Merge branch 'fix/builder-roles' of github.com:Budibase/budibase into feature/opinionated-sql

lerna.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.9.24",
+  "version": "0.9.25",
   "npmClient": "yarn",
   "packages": [
     "packages/*"

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/auth",
-  "version": "0.9.24",
+  "version": "0.9.25",
   "description": "Authentication middlewares for budibase builder and apps",
   "main": "src/index.js",
   "author": "Budibase",

packages/auth/src/objectStore/index.js

@@ -159,7 +159,7 @@ exports.upload = async ({
  * Similar to the upload function but can be used to send a file stream
  * through to the object store.
  */
-exports.streamUpload = async (bucketName, filename, stream) => {
+exports.streamUpload = async (bucketName, filename, stream, extra = {}) => {
   const objectStore = exports.ObjectStore(bucketName)
   await exports.makeSureBucketExists(objectStore, bucketName)
 
@@ -167,6 +167,7 @@ exports.streamUpload = async (bucketName, filename, stream) => {
     Bucket: sanitizeBucket(bucketName),
     Key: sanitizeKey(filename),
     Body: stream,
+    ...extra,
   }
   return objectStore.upload(params).promise()
 }

packages/auth/src/security/roles.js

@@ -13,7 +13,6 @@ const BUILTIN_IDS = {
   POWER: "POWER",
   BASIC: "BASIC",
   PUBLIC: "PUBLIC",
-  BUILDER: "BUILDER",
 }
 
 // exclude internal roles like builder

packages/bbui/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/bbui",
   "description": "A UI solution used in the different Budibase projects.",
-  "version": "0.9.24",
+  "version": "0.9.25",
   "license": "AGPL-3.0",
   "svelte": "src/index.js",
   "module": "dist/bbui.es.js",

packages/builder/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/builder",
-  "version": "0.9.24",
+  "version": "0.9.25",
   "license": "AGPL-3.0",
   "private": true,
   "scripts": {
@@ -65,10 +65,10 @@
     }
   },
   "dependencies": {
-    "@budibase/bbui": "^0.9.24",
-    "@budibase/client": "^0.9.24",
+    "@budibase/bbui": "^0.9.25",
+    "@budibase/client": "^0.9.25",
     "@budibase/colorpicker": "1.1.2",
-    "@budibase/string-templates": "^0.9.24",
+    "@budibase/string-templates": "^0.9.25",
     "@sentry/browser": "5.19.1",
     "@spectrum-css/page": "^3.0.1",
     "@spectrum-css/vars": "^3.0.1",

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/cli",
-  "version": "0.9.24",
+  "version": "0.9.25",
   "description": "Budibase CLI, for developers, self hosting and migrations.",
   "main": "src/index.js",
   "bin": {

packages/client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/client",
-  "version": "0.9.24",
+  "version": "0.9.25",
   "license": "MPL-2.0",
   "module": "dist/budibase-client.js",
   "main": "dist/budibase-client.js",
@@ -18,13 +18,13 @@
     "dev:builder": "rollup -cw"
   },
   "dependencies": {
-    "@budibase/string-templates": "^0.9.24",
+    "@budibase/string-templates": "^0.9.25",
     "regexparam": "^1.3.0",
     "shortid": "^2.2.15",
     "svelte-spa-router": "^3.0.5"
   },
   "devDependencies": {
-    "@budibase/standard-components": "^0.9.24",
+    "@budibase/standard-components": "^0.9.25",
     "@rollup/plugin-commonjs": "^18.0.0",
     "@rollup/plugin-node-resolve": "^11.2.1",
     "fs-extra": "^8.1.0",

packages/server/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/server",
   "email": "hi@budibase.com",
-  "version": "0.9.24",
+  "version": "0.9.25",
   "description": "Budibase Web Server",
   "main": "src/electron.js",
   "repository": {
@@ -55,9 +55,9 @@
   "author": "Budibase",
   "license": "AGPL-3.0-or-later",
   "dependencies": {
-    "@budibase/auth": "^0.9.24",
-    "@budibase/client": "^0.9.24",
-    "@budibase/string-templates": "^0.9.24",
+    "@budibase/auth": "^0.9.25",
+    "@budibase/client": "^0.9.25",
+    "@budibase/string-templates": "^0.9.25",
     "@elastic/elasticsearch": "7.10.0",
     "@koa/router": "8.0.0",
     "@sendgrid/mail": "7.1.1",
@@ -110,7 +110,7 @@
   "devDependencies": {
     "@babel/core": "^7.14.3",
     "@babel/preset-env": "^7.14.4",
-    "@budibase/standard-components": "^0.9.24",
+    "@budibase/standard-components": "^0.9.25",
     "@jest/test-sequencer": "^24.8.0",
     "babel-jest": "^27.0.2",
     "docker-compose": "^0.23.6",

packages/server/src/api/controllers/auth.js

@@ -5,7 +5,7 @@ const { getFullUser } = require("../../utilities/users")
 
 exports.fetchSelf = async ctx => {
   const appId = ctx.appId
-  const { userId } = ctx.user
+  let userId = ctx.user.userId || ctx.user._id
   /* istanbul ignore next */
   if (!userId) {
     ctx.body = {}

packages/server/src/api/controllers/routing.js

@@ -63,10 +63,6 @@ exports.fetch = async ctx => {
 exports.clientFetch = async ctx => {
   const routing = await getRoutingStructure(ctx.appId)
   let roleId = ctx.user.role._id
-  // builder is a special case, always return the full routing structure
-  if (roleId === BUILTIN_ROLE_IDS.BUILDER) {
-    roleId = BUILTIN_ROLE_IDS.ADMIN
-  }
   const roleIds = await getUserRoleHierarchy(ctx.appId, roleId)
   for (let topLevel of Object.values(routing.routes)) {
     for (let subpathKey of Object.keys(topLevel.subpaths)) {

packages/server/src/api/controllers/static/templates/BudibaseApp.svelte

@@ -31,7 +31,6 @@
       margin: 0;
       padding: 0;
     }
-
     *,
     *:before,
     *:after {
@@ -41,9 +40,9 @@
 </svelte:head>
 
 <body id="app">
-  <script src={clientLibPath}>
+  <script type="application/javascript" src={clientLibPath}>
   </script>
-  <script>
+  <script type="application/javascript">
     loadBudibase()
   </script>
 </body>

packages/server/src/api/controllers/user.js

@@ -4,7 +4,6 @@ const {
   getUserMetadataParams,
 } = require("../../db/utils")
 const { InternalTables } = require("../../db/utils")
-const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
 const {
   getGlobalUsers,
   addAppRoleToUser,
@@ -47,10 +46,6 @@ exports.fetchMetadata = async function (ctx) {
 exports.updateSelfMetadata = async function (ctx) {
   // overwrite the ID with current users
   ctx.request.body._id = ctx.user._id
-  if (ctx.user.builder && ctx.user.builder.global) {
-    // specific case, update self role in global user
-    await addAppRoleToUser(ctx, ctx.appId, BUILTIN_ROLE_IDS.ADMIN)
-  }
   // make sure no stale rev
   delete ctx.request.body._rev
   await exports.updateMetadata(ctx)

packages/server/src/api/routes/tests/routing.spec.js

@@ -28,9 +28,7 @@ describe("/routing", () => {
     it("returns the correct routing for basic user", async () => {
       workerRequests.getGlobalUsers.mockImplementationOnce((ctx, appId) => {
         return {
-          roles: {
-            [appId]: BUILTIN_ROLE_IDS.BASIC,
-          }
+          roleId: BUILTIN_ROLE_IDS.BASIC,
         }
       })
       const res = await request

packages/server/src/api/routes/tests/utilities/TestFunctions.js

@@ -2,6 +2,7 @@ const rowController = require("../../../controllers/row")
 const appController = require("../../../controllers/application")
 const CouchDB = require("../../../../db")
 const { AppStatus } = require("../../../../db/utils")
+const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
 
 function Request(appId, params) {
   this.appId = appId
@@ -77,11 +78,17 @@ exports.checkPermissionsEndpoint = async ({
     .set(passHeader)
     .expect(200)
 
-  user = await config.createUser("fail@budibase.com", password, failRole)
-  const failHeader = await config.login("fail@budibase.com", password, {
-    roleId: failRole,
-    userId: user.globalId,
-  })
+  let failHeader
+  if (failRole === BUILTIN_ROLE_IDS.PUBLIC) {
+    failHeader = config.publicHeaders()
+  } else {
+    user = await config.createUser("fail@budibase.com", password, failRole)
+    failHeader = await config.login("fail@budibase.com", password, {
+      roleId: failRole,
+      userId: user.globalId,
+      builder: false,
+    })
+  }
 
   await exports
     .createRequest(config.request, method, url, body)

packages/server/src/middleware/currentapp.js

@@ -33,7 +33,7 @@ module.exports = async (ctx, next) => {
     updateCookie = true
     appId = requestAppId
     // retrieving global user gets the right role
-    roleId = globalUser.roleId
+    roleId = globalUser.roleId || BUILTIN_ROLE_IDS.PUBLIC
   } else if (appCookie != null) {
     appId = appCookie.appId
     roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC

packages/server/src/tests/utilities/TestConfiguration.js

@@ -101,7 +101,7 @@ class TestConfiguration {
       userId: GLOBAL_USER_ID,
     }
     const app = {
-      roleId: BUILTIN_ROLE_IDS.BUILDER,
+      roleId: BUILTIN_ROLE_IDS.ADMIN,
       appId: this.appId,
     }
     const authToken = jwt.sign(auth, env.JWT_SECRET)
@@ -306,12 +306,9 @@ class TestConfiguration {
     return await this._req(config, null, controllers.layout.save)
   }
 
-  async createUser(roleId = BUILTIN_ROLE_IDS.POWER) {
+  async createUser() {
     const globalId = `us_${Math.random()}`
-    const resp = await this.globalUser(
-      globalId,
-      roleId === BUILTIN_ROLE_IDS.BUILDER
-    )
+    const resp = await this.globalUser(globalId)
     return {
       ...resp,
       globalId,
@@ -319,7 +316,6 @@ class TestConfiguration {
   }
 
   async login(email, password, { roleId, userId, builder } = {}) {
-    roleId = !roleId ? BUILTIN_ROLE_IDS.BUILDER : roleId
     userId = !userId ? `us_uuid1` : userId
     if (!this.request) {
       throw "Server has not been opened, cannot login."

packages/server/src/utilities/fileSystem/newApp.js

@@ -30,5 +30,7 @@ exports.uploadClientLibrary = async appId => {
   const sourcepath = require.resolve("@budibase/client")
   const destPath = join(appId, "budibase-client.js")
 
-  await streamUpload(BUCKET_NAME, destPath, fs.createReadStream(sourcepath))
+  await streamUpload(BUCKET_NAME, destPath, fs.createReadStream(sourcepath), {
+    ContentType: "application/javascript",
+  })
 }

packages/server/src/utilities/workerRequests.js

@@ -9,19 +9,26 @@ function getAppRole(appId, user) {
   if (!user.roles) {
     return user
   }
-  // always use the deployed app
-  user.roleId = user.roles[getDeployedAppID(appId)]
-  if (!user.roleId) {
-    user.roleId = BUILTIN_ROLE_IDS.PUBLIC
+  if (user.builder && user.builder.global) {
+    user.roleId = BUILTIN_ROLE_IDS.ADMIN
+  } else {
+    // always use the deployed app
+    user.roleId = user.roles[getDeployedAppID(appId)]
+    if (!user.roleId) {
+      user.roleId = BUILTIN_ROLE_IDS.PUBLIC
+    }
   }
   delete user.roles
   return user
 }
 
-function request(ctx, request) {
+function request(ctx, request, noApiKey) {
   if (!request.headers) {
     request.headers = {}
   }
+  if (!noApiKey) {
+    request.headers["x-budibase-api-key"] = env.INTERNAL_API_KEY
+  }
   if (request.body && Object.keys(request.body).length > 0) {
     request.headers["Content-Type"] = "application/json"
     request.body =
@@ -44,9 +51,6 @@ exports.sendSmtpEmail = async (to, from, subject, contents) => {
     checkSlashesInUrl(env.WORKER_URL + `/api/admin/email/send`),
     request(null, {
       method: "POST",
-      headers: {
-        "x-budibase-api-key": env.INTERNAL_API_KEY,
-      },
       body: {
         email: to,
         from,
@@ -86,16 +90,6 @@ exports.getDeployedApps = async ctx => {
   }
 }
 
-exports.deleteGlobalUser = async (ctx, globalId) => {
-  const endpoint = `/api/admin/users/${globalId}`
-  const reqCfg = { method: "DELETE" }
-  const response = await fetch(
-    checkSlashesInUrl(env.WORKER_URL + endpoint),
-    request(ctx, reqCfg)
-  )
-  return response.json()
-}
-
 exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {
   const endpoint = globalId
     ? `/api/admin/users/${globalId}`
@@ -121,7 +115,8 @@ exports.getGlobalSelf = async (ctx, appId = null) => {
   const endpoint = `/api/admin/users/self`
   const response = await fetch(
     checkSlashesInUrl(env.WORKER_URL + endpoint),
-    request(ctx, { method: "GET" })
+    // we don't want to use API key when getting self
+    request(ctx, { method: "GET" }, true)
   )
   if (response.status !== 200) {
     ctx.throw(400, "Unable to get self globally.")
@@ -172,9 +167,6 @@ exports.removeAppFromUserRoles = async appId => {
     checkSlashesInUrl(env.WORKER_URL + `/api/admin/roles/${deployedAppId}`),
     request(null, {
       method: "DELETE",
-      headers: {
-        "x-budibase-api-key": env.INTERNAL_API_KEY,
-      },
     })
   )
   if (response.status !== 200) {

packages/standard-components/package.json

@@ -29,11 +29,11 @@
   "keywords": [
     "svelte"
   ],
-  "version": "0.9.24",
+  "version": "0.9.25",
   "license": "MIT",
   "gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc",
   "dependencies": {
-    "@budibase/bbui": "^0.9.24",
+    "@budibase/bbui": "^0.9.25",
     "@spectrum-css/page": "^3.0.1",
     "@spectrum-css/vars": "^3.0.1",
     "apexcharts": "^3.22.1",

packages/string-templates/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/string-templates",
-  "version": "0.9.24",
+  "version": "0.9.25",
   "description": "Handlebars wrapper for Budibase templating.",
   "main": "src/index.cjs",
   "module": "dist/bundle.mjs",

packages/worker/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/worker",
   "email": "hi@budibase.com",
-  "version": "0.9.24",
+  "version": "0.9.25",
   "description": "Budibase background service",
   "main": "src/index.js",
   "repository": {
@@ -21,8 +21,8 @@
   "author": "Budibase",
   "license": "AGPL-3.0-or-later",
   "dependencies": {
-    "@budibase/auth": "^0.9.24",
-    "@budibase/string-templates": "^0.9.24",
+    "@budibase/auth": "^0.9.25",
+    "@budibase/string-templates": "^0.9.25",
     "@koa/router": "^8.0.0",
     "aws-sdk": "^2.811.0",
     "bcryptjs": "^2.4.3",