diff --git a/lerna.json b/lerna.json
index cdd9b1316c..146b4bee75 100644
--- a/lerna.json
+++ b/lerna.json
@@ -1,5 +1,5 @@
{
- "version": "0.9.24",
+ "version": "0.9.25",
"npmClient": "yarn",
"packages": [
"packages/*"
diff --git a/packages/auth/package.json b/packages/auth/package.json
index dd66ac16fe..75be8583be 100644
--- a/packages/auth/package.json
+++ b/packages/auth/package.json
@@ -1,6 +1,6 @@
{
"name": "@budibase/auth",
- "version": "0.9.24",
+ "version": "0.9.25",
"description": "Authentication middlewares for budibase builder and apps",
"main": "src/index.js",
"author": "Budibase",
diff --git a/packages/auth/src/objectStore/index.js b/packages/auth/src/objectStore/index.js
index a157332ae5..80875fdfee 100644
--- a/packages/auth/src/objectStore/index.js
+++ b/packages/auth/src/objectStore/index.js
@@ -159,7 +159,7 @@ exports.upload = async ({
* Similar to the upload function but can be used to send a file stream
* through to the object store.
*/
-exports.streamUpload = async (bucketName, filename, stream) => {
+exports.streamUpload = async (bucketName, filename, stream, extra = {}) => {
const objectStore = exports.ObjectStore(bucketName)
await exports.makeSureBucketExists(objectStore, bucketName)
@@ -167,6 +167,7 @@ exports.streamUpload = async (bucketName, filename, stream) => {
Bucket: sanitizeBucket(bucketName),
Key: sanitizeKey(filename),
Body: stream,
+ ...extra,
}
return objectStore.upload(params).promise()
}
diff --git a/packages/auth/src/security/roles.js b/packages/auth/src/security/roles.js
index d652c25b00..53e1b90d73 100644
--- a/packages/auth/src/security/roles.js
+++ b/packages/auth/src/security/roles.js
@@ -13,7 +13,6 @@ const BUILTIN_IDS = {
POWER: "POWER",
BASIC: "BASIC",
PUBLIC: "PUBLIC",
- BUILDER: "BUILDER",
}
// exclude internal roles like builder
diff --git a/packages/bbui/package.json b/packages/bbui/package.json
index 550a4cd4c1..cd6fb44f1b 100644
--- a/packages/bbui/package.json
+++ b/packages/bbui/package.json
@@ -1,7 +1,7 @@
{
"name": "@budibase/bbui",
"description": "A UI solution used in the different Budibase projects.",
- "version": "0.9.24",
+ "version": "0.9.25",
"license": "AGPL-3.0",
"svelte": "src/index.js",
"module": "dist/bbui.es.js",
diff --git a/packages/builder/package.json b/packages/builder/package.json
index 4ea92961e5..a713ff3516 100644
--- a/packages/builder/package.json
+++ b/packages/builder/package.json
@@ -1,6 +1,6 @@
{
"name": "@budibase/builder",
- "version": "0.9.24",
+ "version": "0.9.25",
"license": "AGPL-3.0",
"private": true,
"scripts": {
@@ -65,10 +65,10 @@
}
},
"dependencies": {
- "@budibase/bbui": "^0.9.24",
- "@budibase/client": "^0.9.24",
+ "@budibase/bbui": "^0.9.25",
+ "@budibase/client": "^0.9.25",
"@budibase/colorpicker": "1.1.2",
- "@budibase/string-templates": "^0.9.24",
+ "@budibase/string-templates": "^0.9.25",
"@sentry/browser": "5.19.1",
"@spectrum-css/page": "^3.0.1",
"@spectrum-css/vars": "^3.0.1",
diff --git a/packages/cli/package.json b/packages/cli/package.json
index cc4287c5b1..584416a9e7 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,6 +1,6 @@
{
"name": "@budibase/cli",
- "version": "0.9.24",
+ "version": "0.9.25",
"description": "Budibase CLI, for developers, self hosting and migrations.",
"main": "src/index.js",
"bin": {
diff --git a/packages/client/package.json b/packages/client/package.json
index 89e192a6d1..7452014c4e 100644
--- a/packages/client/package.json
+++ b/packages/client/package.json
@@ -1,6 +1,6 @@
{
"name": "@budibase/client",
- "version": "0.9.24",
+ "version": "0.9.25",
"license": "MPL-2.0",
"module": "dist/budibase-client.js",
"main": "dist/budibase-client.js",
@@ -18,13 +18,13 @@
"dev:builder": "rollup -cw"
},
"dependencies": {
- "@budibase/string-templates": "^0.9.24",
+ "@budibase/string-templates": "^0.9.25",
"regexparam": "^1.3.0",
"shortid": "^2.2.15",
"svelte-spa-router": "^3.0.5"
},
"devDependencies": {
- "@budibase/standard-components": "^0.9.24",
+ "@budibase/standard-components": "^0.9.25",
"@rollup/plugin-commonjs": "^18.0.0",
"@rollup/plugin-node-resolve": "^11.2.1",
"fs-extra": "^8.1.0",
diff --git a/packages/server/package.json b/packages/server/package.json
index 2c7b619a3a..18fe05f5c8 100644
--- a/packages/server/package.json
+++ b/packages/server/package.json
@@ -1,7 +1,7 @@
{
"name": "@budibase/server",
"email": "hi@budibase.com",
- "version": "0.9.24",
+ "version": "0.9.25",
"description": "Budibase Web Server",
"main": "src/electron.js",
"repository": {
@@ -55,9 +55,9 @@
"author": "Budibase",
"license": "AGPL-3.0-or-later",
"dependencies": {
- "@budibase/auth": "^0.9.24",
- "@budibase/client": "^0.9.24",
- "@budibase/string-templates": "^0.9.24",
+ "@budibase/auth": "^0.9.25",
+ "@budibase/client": "^0.9.25",
+ "@budibase/string-templates": "^0.9.25",
"@elastic/elasticsearch": "7.10.0",
"@koa/router": "8.0.0",
"@sendgrid/mail": "7.1.1",
@@ -110,7 +110,7 @@
"devDependencies": {
"@babel/core": "^7.14.3",
"@babel/preset-env": "^7.14.4",
- "@budibase/standard-components": "^0.9.24",
+ "@budibase/standard-components": "^0.9.25",
"@jest/test-sequencer": "^24.8.0",
"babel-jest": "^27.0.2",
"docker-compose": "^0.23.6",
diff --git a/packages/server/src/api/controllers/auth.js b/packages/server/src/api/controllers/auth.js
index 92d731cfbb..da863f5493 100644
--- a/packages/server/src/api/controllers/auth.js
+++ b/packages/server/src/api/controllers/auth.js
@@ -5,7 +5,7 @@ const { getFullUser } = require("../../utilities/users")
exports.fetchSelf = async ctx => {
const appId = ctx.appId
- const { userId } = ctx.user
+ let userId = ctx.user.userId || ctx.user._id
/* istanbul ignore next */
if (!userId) {
ctx.body = {}
diff --git a/packages/server/src/api/controllers/routing.js b/packages/server/src/api/controllers/routing.js
index 1bbb521eab..d281b92fe2 100644
--- a/packages/server/src/api/controllers/routing.js
+++ b/packages/server/src/api/controllers/routing.js
@@ -63,10 +63,6 @@ exports.fetch = async ctx => {
exports.clientFetch = async ctx => {
const routing = await getRoutingStructure(ctx.appId)
let roleId = ctx.user.role._id
- // builder is a special case, always return the full routing structure
- if (roleId === BUILTIN_ROLE_IDS.BUILDER) {
- roleId = BUILTIN_ROLE_IDS.ADMIN
- }
const roleIds = await getUserRoleHierarchy(ctx.appId, roleId)
for (let topLevel of Object.values(routing.routes)) {
for (let subpathKey of Object.keys(topLevel.subpaths)) {
diff --git a/packages/server/src/api/controllers/static/templates/BudibaseApp.svelte b/packages/server/src/api/controllers/static/templates/BudibaseApp.svelte
index b73cfc6a3e..f73f79c096 100644
--- a/packages/server/src/api/controllers/static/templates/BudibaseApp.svelte
+++ b/packages/server/src/api/controllers/static/templates/BudibaseApp.svelte
@@ -31,7 +31,6 @@
margin: 0;
padding: 0;
}
-
*,
*:before,
*:after {
@@ -41,9 +40,9 @@
-
-
diff --git a/packages/server/src/api/controllers/user.js b/packages/server/src/api/controllers/user.js
index 73ba56943a..fc207c479f 100644
--- a/packages/server/src/api/controllers/user.js
+++ b/packages/server/src/api/controllers/user.js
@@ -4,7 +4,6 @@ const {
getUserMetadataParams,
} = require("../../db/utils")
const { InternalTables } = require("../../db/utils")
-const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
const {
getGlobalUsers,
addAppRoleToUser,
@@ -47,10 +46,6 @@ exports.fetchMetadata = async function (ctx) {
exports.updateSelfMetadata = async function (ctx) {
// overwrite the ID with current users
ctx.request.body._id = ctx.user._id
- if (ctx.user.builder && ctx.user.builder.global) {
- // specific case, update self role in global user
- await addAppRoleToUser(ctx, ctx.appId, BUILTIN_ROLE_IDS.ADMIN)
- }
// make sure no stale rev
delete ctx.request.body._rev
await exports.updateMetadata(ctx)
diff --git a/packages/server/src/api/routes/tests/routing.spec.js b/packages/server/src/api/routes/tests/routing.spec.js
index 622552c77f..38cd62ae76 100644
--- a/packages/server/src/api/routes/tests/routing.spec.js
+++ b/packages/server/src/api/routes/tests/routing.spec.js
@@ -28,9 +28,7 @@ describe("/routing", () => {
it("returns the correct routing for basic user", async () => {
workerRequests.getGlobalUsers.mockImplementationOnce((ctx, appId) => {
return {
- roles: {
- [appId]: BUILTIN_ROLE_IDS.BASIC,
- }
+ roleId: BUILTIN_ROLE_IDS.BASIC,
}
})
const res = await request
diff --git a/packages/server/src/api/routes/tests/utilities/TestFunctions.js b/packages/server/src/api/routes/tests/utilities/TestFunctions.js
index c49e44c949..dfd77eec7a 100644
--- a/packages/server/src/api/routes/tests/utilities/TestFunctions.js
+++ b/packages/server/src/api/routes/tests/utilities/TestFunctions.js
@@ -2,6 +2,7 @@ const rowController = require("../../../controllers/row")
const appController = require("../../../controllers/application")
const CouchDB = require("../../../../db")
const { AppStatus } = require("../../../../db/utils")
+const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
function Request(appId, params) {
this.appId = appId
@@ -77,11 +78,17 @@ exports.checkPermissionsEndpoint = async ({
.set(passHeader)
.expect(200)
- user = await config.createUser("fail@budibase.com", password, failRole)
- const failHeader = await config.login("fail@budibase.com", password, {
- roleId: failRole,
- userId: user.globalId,
- })
+ let failHeader
+ if (failRole === BUILTIN_ROLE_IDS.PUBLIC) {
+ failHeader = config.publicHeaders()
+ } else {
+ user = await config.createUser("fail@budibase.com", password, failRole)
+ failHeader = await config.login("fail@budibase.com", password, {
+ roleId: failRole,
+ userId: user.globalId,
+ builder: false,
+ })
+ }
await exports
.createRequest(config.request, method, url, body)
diff --git a/packages/server/src/middleware/currentapp.js b/packages/server/src/middleware/currentapp.js
index ae83da8ba6..e47c9894fa 100644
--- a/packages/server/src/middleware/currentapp.js
+++ b/packages/server/src/middleware/currentapp.js
@@ -33,7 +33,7 @@ module.exports = async (ctx, next) => {
updateCookie = true
appId = requestAppId
// retrieving global user gets the right role
- roleId = globalUser.roleId
+ roleId = globalUser.roleId || BUILTIN_ROLE_IDS.PUBLIC
} else if (appCookie != null) {
appId = appCookie.appId
roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC
diff --git a/packages/server/src/tests/utilities/TestConfiguration.js b/packages/server/src/tests/utilities/TestConfiguration.js
index 60e503c128..4ba5abbb59 100644
--- a/packages/server/src/tests/utilities/TestConfiguration.js
+++ b/packages/server/src/tests/utilities/TestConfiguration.js
@@ -101,7 +101,7 @@ class TestConfiguration {
userId: GLOBAL_USER_ID,
}
const app = {
- roleId: BUILTIN_ROLE_IDS.BUILDER,
+ roleId: BUILTIN_ROLE_IDS.ADMIN,
appId: this.appId,
}
const authToken = jwt.sign(auth, env.JWT_SECRET)
@@ -306,12 +306,9 @@ class TestConfiguration {
return await this._req(config, null, controllers.layout.save)
}
- async createUser(roleId = BUILTIN_ROLE_IDS.POWER) {
+ async createUser() {
const globalId = `us_${Math.random()}`
- const resp = await this.globalUser(
- globalId,
- roleId === BUILTIN_ROLE_IDS.BUILDER
- )
+ const resp = await this.globalUser(globalId)
return {
...resp,
globalId,
@@ -319,7 +316,6 @@ class TestConfiguration {
}
async login(email, password, { roleId, userId, builder } = {}) {
- roleId = !roleId ? BUILTIN_ROLE_IDS.BUILDER : roleId
userId = !userId ? `us_uuid1` : userId
if (!this.request) {
throw "Server has not been opened, cannot login."
diff --git a/packages/server/src/utilities/fileSystem/newApp.js b/packages/server/src/utilities/fileSystem/newApp.js
index 22113757c9..735f0d523e 100644
--- a/packages/server/src/utilities/fileSystem/newApp.js
+++ b/packages/server/src/utilities/fileSystem/newApp.js
@@ -30,5 +30,7 @@ exports.uploadClientLibrary = async appId => {
const sourcepath = require.resolve("@budibase/client")
const destPath = join(appId, "budibase-client.js")
- await streamUpload(BUCKET_NAME, destPath, fs.createReadStream(sourcepath))
+ await streamUpload(BUCKET_NAME, destPath, fs.createReadStream(sourcepath), {
+ ContentType: "application/javascript",
+ })
}
diff --git a/packages/server/src/utilities/workerRequests.js b/packages/server/src/utilities/workerRequests.js
index 99d9a1c3e2..59ab2c296c 100644
--- a/packages/server/src/utilities/workerRequests.js
+++ b/packages/server/src/utilities/workerRequests.js
@@ -9,19 +9,26 @@ function getAppRole(appId, user) {
if (!user.roles) {
return user
}
- // always use the deployed app
- user.roleId = user.roles[getDeployedAppID(appId)]
- if (!user.roleId) {
- user.roleId = BUILTIN_ROLE_IDS.PUBLIC
+ if (user.builder && user.builder.global) {
+ user.roleId = BUILTIN_ROLE_IDS.ADMIN
+ } else {
+ // always use the deployed app
+ user.roleId = user.roles[getDeployedAppID(appId)]
+ if (!user.roleId) {
+ user.roleId = BUILTIN_ROLE_IDS.PUBLIC
+ }
}
delete user.roles
return user
}
-function request(ctx, request) {
+function request(ctx, request, noApiKey) {
if (!request.headers) {
request.headers = {}
}
+ if (!noApiKey) {
+ request.headers["x-budibase-api-key"] = env.INTERNAL_API_KEY
+ }
if (request.body && Object.keys(request.body).length > 0) {
request.headers["Content-Type"] = "application/json"
request.body =
@@ -44,9 +51,6 @@ exports.sendSmtpEmail = async (to, from, subject, contents) => {
checkSlashesInUrl(env.WORKER_URL + `/api/admin/email/send`),
request(null, {
method: "POST",
- headers: {
- "x-budibase-api-key": env.INTERNAL_API_KEY,
- },
body: {
email: to,
from,
@@ -86,16 +90,6 @@ exports.getDeployedApps = async ctx => {
}
}
-exports.deleteGlobalUser = async (ctx, globalId) => {
- const endpoint = `/api/admin/users/${globalId}`
- const reqCfg = { method: "DELETE" }
- const response = await fetch(
- checkSlashesInUrl(env.WORKER_URL + endpoint),
- request(ctx, reqCfg)
- )
- return response.json()
-}
-
exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {
const endpoint = globalId
? `/api/admin/users/${globalId}`
@@ -121,7 +115,8 @@ exports.getGlobalSelf = async (ctx, appId = null) => {
const endpoint = `/api/admin/users/self`
const response = await fetch(
checkSlashesInUrl(env.WORKER_URL + endpoint),
- request(ctx, { method: "GET" })
+ // we don't want to use API key when getting self
+ request(ctx, { method: "GET" }, true)
)
if (response.status !== 200) {
ctx.throw(400, "Unable to get self globally.")
@@ -172,9 +167,6 @@ exports.removeAppFromUserRoles = async appId => {
checkSlashesInUrl(env.WORKER_URL + `/api/admin/roles/${deployedAppId}`),
request(null, {
method: "DELETE",
- headers: {
- "x-budibase-api-key": env.INTERNAL_API_KEY,
- },
})
)
if (response.status !== 200) {
diff --git a/packages/standard-components/package.json b/packages/standard-components/package.json
index 489a608cd6..143b91402c 100644
--- a/packages/standard-components/package.json
+++ b/packages/standard-components/package.json
@@ -29,11 +29,11 @@
"keywords": [
"svelte"
],
- "version": "0.9.24",
+ "version": "0.9.25",
"license": "MIT",
"gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc",
"dependencies": {
- "@budibase/bbui": "^0.9.24",
+ "@budibase/bbui": "^0.9.25",
"@spectrum-css/page": "^3.0.1",
"@spectrum-css/vars": "^3.0.1",
"apexcharts": "^3.22.1",
diff --git a/packages/string-templates/package.json b/packages/string-templates/package.json
index 7bce0dc94b..8033e4f052 100644
--- a/packages/string-templates/package.json
+++ b/packages/string-templates/package.json
@@ -1,6 +1,6 @@
{
"name": "@budibase/string-templates",
- "version": "0.9.24",
+ "version": "0.9.25",
"description": "Handlebars wrapper for Budibase templating.",
"main": "src/index.cjs",
"module": "dist/bundle.mjs",
diff --git a/packages/worker/package.json b/packages/worker/package.json
index 8a6835ce51..34ed7b9716 100644
--- a/packages/worker/package.json
+++ b/packages/worker/package.json
@@ -1,7 +1,7 @@
{
"name": "@budibase/worker",
"email": "hi@budibase.com",
- "version": "0.9.24",
+ "version": "0.9.25",
"description": "Budibase background service",
"main": "src/index.js",
"repository": {
@@ -21,8 +21,8 @@
"author": "Budibase",
"license": "AGPL-3.0-or-later",
"dependencies": {
- "@budibase/auth": "^0.9.24",
- "@budibase/string-templates": "^0.9.24",
+ "@budibase/auth": "^0.9.25",
+ "@budibase/string-templates": "^0.9.25",
"@koa/router": "^8.0.0",
"aws-sdk": "^2.811.0",
"bcryptjs": "^2.4.3",