } + } else if (!user.roleId) { + user.roleId = BUILTIN_ROLE_IDS.PUBLIC } delete user.roles return user From 142dd9b214edcb6c2aeb0e9d26463fc91903ccd5 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 14 Jun 2021 15:29:14 +0100 Subject: [PATCH 2/5] Removing the ability to set a role ID from within an app. --- packages/server/src/api/controllers/user.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/packages/server/src/api/controllers/user.js b/packages/server/src/api/controllers/user.js index a7dcc190ba..4a00c16426 100644 --- a/packages/server/src/api/controllers/user.js +++ b/packages/server/src/api/controllers/user.js @@ -53,9 +53,6 @@ exports.updateMetadata = async function (ctx) { const appId = ctx.appId const db = new CouchDB(appId) const user = removeGlobalProps(ctx.request.body) - if (user.roleId) { - await addAppRoleToUser(ctx, appId, user.roleId, user._id) - } const metadata = { tableId: InternalTables.USER_METADATA, ...user, From 253cdce67d138243b801b91f8aea1f8c12131957 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 14 Jun 2021 15:32:24 +0100 Subject: [PATCH 3/5] Linting. --- packages/server/src/api/controllers/user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/server/src/api/controllers/user.js b/packages/server/src/api/controllers/user.js index 4a00c16426..6778f983c2 100644 --- a/packages/server/src/api/controllers/user.js +++ b/packages/server/src/api/controllers/user.js @@ -4,7 +4,6 @@ const { getUserMetadataParams, } = require("../../db/utils") const { InternalTables } = require("../../db/utils") -const { addAppRoleToUser } = require("../../utilities/workerRequests") const { getGlobalUsers } = require("../../utilities/global") const { getFullUser } = require("../../utilities/users") From f55e82ec04475997e29205035414033f38f48e3c Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Tue, 15 Jun 2021 13:05:31 +0100 Subject: [PATCH 4/5] Removing log statement. --- .../src/pages/builder/portal/manage/users/[userId].svelte | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte b/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte index 8c5ffeb79f..ac5b569411 100644 --- a/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte +++ b/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte @@ -34,7 +34,6 @@ } $: defaultRoleId = $userFetch?.data?.builder?.global ? "ADMIN" : "" - $: console.log(defaultRoleId) // Merge the Apps list and the roles response to get something that makes sense for the table $: appList = Object.keys($apps?.data).map(id => { const role = $userFetch?.data?.roles?.[id] || defaultRoleId From 290cf987046266016c93b53ece0db49189ab5720 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Tue, 15 Jun 2021 13:22:38 +0100 Subject: [PATCH 5/5] Adding longer timeout for real email tests. --- packages/worker/src/api/routes/tests/realEmail.spec.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/worker/src/api/routes/tests/realEmail.spec.js b/packages/worker/src/api/routes/tests/realEmail.spec.js index e87c5d5bf5..8c23141a53 100644 --- a/packages/worker/src/api/routes/tests/realEmail.spec.js +++ b/packages/worker/src/api/routes/tests/realEmail.spec.js @@ -3,6 +3,9 @@ const { EmailTemplatePurpose } = require("../../../constants") const nodemailer = require("nodemailer") const fetch = require("node-fetch") +// need a longer timeout for getting these +jest.setTimeout(30000) + describe("/api/admin/email", () => { let request = setup.getRequest() let config = setup.getConfig()