diff --git a/packages/server/specs/openapi.json b/packages/server/specs/openapi.json index 1071a39c29..1e5718c5b5 100644 --- a/packages/server/specs/openapi.json +++ b/packages/server/specs/openapi.json @@ -1519,6 +1519,34 @@ "forceResetPassword": { "description": "If set to true forces the user to reset their password on first login.", "type": "boolean" + }, + "builder": { + "description": "Describes if the user is a builder user or not. This field can only be set on a business or enterprise license.", + "type": "object", + "properties": { + "global": { + "description": "If set to true the user will be able to build any app in the system.", + "type": "boolean" + } + } + }, + "admin": { + "description": "Describes if the user is an admin user or not. This field can only be set on a business or enterprise license.", + "type": "object", + "properties": { + "global": { + "description": "If set to true the user will be able to administrate the system.", + "type": "boolean" + } + } + }, + "roles": { + "description": "Contains the roles of the user per app (assuming they are not a builder user). This field can only be set on a business or enterprise license.", + "type": "object", + "additionalProperties": { + "type": "string", + "description": "A map of app ID (production app ID, minus the _dev component) to a role ID, e.g. ADMIN." + } } }, "required": [ @@ -1559,6 +1587,34 @@ "description": "If set to true forces the user to reset their password on first login.", "type": "boolean" }, + "builder": { + "description": "Describes if the user is a builder user or not. This field can only be set on a business or enterprise license.", + "type": "object", + "properties": { + "global": { + "description": "If set to true the user will be able to build any app in the system.", + "type": "boolean" + } + } + }, + "admin": { + "description": "Describes if the user is an admin user or not. This field can only be set on a business or enterprise license.", + "type": "object", + "properties": { + "global": { + "description": "If set to true the user will be able to administrate the system.", + "type": "boolean" + } + } + }, + "roles": { + "description": "Contains the roles of the user per app (assuming they are not a builder user). This field can only be set on a business or enterprise license.", + "type": "object", + "additionalProperties": { + "type": "string", + "description": "A map of app ID (production app ID, minus the _dev component) to a role ID, e.g. ADMIN." + } + }, "_id": { "description": "The ID of the user.", "type": "string" @@ -1610,6 +1666,34 @@ "description": "If set to true forces the user to reset their password on first login.", "type": "boolean" }, + "builder": { + "description": "Describes if the user is a builder user or not. This field can only be set on a business or enterprise license.", + "type": "object", + "properties": { + "global": { + "description": "If set to true the user will be able to build any app in the system.", + "type": "boolean" + } + } + }, + "admin": { + "description": "Describes if the user is an admin user or not. This field can only be set on a business or enterprise license.", + "type": "object", + "properties": { + "global": { + "description": "If set to true the user will be able to administrate the system.", + "type": "boolean" + } + } + }, + "roles": { + "description": "Contains the roles of the user per app (assuming they are not a builder user). This field can only be set on a business or enterprise license.", + "type": "object", + "additionalProperties": { + "type": "string", + "description": "A map of app ID (production app ID, minus the _dev component) to a role ID, e.g. ADMIN." + } + }, "_id": { "description": "The ID of the user.", "type": "string" @@ -1753,29 +1837,26 @@ "rolesAssign": { "type": "object", "properties": { - "builder": { + "appBuilder": { "type": "object", "properties": { - "global": { - "type": "boolean" + "appId": { + "description": "The app that the users should have app builder privileges granted for.", + "type": "string" } }, - "description": "Add/remove global builder permissions from the list of users.", + "description": "Allow setting users to builders per app.", "required": [ - "global" + "appId" ] }, + "builder": { + "type": "boolean", + "description": "Add/remove global builder permissions from the list of users." + }, "admin": { - "type": "object", - "properties": { - "global": { - "type": "boolean" - } - }, - "description": "Add/remove global admin permissions from the list of users.", - "required": [ - "global" - ] + "type": "boolean", + "description": "Add/remove global admin permissions from the list of users." }, "role": { "type": "object", @@ -1810,29 +1891,26 @@ "rolesUnAssign": { "type": "object", "properties": { - "builder": { + "appBuilder": { "type": "object", "properties": { - "global": { - "type": "boolean" + "appId": { + "description": "The app that the users should have app builder privileges granted for.", + "type": "string" } }, - "description": "Add/remove global builder permissions from the list of users.", + "description": "Allow setting users to builders per app.", "required": [ - "global" + "appId" ] }, + "builder": { + "type": "boolean", + "description": "Add/remove global builder permissions from the list of users." + }, "admin": { - "type": "object", - "properties": { - "global": { - "type": "boolean" - } - }, - "description": "Add/remove global admin permissions from the list of users.", - "required": [ - "global" - ] + "type": "boolean", + "description": "Add/remove global admin permissions from the list of users." }, "role": { "type": "object", @@ -1867,16 +1945,24 @@ "rolesOutput": { "type": "object", "properties": { - "userIds": { - "description": "The updated users' IDs", - "type": "array", - "items": { - "type": "string" - } + "data": { + "type": "object", + "properties": { + "userIds": { + "description": "The updated users' IDs", + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [ + "userIds" + ] } }, "required": [ - "userIds" + "data" ] } } @@ -2235,6 +2321,7 @@ "post": { "operationId": "roleAssign", "summary": "Assign a role to a list of users", + "description": "This is a business/enterprise only endpoint", "tags": [ "roles" ], @@ -2266,6 +2353,7 @@ "post": { "operationId": "roleUnAssign", "summary": "Un-assign a role from a list of users", + "description": "This is a business/enterprise only endpoint", "tags": [ "roles" ], diff --git a/packages/server/specs/openapi.yaml b/packages/server/specs/openapi.yaml index aa7b3ddb51..07320917b8 100644 --- a/packages/server/specs/openapi.yaml +++ b/packages/server/specs/openapi.yaml @@ -1296,6 +1296,32 @@ components: description: If set to true forces the user to reset their password on first login. type: boolean + builder: + description: Describes if the user is a builder user or not. This field can only + be set on a business or enterprise license. + type: object + properties: + global: + description: If set to true the user will be able to build any app in the + system. + type: boolean + admin: + description: Describes if the user is an admin user or not. This field can only + be set on a business or enterprise license. + type: object + properties: + global: + description: If set to true the user will be able to administrate the system. + type: boolean + roles: + description: Contains the roles of the user per app (assuming they are not a + builder user). This field can only be set on a business or + enterprise license. + type: object + additionalProperties: + type: string + description: A map of app ID (production app ID, minus the _dev component) to a + role ID, e.g. ADMIN. required: - email - roles @@ -1328,6 +1354,32 @@ components: description: If set to true forces the user to reset their password on first login. type: boolean + builder: + description: Describes if the user is a builder user or not. This field can only + be set on a business or enterprise license. + type: object + properties: + global: + description: If set to true the user will be able to build any app in the + system. + type: boolean + admin: + description: Describes if the user is an admin user or not. This field can only + be set on a business or enterprise license. + type: object + properties: + global: + description: If set to true the user will be able to administrate the system. + type: boolean + roles: + description: Contains the roles of the user per app (assuming they are not a + builder user). This field can only be set on a business or + enterprise license. + type: object + additionalProperties: + type: string + description: A map of app ID (production app ID, minus the _dev component) to a + role ID, e.g. ADMIN. _id: description: The ID of the user. type: string @@ -1368,6 +1420,32 @@ components: description: If set to true forces the user to reset their password on first login. type: boolean + builder: + description: Describes if the user is a builder user or not. This field can only + be set on a business or enterprise license. + type: object + properties: + global: + description: If set to true the user will be able to build any app in the + system. + type: boolean + admin: + description: Describes if the user is an admin user or not. This field can only + be set on a business or enterprise license. + type: object + properties: + global: + description: If set to true the user will be able to administrate the system. + type: boolean + roles: + description: Contains the roles of the user per app (assuming they are not a + builder user). This field can only be set on a business or + enterprise license. + type: object + additionalProperties: + type: string + description: A map of app ID (production app ID, minus the _dev component) to a + role ID, e.g. ADMIN. _id: description: The ID of the user. type: string @@ -1481,22 +1559,22 @@ components: rolesAssign: type: object properties: + appBuilder: + type: object + properties: + appId: + description: The app that the users should have app builder privileges granted + for. + type: string + description: Allow setting users to builders per app. + required: + - appId builder: - type: object - properties: - global: - type: boolean + type: boolean description: Add/remove global builder permissions from the list of users. - required: - - global admin: - type: object - properties: - global: - type: boolean + type: boolean description: Add/remove global admin permissions from the list of users. - required: - - global role: type: object properties: @@ -1520,22 +1598,22 @@ components: rolesUnAssign: type: object properties: + appBuilder: + type: object + properties: + appId: + description: The app that the users should have app builder privileges granted + for. + type: string + description: Allow setting users to builders per app. + required: + - appId builder: - type: object - properties: - global: - type: boolean + type: boolean description: Add/remove global builder permissions from the list of users. - required: - - global admin: - type: object - properties: - global: - type: boolean + type: boolean description: Add/remove global admin permissions from the list of users. - required: - - global role: type: object properties: @@ -1559,13 +1637,18 @@ components: rolesOutput: type: object properties: - userIds: - description: The updated users' IDs - type: array - items: - type: string + data: + type: object + properties: + userIds: + description: The updated users' IDs + type: array + items: + type: string + required: + - userIds required: - - userIds + - data security: - ApiKeyAuth: [] paths: @@ -1780,6 +1863,7 @@ paths: post: operationId: roleAssign summary: Assign a role to a list of users + description: This is a business/enterprise only endpoint tags: - roles requestBody: @@ -1799,6 +1883,7 @@ paths: post: operationId: roleUnAssign summary: Un-assign a role from a list of users + description: This is a business/enterprise only endpoint tags: - roles requestBody: diff --git a/packages/server/specs/resources/roles.ts b/packages/server/specs/resources/roles.ts index f4fd870b7b..1033d640ce 100644 --- a/packages/server/specs/resources/roles.ts +++ b/packages/server/specs/resources/roles.ts @@ -3,35 +3,26 @@ import Resource from "./utils/Resource" const roleSchema = object( { - appBuilder: object({ - appId: { - description: - "The app that the users should have app builder privileges granted for.", - type: "string", - }, - }), - builder: object( + appBuilder: object( { - global: { - type: "boolean", + appId: { + description: + "The app that the users should have app builder privileges granted for.", + type: "string", }, }, - { - description: - "Add/remove global builder permissions from the list of users.", - } - ), - admin: object( - { - global: { - type: "boolean", - }, - }, - { - description: - "Add/remove global admin permissions from the list of users.", - } + { description: "Allow setting users to builders per app." } ), + builder: { + type: "boolean", + description: + "Add/remove global builder permissions from the list of users.", + }, + admin: { + type: "boolean", + description: + "Add/remove global admin permissions from the list of users.", + }, role: object( { roleId: { @@ -61,12 +52,14 @@ export default new Resource().setSchemas({ rolesAssign: roleSchema, rolesUnAssign: roleSchema, rolesOutput: object({ - userIds: { - description: "The updated users' IDs", - type: "array", - items: { - type: "string", + data: object({ + userIds: { + description: "The updated users' IDs", + type: "array", + items: { + type: "string", + }, }, - }, + }), }), }) diff --git a/packages/server/src/api/controllers/public/mapping/types.ts b/packages/server/src/api/controllers/public/mapping/types.ts index e3c8719d87..9fea9b7213 100644 --- a/packages/server/src/api/controllers/public/mapping/types.ts +++ b/packages/server/src/api/controllers/public/mapping/types.ts @@ -16,6 +16,10 @@ export type CreateRowParams = components["schemas"]["row"] export type User = components["schemas"]["userOutput"]["data"] export type CreateUserParams = components["schemas"]["user"] +export type RoleAssignRequest = components["schemas"]["rolesAssign"] +export type RoleUnAssignRequest = components["schemas"]["rolesUnAssign"] +export type RoleAssignmentResponse = components["schemas"]["rolesOutput"] + export type SearchInputParams = | components["schemas"]["nameSearch"] | components["schemas"]["rowSearch"] diff --git a/packages/server/src/api/controllers/public/roles.ts b/packages/server/src/api/controllers/public/roles.ts index 1ff11c48c2..362f25da58 100644 --- a/packages/server/src/api/controllers/public/roles.ts +++ b/packages/server/src/api/controllers/public/roles.ts @@ -1,28 +1,29 @@ -import { - UserCtx, - RoleAssignmentResponse, - RoleAssignmentRequest, -} from "@budibase/types" +import { UserCtx } from "@budibase/types" import { Next } from "koa" import { sdk } from "@budibase/pro" +import { + RoleAssignmentResponse, + RoleUnAssignRequest, + RoleAssignRequest, +} from "./mapping/types" async function assign( - ctx: UserCtx, + ctx: UserCtx, next: Next ) { const { userIds, ...assignmentProps } = ctx.request.body await sdk.publicApi.roles.assign(userIds, assignmentProps) - ctx.body = { userIds } + ctx.body = { data: { userIds } } await next() } async function unAssign( - ctx: UserCtx, + ctx: UserCtx, next: Next ) { const { userIds, ...unAssignmentProps } = ctx.request.body await sdk.publicApi.roles.unAssign(userIds, unAssignmentProps) - ctx.body = { userIds } + ctx.body = { data: { userIds } } await next() } diff --git a/packages/server/src/api/routes/public/roles.ts b/packages/server/src/api/routes/public/roles.ts index 2332a0ffd0..905f364cbe 100644 --- a/packages/server/src/api/routes/public/roles.ts +++ b/packages/server/src/api/routes/public/roles.ts @@ -9,6 +9,7 @@ const write = [] * post: * operationId: roleAssign * summary: Assign a role to a list of users + * description: This is a business/enterprise only endpoint * tags: * - roles * requestBody: @@ -33,6 +34,7 @@ write.push(new Endpoint("post", "/roles/assign", controller.assign)) * post: * operationId: roleUnAssign * summary: Un-assign a role from a list of users + * description: This is a business/enterprise only endpoint * tags: * - roles * requestBody: diff --git a/packages/server/src/definitions/openapi.ts b/packages/server/src/definitions/openapi.ts index ee078d0821..fe5c17b218 100644 --- a/packages/server/src/definitions/openapi.ts +++ b/packages/server/src/definitions/openapi.ts @@ -35,9 +35,11 @@ export interface paths { post: operations["querySearch"]; }; "/roles/assign": { + /** This is a business/enterprise only endpoint */ post: operations["roleAssign"]; }; "/roles/unassign": { + /** This is a business/enterprise only endpoint */ post: operations["roleUnAssign"]; }; "/tables/{tableId}/rows": { @@ -586,8 +588,18 @@ export interface components { lastName?: string; /** @description If set to true forces the user to reset their password on first login. */ forceResetPassword?: boolean; - } & { - roles: unknown; + /** @description Describes if the user is a builder user or not. This field can only be set on a business or enterprise license. */ + builder?: { + /** @description If set to true the user will be able to build any app in the system. */ + global?: boolean; + }; + /** @description Describes if the user is an admin user or not. This field can only be set on a business or enterprise license. */ + admin?: { + /** @description If set to true the user will be able to administrate the system. */ + global?: boolean; + }; + /** @description Contains the roles of the user per app (assuming they are not a builder user). This field can only be set on a business or enterprise license. */ + roles: { [key: string]: string }; }; userOutput: { data: { @@ -606,14 +618,24 @@ export interface components { lastName?: string; /** @description If set to true forces the user to reset their password on first login. */ forceResetPassword?: boolean; + /** @description Describes if the user is a builder user or not. This field can only be set on a business or enterprise license. */ + builder?: { + /** @description If set to true the user will be able to build any app in the system. */ + global?: boolean; + }; + /** @description Describes if the user is an admin user or not. This field can only be set on a business or enterprise license. */ + admin?: { + /** @description If set to true the user will be able to administrate the system. */ + global?: boolean; + }; + /** @description Contains the roles of the user per app (assuming they are not a builder user). This field can only be set on a business or enterprise license. */ + roles: { [key: string]: string }; /** @description The ID of the user. */ _id: string; - } & { - roles: unknown; }; }; userSearch: { - data: ({ + data: { /** @description The email address of the user, this must be unique. */ email: string; /** @description The password of the user if using password based login - this will never be returned. This can be left out of subsequent requests (updates) and will be enriched back into the user structure. */ @@ -629,11 +651,21 @@ export interface components { lastName?: string; /** @description If set to true forces the user to reset their password on first login. */ forceResetPassword?: boolean; + /** @description Describes if the user is a builder user or not. This field can only be set on a business or enterprise license. */ + builder?: { + /** @description If set to true the user will be able to build any app in the system. */ + global?: boolean; + }; + /** @description Describes if the user is an admin user or not. This field can only be set on a business or enterprise license. */ + admin?: { + /** @description If set to true the user will be able to administrate the system. */ + global?: boolean; + }; + /** @description Contains the roles of the user per app (assuming they are not a builder user). This field can only be set on a business or enterprise license. */ + roles: { [key: string]: string }; /** @description The ID of the user. */ _id: string; - } & { - roles: unknown; - })[]; + }[]; }; rowSearch: { query: { @@ -692,14 +724,15 @@ export interface components { name: string; }; rolesAssign: { + /** @description Allow setting users to builders per app. */ + appBuilder?: { + /** @description The app that the users should have app builder privileges granted for. */ + appId: string; + }; /** @description Add/remove global builder permissions from the list of users. */ - builder?: { - global: boolean; - }; + builder?: boolean; /** @description Add/remove global admin permissions from the list of users. */ - admin?: { - global: boolean; - }; + admin?: boolean; /** @description Add/remove a per-app role, such as BASIC, ADMIN etc. */ role?: { /** @description The role ID, such as BASIC, ADMIN or a custom role ID. */ @@ -711,14 +744,15 @@ export interface components { userIds: string[]; }; rolesUnAssign: { + /** @description Allow setting users to builders per app. */ + appBuilder?: { + /** @description The app that the users should have app builder privileges granted for. */ + appId: string; + }; /** @description Add/remove global builder permissions from the list of users. */ - builder?: { - global: boolean; - }; + builder?: boolean; /** @description Add/remove global admin permissions from the list of users. */ - admin?: { - global: boolean; - }; + admin?: boolean; /** @description Add/remove a per-app role, such as BASIC, ADMIN etc. */ role?: { /** @description The role ID, such as BASIC, ADMIN or a custom role ID. */ @@ -730,8 +764,10 @@ export interface components { userIds: string[]; }; rolesOutput: { - /** @description The updated users' IDs */ - userIds: string[]; + data: { + /** @description The updated users' IDs */ + userIds: string[]; + }; }; }; parameters: { @@ -928,6 +964,7 @@ export interface operations { }; }; }; + /** This is a business/enterprise only endpoint */ roleAssign: { responses: { /** Returns a list of updated user IDs */ @@ -943,6 +980,7 @@ export interface operations { }; }; }; + /** This is a business/enterprise only endpoint */ roleUnAssign: { responses: { /** Returns a list of updated user IDs */ diff --git a/packages/types/src/api/index.ts b/packages/types/src/api/index.ts index 9339ae7147..5fa77b18ea 100644 --- a/packages/types/src/api/index.ts +++ b/packages/types/src/api/index.ts @@ -1,3 +1,2 @@ export * from "./account" export * from "./web" -export * from "./public" diff --git a/packages/types/src/api/public/.keep b/packages/types/src/api/public/.keep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/packages/types/src/api/public/index.ts b/packages/types/src/api/public/index.ts deleted file mode 100644 index 2a3a9dddba..0000000000 --- a/packages/types/src/api/public/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from "./roles" diff --git a/packages/types/src/api/public/roles.ts b/packages/types/src/api/public/roles.ts deleted file mode 100644 index fbef8af8b1..0000000000 --- a/packages/types/src/api/public/roles.ts +++ /dev/null @@ -1,16 +0,0 @@ -export interface RoleAssignmentRequest { - role?: { - appId: string - roleId: string - } - appBuilder?: { - appId: string - } - builder?: boolean - admin?: boolean - userIds: string[] -} - -export interface RoleAssignmentResponse { - userIds: string[] -}