Merge branch 'master' into random-fixes
This commit is contained in:
commit
9733bb01e7
|
@ -29,7 +29,6 @@ WORKDIR /opt/couchdb
|
|||
ADD couch/vm.args couch/local.ini ./etc/
|
||||
|
||||
WORKDIR /
|
||||
ADD build-target-paths.sh .
|
||||
ADD runner.sh ./bbcouch-runner.sh
|
||||
RUN chmod +x ./bbcouch-runner.sh /opt/clouseau/bin/clouseau ./build-target-paths.sh
|
||||
RUN chmod +x ./bbcouch-runner.sh /opt/clouseau/bin/clouseau
|
||||
CMD ["./bbcouch-runner.sh"]
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo ${TARGETBUILD} > /buildtarget.txt
|
||||
if [[ "${TARGETBUILD}" = "aas" ]]; then
|
||||
# Azure AppService uses /home for persistent data & SSH on port 2222
|
||||
DATA_DIR="${DATA_DIR:-/home}"
|
||||
WEBSITES_ENABLE_APP_SERVICE_STORAGE=true
|
||||
mkdir -p $DATA_DIR/{search,minio,couch}
|
||||
mkdir -p $DATA_DIR/couch/{dbs,views}
|
||||
chown -R couchdb:couchdb $DATA_DIR/couch/
|
||||
apt update
|
||||
apt-get install -y openssh-server
|
||||
echo "root:Docker!" | chpasswd
|
||||
mkdir -p /tmp
|
||||
chmod +x /tmp/ssh_setup.sh \
|
||||
&& (sleep 1;/tmp/ssh_setup.sh 2>&1 > /dev/null)
|
||||
cp /etc/sshd_config /etc/ssh/sshd_config
|
||||
/etc/init.d/ssh restart
|
||||
sed -i "s#DATA_DIR#/home#g" /opt/clouseau/clouseau.ini
|
||||
sed -i "s#DATA_DIR#/home#g" /opt/couchdb/etc/local.ini
|
||||
else
|
||||
sed -i "s#DATA_DIR#/data#g" /opt/clouseau/clouseau.ini
|
||||
sed -i "s#DATA_DIR#/data#g" /opt/couchdb/etc/local.ini
|
||||
fi
|
|
@ -1,14 +1,52 @@
|
|||
#!/bin/bash
|
||||
|
||||
DATA_DIR=${DATA_DIR:-/data}
|
||||
|
||||
mkdir -p ${DATA_DIR}
|
||||
mkdir -p ${DATA_DIR}/couch/{dbs,views}
|
||||
mkdir -p ${DATA_DIR}/search
|
||||
chown -R couchdb:couchdb ${DATA_DIR}/couch
|
||||
/build-target-paths.sh
|
||||
|
||||
echo ${TARGETBUILD} > /buildtarget.txt
|
||||
if [[ "${TARGETBUILD}" = "aas" ]]; then
|
||||
# Azure AppService uses /home for persistent data & SSH on port 2222
|
||||
DATA_DIR="${DATA_DIR:-/home}"
|
||||
WEBSITES_ENABLE_APP_SERVICE_STORAGE=true
|
||||
mkdir -p $DATA_DIR/{search,minio,couch}
|
||||
mkdir -p $DATA_DIR/couch/{dbs,views}
|
||||
chown -R couchdb:couchdb $DATA_DIR/couch/
|
||||
apt update
|
||||
apt-get install -y openssh-server
|
||||
echo "root:Docker!" | chpasswd
|
||||
mkdir -p /tmp
|
||||
chmod +x /tmp/ssh_setup.sh \
|
||||
&& (sleep 1;/tmp/ssh_setup.sh 2>&1 > /dev/null)
|
||||
cp /etc/sshd_config /etc/ssh/sshd_config
|
||||
/etc/init.d/ssh restart
|
||||
sed -i "s#DATA_DIR#/home#g" /opt/clouseau/clouseau.ini
|
||||
sed -i "s#DATA_DIR#/home#g" /opt/couchdb/etc/local.ini
|
||||
elif [[ "${TARGETBUILD}" = "single" ]]; then
|
||||
sed -i "s#DATA_DIR#/data#g" /opt/clouseau/clouseau.ini
|
||||
sed -i "s#DATA_DIR#/data#g" /opt/couchdb/etc/local.ini
|
||||
elif [[ -n $KUBERNETES_SERVICE_HOST ]]; then
|
||||
# In Kubernetes the directory /opt/couchdb/data has a persistent volume
|
||||
# mount for storing database data.
|
||||
sed -i "s#DATA_DIR#/opt/couchdb/data#g" /opt/clouseau/clouseau.ini
|
||||
sed -i "s#DATA_DIR#/opt/couchdb/data#g" /opt/couchdb/etc/local.ini
|
||||
sed -i "s/^-name .*$//g" /opt/couchdb/etc/vm.args
|
||||
else
|
||||
sed -i "s#DATA_DIR#/data#g" /opt/clouseau/clouseau.ini
|
||||
sed -i "s#DATA_DIR#/data#g" /opt/couchdb/etc/local.ini
|
||||
fi
|
||||
|
||||
/opt/clouseau/bin/clouseau > /dev/stdout 2>&1 &
|
||||
/docker-entrypoint.sh /opt/couchdb/bin/couchdb &
|
||||
sleep 10
|
||||
|
||||
while [[ $(curl -s -w "%{http_code}\n" http://localhost:5984/_up -o /dev/null) -ne 200 ]]; do
|
||||
echo 'Waiting for CouchDB to start...';
|
||||
sleep 5;
|
||||
done
|
||||
|
||||
curl -X PUT http://${COUCHDB_USER}:${COUCHDB_PASSWORD}@localhost:5984/_users
|
||||
curl -X PUT http://${COUCHDB_USER}:${COUCHDB_PASSWORD}@localhost:5984/_replicator
|
||||
sleep infinity
|
|
@ -94,8 +94,6 @@ RUN chmod +x ./healthcheck.sh
|
|||
# For Azure App Service install SSH & point data locations to /home
|
||||
COPY hosting/single/ssh/sshd_config /etc/
|
||||
COPY hosting/single/ssh/ssh_setup.sh /tmp
|
||||
RUN /build-target-paths.sh
|
||||
|
||||
|
||||
# setup letsencrypt certificate
|
||||
RUN apt-get install -y certbot python3-certbot-nginx
|
||||
|
|
|
@ -22,11 +22,11 @@ declare -a DOCKER_VARS=("APP_PORT" "APPS_URL" "ARCHITECTURE" "BUDIBASE_ENVIRONME
|
|||
|
||||
# Azure App Service customisations
|
||||
if [[ "${TARGETBUILD}" = "aas" ]]; then
|
||||
DATA_DIR="${DATA_DIR:-/home}"
|
||||
export DATA_DIR="${DATA_DIR:-/home}"
|
||||
WEBSITES_ENABLE_APP_SERVICE_STORAGE=true
|
||||
/etc/init.d/ssh start
|
||||
else
|
||||
DATA_DIR=${DATA_DIR:-/data}
|
||||
export DATA_DIR=${DATA_DIR:-/data}
|
||||
fi
|
||||
mkdir -p ${DATA_DIR}
|
||||
# Mount NFS or GCP Filestore if env vars exist for it
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"version": "2.13.15",
|
||||
"version": "2.13.18",
|
||||
"npmClient": "yarn",
|
||||
"packages": [
|
||||
"packages/*"
|
||||
|
|
|
@ -260,12 +260,12 @@ export async function listAllObjects(bucketName: string, path: string) {
|
|||
}
|
||||
|
||||
/**
|
||||
* Generate a presigned url with a default TTL of 1 hour
|
||||
* Generate a presigned url with a default TTL of 36 hours
|
||||
*/
|
||||
export function getPresignedUrl(
|
||||
bucketName: string,
|
||||
key: string,
|
||||
durationSeconds: number = 3600
|
||||
durationSeconds: number = 129600
|
||||
) {
|
||||
const objectStore = ObjectStore(bucketName, { presigning: true })
|
||||
const params = {
|
||||
|
|
|
@ -160,4 +160,5 @@ export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
|
|||
|
||||
// utility as a lot of things need simply the builder permission
|
||||
export const BUILDER = PermissionType.BUILDER
|
||||
export const CREATOR = PermissionType.CREATOR
|
||||
export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER
|
||||
|
|
|
@ -146,12 +146,12 @@ export class UserDB {
|
|||
|
||||
static async allUsers() {
|
||||
const db = getGlobalDB()
|
||||
const response = await db.allDocs(
|
||||
const response = await db.allDocs<User>(
|
||||
dbUtils.getGlobalUserParams(null, {
|
||||
include_docs: true,
|
||||
})
|
||||
)
|
||||
return response.rows.map((row: any) => row.doc)
|
||||
return response.rows.map(row => row.doc!)
|
||||
}
|
||||
|
||||
static async countUsersByApp(appId: string) {
|
||||
|
@ -209,13 +209,6 @@ export class UserDB {
|
|||
throw new Error("_id or email is required")
|
||||
}
|
||||
|
||||
if (
|
||||
user.builder?.apps?.length &&
|
||||
!(await UserDB.features.isAppBuildersEnabled())
|
||||
) {
|
||||
throw new Error("Unable to update app builders, please check license")
|
||||
}
|
||||
|
||||
let dbUser: User | undefined
|
||||
if (_id) {
|
||||
// try to get existing user from db
|
||||
|
|
|
@ -25,6 +25,7 @@ import {
|
|||
import { getGlobalDB } from "../context"
|
||||
import * as context from "../context"
|
||||
import { isCreator } from "./utils"
|
||||
import { UserDB } from "./db"
|
||||
|
||||
type GetOpts = { cleanup?: boolean }
|
||||
|
||||
|
@ -336,3 +337,20 @@ export function cleanseUserObject(user: User | ContextUser, base?: User) {
|
|||
}
|
||||
return user
|
||||
}
|
||||
|
||||
export async function addAppBuilder(user: User, appId: string) {
|
||||
const prodAppId = getProdAppID(appId)
|
||||
user.builder ??= {}
|
||||
user.builder.creator = true
|
||||
user.builder.apps ??= []
|
||||
user.builder.apps.push(prodAppId)
|
||||
await UserDB.save(user, { hashPassword: false })
|
||||
}
|
||||
|
||||
export async function removeAppBuilder(user: User, appId: string) {
|
||||
const prodAppId = getProdAppID(appId)
|
||||
if (user.builder && user.builder.apps?.includes(prodAppId)) {
|
||||
user.builder.apps = user.builder.apps.filter(id => id !== prodAppId)
|
||||
}
|
||||
await UserDB.save(user, { hashPassword: false })
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
import "@spectrum-css/buttongroup/dist/index-vars.css"
|
||||
|
||||
export let vertical = false
|
||||
export let gap = ""
|
||||
export let gap = "M"
|
||||
|
||||
$: gapStyle =
|
||||
gap === "L"
|
||||
|
|
|
@ -12,11 +12,13 @@
|
|||
export let error = null
|
||||
export let validate = null
|
||||
export let options = []
|
||||
export let footer = null
|
||||
export let isOptionEnabled = () => true
|
||||
export let getOptionLabel = option => extractProperty(option, "label")
|
||||
export let getOptionValue = option => extractProperty(option, "value")
|
||||
export let getOptionSubtitle = option => extractProperty(option, "subtitle")
|
||||
export let getOptionColour = () => null
|
||||
|
||||
const dispatch = createEventDispatcher()
|
||||
|
||||
let open = false
|
||||
|
@ -100,6 +102,7 @@
|
|||
{error}
|
||||
{disabled}
|
||||
{options}
|
||||
{footer}
|
||||
{getOptionLabel}
|
||||
{getOptionValue}
|
||||
{getOptionSubtitle}
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
export let options = []
|
||||
export let getOptionLabel = option => extractProperty(option, "label")
|
||||
export let getOptionValue = option => extractProperty(option, "value")
|
||||
|
||||
export let getOptionSubtitle = option => option?.subtitle
|
||||
export let isOptionSelected = () => false
|
||||
|
||||
const dispatch = createEventDispatcher()
|
||||
|
@ -135,7 +135,7 @@
|
|||
class="spectrum-Textfield-input spectrum-InputGroup-input"
|
||||
/>
|
||||
</div>
|
||||
<div style="width: 30%">
|
||||
<div style="width: 40%">
|
||||
<button
|
||||
{id}
|
||||
class="spectrum-Picker spectrum-Picker--sizeM override-borders"
|
||||
|
@ -157,6 +157,7 @@
|
|||
<use xlink:href="#spectrum-css-icon-Chevron100" />
|
||||
</svg>
|
||||
</button>
|
||||
</div>
|
||||
{#if open}
|
||||
<div
|
||||
use:clickOutside={handleOutsideClick}
|
||||
|
@ -175,6 +176,11 @@
|
|||
>
|
||||
<span class="spectrum-Menu-itemLabel">
|
||||
{getOptionLabel(option, idx)}
|
||||
{#if getOptionSubtitle(option, idx)}
|
||||
<span class="subtitle-text">
|
||||
{getOptionSubtitle(option, idx)}
|
||||
</span>
|
||||
{/if}
|
||||
</span>
|
||||
<svg
|
||||
class="spectrum-Icon spectrum-UIIcon-Checkmark100 spectrum-Menu-checkmark spectrum-Menu-itemIcon"
|
||||
|
@ -189,14 +195,12 @@
|
|||
</div>
|
||||
{/if}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<style>
|
||||
.spectrum-InputGroup {
|
||||
min-width: 0;
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.spectrum-InputGroup-input {
|
||||
border-right-width: 1px;
|
||||
}
|
||||
|
@ -206,7 +210,6 @@
|
|||
.spectrum-Textfield-input {
|
||||
width: 0;
|
||||
}
|
||||
|
||||
.override-borders {
|
||||
border-top-left-radius: 0px;
|
||||
border-bottom-left-radius: 0px;
|
||||
|
@ -215,5 +218,18 @@
|
|||
max-height: 240px;
|
||||
z-index: 999;
|
||||
top: 100%;
|
||||
width: 100%;
|
||||
}
|
||||
.subtitle-text {
|
||||
font-size: 12px;
|
||||
line-height: 15px;
|
||||
font-weight: 500;
|
||||
color: var(--spectrum-global-color-gray-600);
|
||||
display: block;
|
||||
margin-top: var(--spacing-s);
|
||||
}
|
||||
.spectrum-Menu-checkmark {
|
||||
align-self: center;
|
||||
margin-top: 0;
|
||||
}
|
||||
</style>
|
||||
|
|
|
@ -224,13 +224,12 @@
|
|||
</span>
|
||||
{/if}
|
||||
<span class="spectrum-Menu-itemLabel">
|
||||
{#if getOptionSubtitle(option, idx)}
|
||||
<span class="subtitle-text"
|
||||
>{getOptionSubtitle(option, idx)}</span
|
||||
>
|
||||
{/if}
|
||||
|
||||
{getOptionLabel(option, idx)}
|
||||
{#if getOptionSubtitle(option, idx)}
|
||||
<span class="subtitle-text">
|
||||
{getOptionSubtitle(option, idx)}
|
||||
</span>
|
||||
{/if}
|
||||
</span>
|
||||
{#if option.tag}
|
||||
<span class="option-tag">
|
||||
|
@ -275,10 +274,9 @@
|
|||
font-size: 12px;
|
||||
line-height: 15px;
|
||||
font-weight: 500;
|
||||
top: 10px;
|
||||
color: var(--spectrum-global-color-gray-600);
|
||||
display: block;
|
||||
margin-bottom: var(--spacing-s);
|
||||
margin-top: var(--spacing-s);
|
||||
}
|
||||
|
||||
.spectrum-Picker-label.auto-width {
|
||||
|
|
|
@ -10,8 +10,9 @@
|
|||
export let getOptionLabel = option => option
|
||||
export let getOptionValue = option => option
|
||||
export let getOptionIcon = () => null
|
||||
export let useOptionIconImage = false
|
||||
export let getOptionColour = () => null
|
||||
export let getOptionSubtitle = () => null
|
||||
export let useOptionIconImage = false
|
||||
export let isOptionEnabled
|
||||
export let readonly = false
|
||||
export let quiet = false
|
||||
|
@ -82,8 +83,9 @@
|
|||
{getOptionLabel}
|
||||
{getOptionValue}
|
||||
{getOptionIcon}
|
||||
{useOptionIconImage}
|
||||
{getOptionColour}
|
||||
{getOptionSubtitle}
|
||||
{useOptionIconImage}
|
||||
{isOptionEnabled}
|
||||
{autocomplete}
|
||||
{sort}
|
||||
|
|
|
@ -43,6 +43,7 @@
|
|||
{quiet}
|
||||
{autofocus}
|
||||
{options}
|
||||
isOptionSelected={option => option === dropdownValue}
|
||||
on:change={onChange}
|
||||
on:pick={onPick}
|
||||
on:click
|
||||
|
|
|
@ -13,9 +13,10 @@
|
|||
export let options = []
|
||||
export let getOptionLabel = option => extractProperty(option, "label")
|
||||
export let getOptionValue = option => extractProperty(option, "value")
|
||||
export let getOptionSubtitle = option => option?.subtitle
|
||||
export let getOptionIcon = option => option?.icon
|
||||
export let useOptionIconImage = false
|
||||
export let getOptionColour = option => option?.colour
|
||||
export let useOptionIconImage = false
|
||||
export let isOptionEnabled
|
||||
export let quiet = false
|
||||
export let autoWidth = false
|
||||
|
@ -58,6 +59,7 @@
|
|||
{getOptionValue}
|
||||
{getOptionIcon}
|
||||
{getOptionColour}
|
||||
{getOptionSubtitle}
|
||||
{useOptionIconImage}
|
||||
{isOptionEnabled}
|
||||
{autocomplete}
|
||||
|
|
|
@ -64,7 +64,7 @@
|
|||
</span>
|
||||
{:else if schema.type === "link"}
|
||||
<LinkedRowSelector
|
||||
bind:linkedRows={value[field]}
|
||||
linkedRows={value[field]}
|
||||
{schema}
|
||||
on:change={e => onChange(e, field)}
|
||||
useLabel={false}
|
||||
|
|
|
@ -70,7 +70,12 @@
|
|||
options={meta.constraints.inclusion}
|
||||
/>
|
||||
{:else if type === "link"}
|
||||
<LinkedRowSelector {error} bind:linkedRows={value} schema={meta} />
|
||||
<LinkedRowSelector
|
||||
{error}
|
||||
linkedRows={value}
|
||||
schema={meta}
|
||||
on:change={e => (value = e.detail)}
|
||||
/>
|
||||
{:else if type === "longform"}
|
||||
{#if meta.useRichText}
|
||||
<RichTextField {error} {label} height="150px" bind:value />
|
||||
|
|
|
@ -56,12 +56,12 @@
|
|||
/>
|
||||
{:else}
|
||||
<Multiselect
|
||||
bind:value={linkedIds}
|
||||
value={linkedIds}
|
||||
{label}
|
||||
options={rows}
|
||||
getOptionLabel={getPrettyName}
|
||||
getOptionValue={row => row._id}
|
||||
sort
|
||||
on:change={() => dispatch("change", linkedIds)}
|
||||
on:change
|
||||
/>
|
||||
{/if}
|
||||
|
|
|
@ -20,73 +20,91 @@
|
|||
export let allowedRoles = null
|
||||
export let allowCreator = false
|
||||
export let fancySelect = false
|
||||
export let labelPrefix = null
|
||||
|
||||
const dispatch = createEventDispatcher()
|
||||
const RemoveID = "remove"
|
||||
|
||||
$: enrichLabel = label => (labelPrefix ? `${labelPrefix} ${label}` : label)
|
||||
$: options = getOptions(
|
||||
$roles,
|
||||
allowPublic,
|
||||
allowRemove,
|
||||
allowedRoles,
|
||||
allowCreator
|
||||
allowCreator,
|
||||
enrichLabel
|
||||
)
|
||||
|
||||
const getOptions = (
|
||||
roles,
|
||||
allowPublic,
|
||||
allowRemove,
|
||||
allowedRoles,
|
||||
allowCreator
|
||||
allowCreator,
|
||||
enrichLabel
|
||||
) => {
|
||||
// Use roles whitelist if specified
|
||||
if (allowedRoles?.length) {
|
||||
const filteredRoles = roles.filter(role =>
|
||||
allowedRoles.includes(role._id)
|
||||
)
|
||||
return [
|
||||
...filteredRoles,
|
||||
...(allowedRoles.includes(Constants.Roles.CREATOR)
|
||||
? [{ _id: Constants.Roles.CREATOR, name: "Creator", enabled: false }]
|
||||
: []),
|
||||
]
|
||||
}
|
||||
let newRoles = [...roles]
|
||||
|
||||
if (allowCreator) {
|
||||
newRoles = [
|
||||
{
|
||||
let options = roles
|
||||
.filter(role => allowedRoles.includes(role._id))
|
||||
.map(role => ({
|
||||
name: enrichLabel(role.name),
|
||||
_id: role._id,
|
||||
}))
|
||||
if (allowedRoles.includes(Constants.Roles.CREATOR)) {
|
||||
options.push({
|
||||
_id: Constants.Roles.CREATOR,
|
||||
name: "Creator",
|
||||
name: "Can edit",
|
||||
enabled: false,
|
||||
})
|
||||
}
|
||||
return options
|
||||
}
|
||||
|
||||
// Allow all core roles
|
||||
let options = roles.map(role => ({
|
||||
name: enrichLabel(role.name),
|
||||
_id: role._id,
|
||||
}))
|
||||
|
||||
// Add creator if required
|
||||
if (allowCreator) {
|
||||
options.unshift({
|
||||
_id: Constants.Roles.CREATOR,
|
||||
name: "Can edit",
|
||||
tag:
|
||||
!$licensing.perAppBuildersEnabled &&
|
||||
capitalise(Constants.PlanType.BUSINESS),
|
||||
},
|
||||
...newRoles,
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
// Add remove option if required
|
||||
if (allowRemove) {
|
||||
newRoles = [
|
||||
...newRoles,
|
||||
{
|
||||
options.push({
|
||||
_id: RemoveID,
|
||||
name: "Remove",
|
||||
},
|
||||
]
|
||||
})
|
||||
}
|
||||
if (allowPublic) {
|
||||
return newRoles
|
||||
|
||||
// Remove public if not allowed
|
||||
if (!allowPublic) {
|
||||
options = options.filter(role => role._id !== Constants.Roles.PUBLIC)
|
||||
}
|
||||
return newRoles.filter(role => role._id !== Constants.Roles.PUBLIC)
|
||||
|
||||
return options
|
||||
}
|
||||
|
||||
const getColor = role => {
|
||||
if (allowRemove && role._id === RemoveID) {
|
||||
// Creator and remove options have no colors
|
||||
if (role._id === Constants.Roles.CREATOR || role._id === RemoveID) {
|
||||
return null
|
||||
}
|
||||
return RoleUtils.getRoleColour(role._id)
|
||||
}
|
||||
|
||||
const getIcon = role => {
|
||||
if (allowRemove && role._id === RemoveID) {
|
||||
// Only remove option has an icon
|
||||
if (role._id === RemoveID) {
|
||||
return "Close"
|
||||
}
|
||||
return null
|
||||
|
|
|
@ -364,7 +364,10 @@
|
|||
const payload = [
|
||||
{
|
||||
email: newUserEmail,
|
||||
builder: { global: creationRoleType === Constants.BudibaseRoles.Admin },
|
||||
builder: {
|
||||
global: creationRoleType === Constants.BudibaseRoles.Admin,
|
||||
creator: creationRoleType === Constants.BudibaseRoles.Creator,
|
||||
},
|
||||
admin: { global: creationRoleType === Constants.BudibaseRoles.Admin },
|
||||
},
|
||||
]
|
||||
|
@ -471,10 +474,6 @@
|
|||
await users.removeAppBuilder(userId, prodAppId)
|
||||
}
|
||||
|
||||
const addGroupAppBuilder = async groupId => {
|
||||
await groups.actions.addGroupAppBuilder(groupId, prodAppId)
|
||||
}
|
||||
|
||||
const removeGroupAppBuilder = async groupId => {
|
||||
await groups.actions.removeGroupAppBuilder(groupId, prodAppId)
|
||||
}
|
||||
|
@ -495,14 +494,12 @@
|
|||
}
|
||||
|
||||
const getInviteRoleValue = invite => {
|
||||
if (invite.info?.admin?.global && invite.info?.builder?.global) {
|
||||
return Constants.Roles.ADMIN
|
||||
}
|
||||
|
||||
if (invite.info?.builder?.apps?.includes(prodAppId)) {
|
||||
if (
|
||||
(invite.info?.admin?.global && invite.info?.builder?.global) ||
|
||||
invite.info?.builder?.apps?.includes(prodAppId)
|
||||
) {
|
||||
return Constants.Roles.CREATOR
|
||||
}
|
||||
|
||||
return invite.info.apps?.[prodAppId]
|
||||
}
|
||||
|
||||
|
@ -512,7 +509,7 @@
|
|||
return `This user has been given ${role?.name} access from the ${user.group} group`
|
||||
}
|
||||
if (user.isAdminOrGlobalBuilder) {
|
||||
return "This user's role grants admin access to all apps"
|
||||
return "Account admins can edit all apps"
|
||||
}
|
||||
return null
|
||||
}
|
||||
|
@ -523,6 +520,18 @@
|
|||
}
|
||||
return user.role
|
||||
}
|
||||
|
||||
const checkAppAccess = e => {
|
||||
// Ensure we don't get into an invalid combo of tenant role and app access
|
||||
if (
|
||||
e.detail === Constants.BudibaseRoles.AppUser &&
|
||||
creationAccessType === Constants.Roles.CREATOR
|
||||
) {
|
||||
creationAccessType = Constants.Roles.BASIC
|
||||
} else if (e.detail === Constants.BudibaseRoles.Admin) {
|
||||
creationAccessType = Constants.Roles.CREATOR
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
||||
<svelte:window on:keydown={handleKeyDown} />
|
||||
|
@ -650,8 +659,9 @@
|
|||
autoWidth
|
||||
align="right"
|
||||
allowedRoles={user.isAdminOrGlobalBuilder
|
||||
? [Constants.Roles.ADMIN]
|
||||
? [Constants.Roles.CREATOR]
|
||||
: null}
|
||||
labelPrefix="Can use as"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -695,19 +705,16 @@
|
|||
allowRemove={group.role}
|
||||
allowPublic={false}
|
||||
quiet={true}
|
||||
allowCreator={true}
|
||||
allowCreator={group.role === Constants.Roles.CREATOR}
|
||||
on:change={e => {
|
||||
if (e.detail === Constants.Roles.CREATOR) {
|
||||
addGroupAppBuilder(group._id)
|
||||
} else {
|
||||
onUpdateGroup(group, e.detail)
|
||||
}
|
||||
}}
|
||||
on:remove={() => {
|
||||
onUpdateGroup(group)
|
||||
}}
|
||||
autoWidth
|
||||
align="right"
|
||||
labelPrefix="Can use as"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -753,6 +760,7 @@
|
|||
allowedRoles={user.isAdminOrGlobalBuilder
|
||||
? [Constants.Roles.CREATOR]
|
||||
: null}
|
||||
labelPrefix="Can use as"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -804,33 +812,34 @@
|
|||
<FancySelect
|
||||
bind:value={creationRoleType}
|
||||
options={sdk.users.isAdmin($auth.user)
|
||||
? Constants.BudibaseRoleOptionsNew
|
||||
: Constants.BudibaseRoleOptionsNew.filter(
|
||||
? Constants.BudibaseRoleOptions
|
||||
: Constants.BudibaseRoleOptions.filter(
|
||||
option => option.value !== Constants.BudibaseRoles.Admin
|
||||
)}
|
||||
label="Access"
|
||||
label="Role"
|
||||
on:change={checkAppAccess}
|
||||
/>
|
||||
{#if creationRoleType !== Constants.BudibaseRoles.Admin}
|
||||
<span class="role-wrap">
|
||||
<RoleSelect
|
||||
placeholder={false}
|
||||
bind:value={creationAccessType}
|
||||
allowPublic={false}
|
||||
allowCreator={true}
|
||||
allowCreator={creationRoleType !==
|
||||
Constants.BudibaseRoles.AppUser}
|
||||
quiet={true}
|
||||
autoWidth
|
||||
align="right"
|
||||
fancySelect
|
||||
allowedRoles={creationRoleType === Constants.BudibaseRoles.Admin
|
||||
? [Constants.Roles.CREATOR]
|
||||
: null}
|
||||
footer={getRoleFooter({
|
||||
isAdminOrGlobalBuilder:
|
||||
creationRoleType === Constants.BudibaseRoles.Admin,
|
||||
})}
|
||||
/>
|
||||
</span>
|
||||
{/if}
|
||||
</FancyForm>
|
||||
{#if creationRoleType === Constants.BudibaseRoles.Admin}
|
||||
<div class="admin-info">
|
||||
<Icon name="Info" />
|
||||
Admins will get full access to all apps and settings
|
||||
</div>
|
||||
{/if}
|
||||
<span class="add-user">
|
||||
<Button
|
||||
newStyles
|
||||
|
@ -871,16 +880,6 @@
|
|||
display: grid;
|
||||
}
|
||||
|
||||
.admin-info {
|
||||
margin-top: var(--spacing-xl);
|
||||
padding: var(--spacing-l) var(--spacing-l) var(--spacing-l) var(--spacing-l);
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: var(--spacing-xl);
|
||||
height: 30px;
|
||||
background-color: var(--background-alt);
|
||||
}
|
||||
|
||||
.underlined {
|
||||
text-decoration: underline;
|
||||
cursor: pointer;
|
||||
|
@ -898,7 +897,6 @@
|
|||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: var(--spacing-s);
|
||||
width: 400px;
|
||||
}
|
||||
|
||||
.auth-entity-meta {
|
||||
|
@ -927,7 +925,7 @@
|
|||
.auth-entity,
|
||||
.auth-entity-header {
|
||||
display: grid;
|
||||
grid-template-columns: 1fr 110px;
|
||||
grid-template-columns: 1fr 180px;
|
||||
align-items: center;
|
||||
gap: var(--spacing-xl);
|
||||
}
|
||||
|
@ -958,7 +956,7 @@
|
|||
overflow-y: auto;
|
||||
overflow-x: hidden;
|
||||
position: absolute;
|
||||
width: 400px;
|
||||
width: 440px;
|
||||
right: 0;
|
||||
height: 100%;
|
||||
box-shadow: 0 0 40px 10px rgba(0, 0, 0, 0.1);
|
||||
|
|
|
@ -4,8 +4,6 @@
|
|||
import { url, isActive } from "@roxi/routify"
|
||||
import DeleteModal from "components/deploy/DeleteModal.svelte"
|
||||
import { isOnlyUser } from "builderStore"
|
||||
import { auth } from "stores/portal"
|
||||
import { sdk } from "@budibase/shared-core"
|
||||
|
||||
let deleteModal
|
||||
</script>
|
||||
|
@ -46,7 +44,6 @@
|
|||
url={$url("./version")}
|
||||
active={$isActive("./version")}
|
||||
/>
|
||||
{#if sdk.users.isGlobalBuilder($auth.user)}
|
||||
<div class="delete-action">
|
||||
<AbsTooltip
|
||||
position={TooltipPosition.Bottom}
|
||||
|
@ -63,7 +60,6 @@
|
|||
/>
|
||||
</AbsTooltip>
|
||||
</div>
|
||||
{/if}
|
||||
</SideNav>
|
||||
<slot />
|
||||
</Content>
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
let activeTab = "Apps"
|
||||
|
||||
$: $url(), updateActiveTab($menu)
|
||||
$: isOnboarding = !$apps.length && sdk.users.isGlobalBuilder($auth.user)
|
||||
$: isOnboarding = !$apps.length && sdk.users.hasBuilderPermissions($auth.user)
|
||||
|
||||
const updateActiveTab = menu => {
|
||||
for (let entry of menu) {
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
import PortalSideBar from "./_components/PortalSideBar.svelte"
|
||||
|
||||
// Don't block loading if we've already hydrated state
|
||||
let loaded = $apps.length != null
|
||||
let loaded = !!$apps?.length
|
||||
|
||||
onMount(async () => {
|
||||
try {
|
||||
|
@ -34,7 +34,7 @@
|
|||
}
|
||||
|
||||
// Go to new app page if no apps exists
|
||||
if (!$apps.length && sdk.users.isGlobalBuilder($auth.user)) {
|
||||
if (!$apps.length && sdk.users.hasBuilderPermissions($auth.user)) {
|
||||
$redirect("./onboarding")
|
||||
}
|
||||
} catch (error) {
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
<script>
|
||||
import {
|
||||
banner,
|
||||
Heading,
|
||||
Layout,
|
||||
Button,
|
||||
|
@ -10,6 +11,7 @@
|
|||
Notification,
|
||||
Body,
|
||||
Search,
|
||||
BANNER_TYPES,
|
||||
} from "@budibase/bbui"
|
||||
import Spinner from "components/common/Spinner.svelte"
|
||||
import CreateAppModal from "components/start/CreateAppModal.svelte"
|
||||
|
@ -198,6 +200,20 @@
|
|||
if (usersLimitLockAction) {
|
||||
usersLimitLockAction()
|
||||
}
|
||||
if (!$admin.isDev) {
|
||||
await banner.show({
|
||||
messages: [
|
||||
{
|
||||
message:
|
||||
"We've updated our pricing - read the blog post to learn more.",
|
||||
type: BANNER_TYPES.NEUTRAL,
|
||||
extraButtonText: "Learn More",
|
||||
extraButtonAction: () =>
|
||||
window.open("https://budibase.com/pricing"),
|
||||
},
|
||||
],
|
||||
})
|
||||
}
|
||||
} catch (error) {
|
||||
notifications.error("Error getting init info")
|
||||
}
|
||||
|
@ -237,7 +253,7 @@
|
|||
{#if enrichedApps.length}
|
||||
<Layout noPadding gap="L">
|
||||
<div class="title">
|
||||
{#if $auth.user && sdk.users.isGlobalBuilder($auth.user)}
|
||||
{#if $auth.user && sdk.users.canCreateApps($auth.user)}
|
||||
<div class="buttons">
|
||||
<Button
|
||||
size="M"
|
||||
|
|
|
@ -52,7 +52,7 @@
|
|||
goToApp()
|
||||
} catch (e) {
|
||||
loading = false
|
||||
notifications.error("There was a problem creating your app")
|
||||
notifications.error(e.message || "There was a problem creating your app")
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
|
|
@ -55,6 +55,7 @@
|
|||
},
|
||||
role: {
|
||||
width: "1fr",
|
||||
displayName: "Access",
|
||||
},
|
||||
}
|
||||
const customGroupTableRenderers = [
|
||||
|
@ -98,7 +99,7 @@
|
|||
return y._id === userId
|
||||
})
|
||||
})
|
||||
$: globalRole = sdk.users.isAdmin(user) ? "admin" : "appUser"
|
||||
$: globalRole = users.getUserRole(user)
|
||||
|
||||
const getAvailableApps = (appList, privileged, roles) => {
|
||||
let availableApps = appList.slice()
|
||||
|
@ -177,12 +178,21 @@
|
|||
}
|
||||
|
||||
async function updateUserRole({ detail }) {
|
||||
if (detail === "developer") {
|
||||
if (detail === Constants.BudibaseRoles.Developer) {
|
||||
toggleFlags({ admin: { global: false }, builder: { global: true } })
|
||||
} else if (detail === "admin") {
|
||||
} else if (detail === Constants.BudibaseRoles.Admin) {
|
||||
toggleFlags({ admin: { global: true }, builder: { global: true } })
|
||||
} else if (detail === "appUser") {
|
||||
} else if (detail === Constants.BudibaseRoles.AppUser) {
|
||||
toggleFlags({ admin: { global: false }, builder: { global: false } })
|
||||
} else if (detail === Constants.BudibaseRoles.Creator) {
|
||||
toggleFlags({
|
||||
admin: { global: false },
|
||||
builder: {
|
||||
global: false,
|
||||
creator: true,
|
||||
apps: user?.builder?.apps || [],
|
||||
},
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -295,6 +305,7 @@
|
|||
<div class="field">
|
||||
<Label size="L">Role</Label>
|
||||
<Select
|
||||
placeholder={null}
|
||||
disabled={!sdk.users.isAdmin($auth.user)}
|
||||
value={globalRole}
|
||||
options={Constants.BudibaseRoleOptions}
|
||||
|
|
|
@ -29,7 +29,6 @@
|
|||
},
|
||||
]
|
||||
$: hasError = userData.find(x => x.error != null)
|
||||
|
||||
$: userCount = $licensing.userCount + userData.length
|
||||
$: reached = licensing.usersLimitReached(userCount)
|
||||
$: exceeded = licensing.usersLimitExceeded(userCount)
|
||||
|
@ -98,7 +97,7 @@
|
|||
align-items: center;
|
||||
flex-direction: row;"
|
||||
>
|
||||
<div style="width: 90%">
|
||||
<div style="flex: 1 1 auto;">
|
||||
<InputDropdown
|
||||
inputType="email"
|
||||
bind:inputValue={input.email}
|
||||
|
|
|
@ -14,6 +14,10 @@
|
|||
}
|
||||
</script>
|
||||
|
||||
{#if value === Constants.Roles.CREATOR}
|
||||
Can edit
|
||||
{:else}
|
||||
<StatusLight square color={RoleUtils.getRoleColour(value)}>
|
||||
{getRoleLabel(value)}
|
||||
Can use as {getRoleLabel(value)}
|
||||
</StatusLight>
|
||||
{/if}
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
const BYTES_IN_MB = 1000000
|
||||
const FILE_SIZE_LIMIT = BYTES_IN_MB * 5
|
||||
const MAX_USERS_UPLOAD_LIMIT = 1000
|
||||
|
||||
export let createUsersFromCsv
|
||||
|
||||
let files = []
|
||||
|
@ -22,13 +23,16 @@
|
|||
let userEmails = []
|
||||
let userGroups = []
|
||||
let usersRole = null
|
||||
$: invalidEmails = []
|
||||
|
||||
$: invalidEmails = []
|
||||
$: userCount = $licensing.userCount + userEmails.length
|
||||
$: exceed = licensing.usersLimitExceeded(userCount)
|
||||
|
||||
$: importDisabled =
|
||||
!userEmails.length || !validEmails(userEmails) || !usersRole || exceed
|
||||
$: roleOptions = Constants.BudibaseRoleOptions.map(option => ({
|
||||
...option,
|
||||
label: `${option.label} - ${option.subtitle}`,
|
||||
}))
|
||||
|
||||
const validEmails = userEmails => {
|
||||
if ($admin.cloud && userEmails.length > MAX_USERS_UPLOAD_LIMIT) {
|
||||
|
@ -100,10 +104,7 @@
|
|||
users. Upgrade your plan to add more users
|
||||
</div>
|
||||
{/if}
|
||||
<RadioGroup
|
||||
bind:value={usersRole}
|
||||
options={Constants.BuilderRoleDescriptions}
|
||||
/>
|
||||
<RadioGroup bind:value={usersRole} options={roleOptions} />
|
||||
|
||||
{#if $licensing.groupsEnabled}
|
||||
<Multiselect
|
||||
|
|
|
@ -4,17 +4,11 @@
|
|||
|
||||
export let row
|
||||
|
||||
const TooltipMap = {
|
||||
appUser: "Only has access to assigned apps",
|
||||
developer: "Access to the app builder",
|
||||
admin: "Full access",
|
||||
}
|
||||
|
||||
$: role = Constants.BudibaseRoleOptionsOld.find(
|
||||
$: role = Constants.BudibaseRoleOptions.find(
|
||||
x => x.value === users.getUserRole(row)
|
||||
)
|
||||
$: value = role?.label || "Not available"
|
||||
$: tooltip = TooltipMap[role?.value] || ""
|
||||
$: tooltip = role.subtitle || ""
|
||||
</script>
|
||||
|
||||
<div on:click|stopPropagation title={tooltip}>
|
||||
|
|
|
@ -172,6 +172,7 @@
|
|||
const payload = userData?.users?.map(user => ({
|
||||
email: user.email,
|
||||
builder: user.role === Constants.BudibaseRoles.Developer,
|
||||
creator: user.role === Constants.BudibaseRoles.Creator,
|
||||
admin: user.role === Constants.BudibaseRoles.Admin,
|
||||
groups: userData.groups,
|
||||
}))
|
||||
|
@ -190,18 +191,18 @@
|
|||
|
||||
for (const user of userData?.users ?? []) {
|
||||
const { email } = user
|
||||
|
||||
if (
|
||||
newUsers.find(x => x.email === email) ||
|
||||
currentUserEmails.includes(email)
|
||||
)
|
||||
) {
|
||||
continue
|
||||
|
||||
}
|
||||
newUsers.push(user)
|
||||
}
|
||||
|
||||
if (!newUsers.length)
|
||||
if (!newUsers.length) {
|
||||
notifications.info("Duplicated! There is no new users to add.")
|
||||
}
|
||||
return { ...userData, users: newUsers }
|
||||
}
|
||||
|
||||
|
@ -266,7 +267,6 @@
|
|||
try {
|
||||
await groups.actions.init()
|
||||
groupsLoaded = true
|
||||
|
||||
pendingInvites = await users.getInvites()
|
||||
invitesLoaded = true
|
||||
} catch (error) {
|
||||
|
|
|
@ -3,6 +3,7 @@ import { API } from "api"
|
|||
import { update } from "lodash"
|
||||
import { licensing } from "."
|
||||
import { sdk } from "@budibase/shared-core"
|
||||
import { Constants } from "@budibase/frontend-core"
|
||||
|
||||
export function createUsersStore() {
|
||||
const { subscribe, set } = writable({})
|
||||
|
@ -77,6 +78,9 @@ export function createUsersStore() {
|
|||
case "developer":
|
||||
body.builder = { global: true }
|
||||
break
|
||||
case "creator":
|
||||
body.builder = { creator: true, global: false }
|
||||
break
|
||||
case "admin":
|
||||
body.admin = { global: true }
|
||||
body.builder = { global: true }
|
||||
|
@ -120,12 +124,18 @@ export function createUsersStore() {
|
|||
return await API.removeAppBuilder({ userId, appId })
|
||||
}
|
||||
|
||||
const getUserRole = user =>
|
||||
sdk.users.isAdmin(user)
|
||||
? "admin"
|
||||
: sdk.users.isBuilder(user)
|
||||
? "developer"
|
||||
: "appUser"
|
||||
const getUserRole = user => {
|
||||
if (sdk.users.isAdmin(user)) {
|
||||
return Constants.BudibaseRoles.Admin
|
||||
} else if (sdk.users.isBuilder(user)) {
|
||||
return Constants.BudibaseRoles.Developer
|
||||
} else if (sdk.users.hasCreatorPermissions(user)) {
|
||||
return Constants.BudibaseRoles.Creator
|
||||
} else {
|
||||
return Constants.BudibaseRoles.AppUser
|
||||
}
|
||||
}
|
||||
|
||||
const refreshUsage =
|
||||
fn =>
|
||||
async (...args) => {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<script>
|
||||
import { CoreSelect, CoreMultiselect } from "@budibase/bbui"
|
||||
import { fetchData } from "@budibase/frontend-core"
|
||||
import { fetchData, Utils } from "@budibase/frontend-core"
|
||||
import { getContext } from "svelte"
|
||||
import Field from "./Field.svelte"
|
||||
import { FieldTypes } from "../../../constants"
|
||||
|
@ -108,7 +108,7 @@
|
|||
}
|
||||
}
|
||||
|
||||
$: fetchRows(searchTerm, primaryDisplay, defaultValue)
|
||||
$: debouncedFetchRows(searchTerm, primaryDisplay, defaultValue)
|
||||
|
||||
const fetchRows = async (searchTerm, primaryDisplay, defaultVal) => {
|
||||
const allRowsFetched =
|
||||
|
@ -124,10 +124,22 @@
|
|||
query: { equal: { _id: defaultVal } },
|
||||
})
|
||||
}
|
||||
|
||||
// Ensure we match all filters, rather than any
|
||||
const baseFilter = (filter || []).filter(x => x.operator !== "allOr")
|
||||
await fetch.update({
|
||||
query: { string: { [primaryDisplay]: searchTerm } },
|
||||
filter: [
|
||||
...baseFilter,
|
||||
{
|
||||
// Use a big numeric prefix to avoid clashing with an existing filter
|
||||
field: `999:${primaryDisplay}`,
|
||||
operator: "string",
|
||||
value: searchTerm,
|
||||
},
|
||||
],
|
||||
})
|
||||
}
|
||||
const debouncedFetchRows = Utils.debounce(fetchRows, 250)
|
||||
|
||||
const flatten = values => {
|
||||
if (!values) {
|
||||
|
|
|
@ -214,15 +214,23 @@ export const buildUserEndpoints = API => ({
|
|||
inviteUsers: async users => {
|
||||
return await API.post({
|
||||
url: "/api/global/users/multi/invite",
|
||||
body: users.map(user => ({
|
||||
body: users.map(user => {
|
||||
let builder = undefined
|
||||
if (user.admin || user.builder) {
|
||||
builder = { global: true }
|
||||
} else if (user.creator) {
|
||||
builder = { creator: true }
|
||||
}
|
||||
return {
|
||||
email: user.email,
|
||||
userInfo: {
|
||||
admin: user.admin ? { global: true } : undefined,
|
||||
builder: user.admin || user.builder ? { global: true } : undefined,
|
||||
builder,
|
||||
userGroups: user.groups,
|
||||
roles: user.apps ? user.apps : undefined,
|
||||
},
|
||||
})),
|
||||
}
|
||||
}),
|
||||
})
|
||||
},
|
||||
|
||||
|
|
|
@ -20,42 +20,31 @@ export const TableNames = {
|
|||
export const BudibaseRoles = {
|
||||
AppUser: "appUser",
|
||||
Developer: "developer",
|
||||
Creator: "creator",
|
||||
Admin: "admin",
|
||||
}
|
||||
|
||||
export const BudibaseRoleOptionsOld = [
|
||||
{ label: "Developer", value: BudibaseRoles.Developer },
|
||||
{ label: "Member", value: BudibaseRoles.AppUser },
|
||||
{ label: "Admin", value: BudibaseRoles.Admin },
|
||||
{
|
||||
label: "Developer",
|
||||
value: BudibaseRoles.Developer,
|
||||
},
|
||||
]
|
||||
export const BudibaseRoleOptions = [
|
||||
{ label: "Member", value: BudibaseRoles.AppUser },
|
||||
{ label: "Admin", value: BudibaseRoles.Admin },
|
||||
]
|
||||
|
||||
export const BudibaseRoleOptionsNew = [
|
||||
{
|
||||
label: "Admin",
|
||||
value: "admin",
|
||||
label: "Account admin",
|
||||
value: BudibaseRoles.Admin,
|
||||
subtitle: "Has full access to all apps and settings in your account",
|
||||
},
|
||||
{
|
||||
label: "Member",
|
||||
value: "appUser",
|
||||
subtitle: "Can only view apps they have access to",
|
||||
label: "Creator",
|
||||
value: BudibaseRoles.Creator,
|
||||
subtitle: "Can create and edit apps they have access to",
|
||||
},
|
||||
]
|
||||
|
||||
export const BuilderRoleDescriptions = [
|
||||
{
|
||||
label: "App user",
|
||||
value: BudibaseRoles.AppUser,
|
||||
icon: "User",
|
||||
label: "App user - Only has access to published apps",
|
||||
},
|
||||
{
|
||||
value: BudibaseRoles.Admin,
|
||||
icon: "Draw",
|
||||
label: "Admin - Full access",
|
||||
subtitle: "Can only use published apps they have access to",
|
||||
},
|
||||
]
|
||||
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 5e3d59fc4060fd44b14b2599269c207753d4e5be
|
||||
Subproject commit 1037b032d49244678204704d1bca779a29e395eb
|
|
@ -51,6 +51,7 @@ import {
|
|||
import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
|
||||
import sdk from "../../sdk"
|
||||
import { builderSocket } from "../../websockets"
|
||||
import { sdk as sharedCoreSDK } from "@budibase/shared-core"
|
||||
|
||||
// utility function, need to do away with this
|
||||
async function getLayouts() {
|
||||
|
@ -394,6 +395,12 @@ async function appPostCreate(ctx: UserCtx, app: App) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If the user is a creator, we need to give them access to the new app
|
||||
if (sharedCoreSDK.users.hasCreatorPermissions(ctx.user)) {
|
||||
const user = await users.UserDB.getUser(ctx.user._id!)
|
||||
await users.addAppBuilder(user, app.appId)
|
||||
}
|
||||
}
|
||||
|
||||
export async function create(ctx: UserCtx) {
|
||||
|
|
|
@ -16,7 +16,7 @@ router
|
|||
)
|
||||
.post(
|
||||
"/api/applications",
|
||||
authorized(permissions.GLOBAL_BUILDER),
|
||||
authorized(permissions.CREATOR),
|
||||
applicationValidator(),
|
||||
controller.create
|
||||
)
|
||||
|
|
|
@ -5,7 +5,7 @@ import {
|
|||
roles,
|
||||
users,
|
||||
} from "@budibase/backend-core"
|
||||
import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types"
|
||||
import { PermissionLevel, PermissionType, UserCtx } from "@budibase/types"
|
||||
import builderMiddleware from "./builder"
|
||||
import { isWebhookEndpoint } from "./utils"
|
||||
import { paramResource } from "./resourceId"
|
||||
|
@ -31,13 +31,20 @@ const checkAuthorized = async (
|
|||
) => {
|
||||
const appId = context.getAppId()
|
||||
const isGlobalBuilderApi = permType === PermissionType.GLOBAL_BUILDER
|
||||
const isCreatorApi = permType === PermissionType.CREATOR
|
||||
const isBuilderApi = permType === PermissionType.BUILDER
|
||||
const globalBuilder = users.isGlobalBuilder(ctx.user)
|
||||
let isBuilder = appId
|
||||
const isGlobalBuilder = users.isGlobalBuilder(ctx.user)
|
||||
const isCreator = users.isCreator(ctx.user)
|
||||
const isBuilder = appId
|
||||
? users.isBuilder(ctx.user, appId)
|
||||
: users.hasBuilderPermissions(ctx.user)
|
||||
// check if this is a builder api and the user is not a builder
|
||||
if ((isGlobalBuilderApi && !globalBuilder) || (isBuilderApi && !isBuilder)) {
|
||||
|
||||
// check api permission type against user
|
||||
if (
|
||||
(isGlobalBuilderApi && !isGlobalBuilder) ||
|
||||
(isCreatorApi && !isCreator) ||
|
||||
(isBuilderApi && !isBuilder)
|
||||
) {
|
||||
return ctx.throw(403, "Not Authorized")
|
||||
}
|
||||
|
||||
|
@ -148,6 +155,7 @@ const authorized =
|
|||
// to find API endpoints which are builder focused
|
||||
if (
|
||||
permType === PermissionType.BUILDER ||
|
||||
permType === PermissionType.CREATOR ||
|
||||
permType === PermissionType.GLOBAL_BUILDER
|
||||
) {
|
||||
await builderMiddleware(ctx)
|
||||
|
|
|
@ -25,6 +25,10 @@ export function isGlobalBuilder(user: User | ContextUser): boolean {
|
|||
return (isBuilder(user) && !hasAppBuilderPermissions(user)) || isAdmin(user)
|
||||
}
|
||||
|
||||
export function canCreateApps(user: User | ContextUser): boolean {
|
||||
return isGlobalBuilder(user) || hasCreatorPermissions(user)
|
||||
}
|
||||
|
||||
// alias for hasAdminPermission, currently do the same thing
|
||||
// in future whether someone has admin permissions and whether they are
|
||||
// an admin for a specific resource could be separated
|
||||
|
@ -66,7 +70,7 @@ export function hasAppCreatorPermissions(user?: User | ContextUser): boolean {
|
|||
return _.flow(
|
||||
_.get("roles"),
|
||||
_.values,
|
||||
_.find(x => ["CREATOR", "ADMIN"].includes(x)),
|
||||
_.find(x => x === "CREATOR"),
|
||||
x => !!x
|
||||
)(user)
|
||||
}
|
||||
|
@ -76,7 +80,11 @@ export function hasBuilderPermissions(user?: User | ContextUser): boolean {
|
|||
if (!user) {
|
||||
return false
|
||||
}
|
||||
return user.builder?.global || hasAppBuilderPermissions(user)
|
||||
return (
|
||||
user.builder?.global ||
|
||||
hasAppBuilderPermissions(user) ||
|
||||
hasCreatorPermissions(user)
|
||||
)
|
||||
}
|
||||
|
||||
// checks if a user is capable of being an admin
|
||||
|
@ -87,13 +95,21 @@ export function hasAdminPermissions(user?: User | ContextUser): boolean {
|
|||
return !!user.admin?.global
|
||||
}
|
||||
|
||||
export function hasCreatorPermissions(user?: User | ContextUser): boolean {
|
||||
if (!user) {
|
||||
return false
|
||||
}
|
||||
return !!user.builder?.creator
|
||||
}
|
||||
|
||||
export function isCreator(user?: User | ContextUser): boolean {
|
||||
if (!user) {
|
||||
return false
|
||||
}
|
||||
return (
|
||||
isGlobalBuilder(user) ||
|
||||
isGlobalBuilder(user!) ||
|
||||
hasAdminPermissions(user) ||
|
||||
hasCreatorPermissions(user) ||
|
||||
hasAppBuilderPermissions(user) ||
|
||||
hasAppCreatorPermissions(user)
|
||||
)
|
||||
|
|
|
@ -44,6 +44,7 @@ export interface User extends Document {
|
|||
builder?: {
|
||||
global?: boolean
|
||||
apps?: string[]
|
||||
creator?: boolean
|
||||
}
|
||||
admin?: {
|
||||
global: boolean
|
||||
|
|
|
@ -13,6 +13,7 @@ export enum PermissionType {
|
|||
AUTOMATION = "automation",
|
||||
WEBHOOK = "webhook",
|
||||
BUILDER = "builder",
|
||||
CREATOR = "creator",
|
||||
GLOBAL_BUILDER = "globalBuilder",
|
||||
QUERY = "query",
|
||||
VIEW = "view",
|
||||
|
|
|
@ -51,10 +51,22 @@ export async function removeAppRole(ctx: Ctx) {
|
|||
const users = await sdk.users.db.allUsers()
|
||||
const bulk = []
|
||||
const cacheInvalidations = []
|
||||
const prodAppId = dbCore.getProdAppID(appId)
|
||||
for (let user of users) {
|
||||
if (user.roles[appId]) {
|
||||
cacheInvalidations.push(cache.user.invalidateUser(user._id))
|
||||
delete user.roles[appId]
|
||||
let updated = false
|
||||
if (user.roles[prodAppId]) {
|
||||
cacheInvalidations.push(cache.user.invalidateUser(user._id!))
|
||||
delete user.roles[prodAppId]
|
||||
updated = true
|
||||
}
|
||||
if (user.builder && Array.isArray(user.builder?.apps)) {
|
||||
const idx = user.builder.apps.indexOf(prodAppId)
|
||||
if (idx !== -1) {
|
||||
user.builder.apps.splice(idx, 1)
|
||||
updated = true
|
||||
}
|
||||
}
|
||||
if (updated) {
|
||||
bulk.push(user)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue