merge with develop

This commit is contained in:
Martin McKeaveney 2021-09-27 16:37:55 +01:00
commit 9bbb230aa6
18 changed files with 146 additions and 69 deletions

View File

@ -1,5 +1,5 @@
{ {
"version": "0.9.140-alpha.11", "version": "0.9.140-alpha.12",
"npmClient": "yarn", "npmClient": "yarn",
"packages": [ "packages": [
"packages/*" "packages/*"

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/auth", "name": "@budibase/auth",
"version": "0.9.140-alpha.11", "version": "0.9.140-alpha.12",
"description": "Authentication middlewares for budibase builder and apps", "description": "Authentication middlewares for budibase builder and apps",
"main": "src/index.js", "main": "src/index.js",
"author": "Budibase", "author": "Budibase",

View File

@ -139,8 +139,7 @@ exports.doesHaveResourcePermission = (
// set foundSub to not subResourceId, incase there is no subResource // set foundSub to not subResourceId, incase there is no subResource
let foundMain = false, let foundMain = false,
foundSub = false foundSub = false
for (let [resource, level] of Object.entries(permissions)) { for (let [resource, levels] of Object.entries(permissions)) {
const levels = getAllowedLevels(level)
if (resource === resourceId && levels.indexOf(permLevel) !== -1) { if (resource === resourceId && levels.indexOf(permLevel) !== -1) {
foundMain = true foundMain = true
} }
@ -177,10 +176,6 @@ exports.doesHaveBasePermission = (permType, permLevel, permissionIds) => {
return false return false
} }
exports.higherPermission = (perm1, perm2) => {
return levelToNumber(perm1) > levelToNumber(perm2) ? perm1 : perm2
}
exports.isPermissionLevelHigherThanRead = level => { exports.isPermissionLevelHigherThanRead = level => {
return levelToNumber(level) > 1 return levelToNumber(level) > 1
} }

View File

@ -1,6 +1,6 @@
const { getDB } = require("../db") const { getDB } = require("../db")
const { cloneDeep } = require("lodash/fp") const { cloneDeep } = require("lodash/fp")
const { BUILTIN_PERMISSION_IDS, higherPermission } = require("./permissions") const { BUILTIN_PERMISSION_IDS } = require("./permissions")
const { const {
generateRoleID, generateRoleID,
getRoleParams, getRoleParams,
@ -193,8 +193,17 @@ exports.getUserPermissions = async (appId, userRoleId) => {
const permissions = {} const permissions = {}
for (let role of rolesHierarchy) { for (let role of rolesHierarchy) {
if (role.permissions) { if (role.permissions) {
for (let [resource, level] of Object.entries(role.permissions)) { for (let [resource, levels] of Object.entries(role.permissions)) {
permissions[resource] = higherPermission(permissions[resource], level) if (!permissions[resource]) {
permissions[resource] = []
}
const permsSet = new Set(permissions[resource])
if (Array.isArray(levels)) {
levels.forEach(level => permsSet.add(level))
} else {
permsSet.add(levels)
}
permissions[resource] = [...permsSet]
} }
} }
} }

View File

@ -1,7 +1,7 @@
{ {
"name": "@budibase/bbui", "name": "@budibase/bbui",
"description": "A UI solution used in the different Budibase projects.", "description": "A UI solution used in the different Budibase projects.",
"version": "0.9.140-alpha.11", "version": "0.9.140-alpha.12",
"license": "AGPL-3.0", "license": "AGPL-3.0",
"svelte": "src/index.js", "svelte": "src/index.js",
"module": "dist/bbui.es.js", "module": "dist/bbui.es.js",

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/builder", "name": "@budibase/builder",
"version": "0.9.140-alpha.11", "version": "0.9.140-alpha.12",
"license": "AGPL-3.0", "license": "AGPL-3.0",
"private": true, "private": true,
"scripts": { "scripts": {
@ -65,10 +65,10 @@
} }
}, },
"dependencies": { "dependencies": {
"@budibase/bbui": "^0.9.140-alpha.11", "@budibase/bbui": "^0.9.140-alpha.12",
"@budibase/client": "^0.9.140-alpha.11", "@budibase/client": "^0.9.140-alpha.12",
"@budibase/colorpicker": "1.1.2", "@budibase/colorpicker": "1.1.2",
"@budibase/string-templates": "^0.9.140-alpha.11", "@budibase/string-templates": "^0.9.140-alpha.12",
"@sentry/browser": "5.19.1", "@sentry/browser": "5.19.1",
"@spectrum-css/page": "^3.0.1", "@spectrum-css/page": "^3.0.1",
"@spectrum-css/vars": "^3.0.1", "@spectrum-css/vars": "^3.0.1",

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/cli", "name": "@budibase/cli",
"version": "0.9.140-alpha.11", "version": "0.9.140-alpha.12",
"description": "Budibase CLI, for developers, self hosting and migrations.", "description": "Budibase CLI, for developers, self hosting and migrations.",
"main": "src/index.js", "main": "src/index.js",
"bin": { "bin": {

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/client", "name": "@budibase/client",
"version": "0.9.140-alpha.11", "version": "0.9.140-alpha.12",
"license": "MPL-2.0", "license": "MPL-2.0",
"module": "dist/budibase-client.js", "module": "dist/budibase-client.js",
"main": "dist/budibase-client.js", "main": "dist/budibase-client.js",
@ -19,9 +19,9 @@
"dev:builder": "rollup -cw" "dev:builder": "rollup -cw"
}, },
"dependencies": { "dependencies": {
"@budibase/bbui": "^0.9.140-alpha.11", "@budibase/bbui": "^0.9.140-alpha.12",
"@budibase/standard-components": "^0.9.139", "@budibase/standard-components": "^0.9.139",
"@budibase/string-templates": "^0.9.140-alpha.11", "@budibase/string-templates": "^0.9.140-alpha.12",
"regexparam": "^1.3.0", "regexparam": "^1.3.0",
"shortid": "^2.2.15", "shortid": "^2.2.15",
"svelte-spa-router": "^3.0.5" "svelte-spa-router": "^3.0.5"

View File

@ -1,7 +1,7 @@
{ {
"name": "@budibase/server", "name": "@budibase/server",
"email": "hi@budibase.com", "email": "hi@budibase.com",
"version": "0.9.140-alpha.11", "version": "0.9.140-alpha.12",
"description": "Budibase Web Server", "description": "Budibase Web Server",
"main": "src/index.js", "main": "src/index.js",
"repository": { "repository": {
@ -62,9 +62,9 @@
"author": "Budibase", "author": "Budibase",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"dependencies": { "dependencies": {
"@budibase/auth": "^0.9.140-alpha.11", "@budibase/auth": "^0.9.140-alpha.12",
"@budibase/client": "^0.9.140-alpha.11", "@budibase/client": "^0.9.140-alpha.12",
"@budibase/string-templates": "^0.9.140-alpha.11", "@budibase/string-templates": "^0.9.140-alpha.12",
"@elastic/elasticsearch": "7.10.0", "@elastic/elasticsearch": "7.10.0",
"@koa/router": "8.0.0", "@koa/router": "8.0.0",
"@sendgrid/mail": "7.1.1", "@sendgrid/mail": "7.1.1",

View File

@ -0,0 +1,28 @@
version: "3.8"
services:
db:
container_name: postgres-json
image: postgres
restart: always
environment:
POSTGRES_USER: root
POSTGRES_PASSWORD: root
POSTGRES_DB: main
ports:
- "5432:5432"
volumes:
#- pg_data:/var/lib/postgresql/data/
- ./init.sql:/docker-entrypoint-initdb.d/init.sql
pgadmin:
container_name: pgadmin-json
image: dpage/pgadmin4
restart: always
environment:
PGADMIN_DEFAULT_EMAIL: root@root.com
PGADMIN_DEFAULT_PASSWORD: root
ports:
- "5050:80"
#volumes:
# pg_data:

View File

@ -0,0 +1,22 @@
SELECT 'CREATE DATABASE main'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'main')\gexec
CREATE TABLE jsonTable (
id character varying(32),
data jsonb,
text text
);
INSERT INTO jsonTable (id, data) VALUES ('1', '{"id": 1, "age": 1, "name": "Mike", "newline": "this is text with a\n newline in it"}');
CREATE VIEW jsonView AS SELECT
x.id,
x.age,
x.name,
x.newline
FROM
jsonTable c,
LATERAL jsonb_to_record(c.data) x (id character varying(32),
age BIGINT,
name TEXT,
newline TEXT
);

View File

@ -0,0 +1,3 @@
#!/bin/bash
docker-compose down
docker volume prune -f

View File

@ -1,9 +1,4 @@
const { const { getBuiltinPermissions } = require("@budibase/auth/permissions")
getBuiltinPermissions,
PermissionLevels,
isPermissionLevelHigherThanRead,
higherPermission,
} = require("@budibase/auth/permissions")
const { const {
isBuiltin, isBuiltin,
getDBRoleID, getDBRoleID,
@ -16,6 +11,7 @@ const {
CURRENTLY_SUPPORTED_LEVELS, CURRENTLY_SUPPORTED_LEVELS,
getBasePermissions, getBasePermissions,
} = require("../../utilities/security") } = require("../../utilities/security")
const { removeFromArray } = require("../../utilities")
const PermissionUpdateType = { const PermissionUpdateType = {
REMOVE: "remove", REMOVE: "remove",
@ -24,22 +20,6 @@ const PermissionUpdateType = {
const SUPPORTED_LEVELS = CURRENTLY_SUPPORTED_LEVELS const SUPPORTED_LEVELS = CURRENTLY_SUPPORTED_LEVELS
// quick function to perform a bit of weird logic, make sure fetch calls
// always say a write role also has read permission
function fetchLevelPerms(permissions, level, roleId) {
if (!permissions) {
permissions = {}
}
permissions[level] = roleId
if (
isPermissionLevelHigherThanRead(level) &&
!permissions[PermissionLevels.READ]
) {
permissions[PermissionLevels.READ] = roleId
}
return permissions
}
// utility function to stop this repetition - permissions always stored under roles // utility function to stop this repetition - permissions always stored under roles
async function getAllDBRoles(db) { async function getAllDBRoles(db) {
const body = await db.allDocs( const body = await db.allDocs(
@ -74,23 +54,31 @@ async function updatePermissionOnRole(
for (let role of dbRoles) { for (let role of dbRoles) {
let updated = false let updated = false
const rolePermissions = role.permissions ? role.permissions : {} const rolePermissions = role.permissions ? role.permissions : {}
// make sure its an array, also handle migrating
if (
!rolePermissions[resourceId] ||
!Array.isArray(rolePermissions[resourceId])
) {
rolePermissions[resourceId] =
typeof rolePermissions[resourceId] === "string"
? [rolePermissions[resourceId]]
: []
}
// handle the removal/updating the role which has this permission first // handle the removal/updating the role which has this permission first
// the updating (role._id !== dbRoleId) is required because a resource/level can // the updating (role._id !== dbRoleId) is required because a resource/level can
// only be permitted in a single role (this reduces hierarchy confusion and simplifies // only be permitted in a single role (this reduces hierarchy confusion and simplifies
// the general UI for this, rather than needing to show everywhere it is used) // the general UI for this, rather than needing to show everywhere it is used)
if ( if (
(role._id !== dbRoleId || remove) && (role._id !== dbRoleId || remove) &&
rolePermissions[resourceId] === level rolePermissions[resourceId].indexOf(level) !== -1
) { ) {
delete rolePermissions[resourceId] removeFromArray(rolePermissions[resourceId], level)
updated = true updated = true
} }
// handle the adding, we're on the correct role, at it to this // handle the adding, we're on the correct role, at it to this
if (!remove && role._id === dbRoleId) { if (!remove && role._id === dbRoleId) {
rolePermissions[resourceId] = higherPermission( const set = new Set(rolePermissions[resourceId])
rolePermissions[resourceId], rolePermissions[resourceId] = [...set.add(level)]
level
)
updated = true updated = true
} }
// handle the update, add it to bulk docs to perform at end // handle the update, add it to bulk docs to perform at end
@ -127,12 +115,11 @@ exports.fetch = async function (ctx) {
continue continue
} }
const roleId = getExternalRoleID(role._id) const roleId = getExternalRoleID(role._id)
for (let [resource, level] of Object.entries(role.permissions)) { for (let [resource, levelArr] of Object.entries(role.permissions)) {
permissions[resource] = fetchLevelPerms( const levels = Array.isArray(levelArr) ? [levelArr] : levelArr
permissions[resource], const perms = {}
level, levels.forEach(level => (perms[level] = roleId))
roleId permissions[resource] = perms
)
} }
} }
// apply the base permissions // apply the base permissions
@ -157,12 +144,13 @@ exports.getResourcePerms = async function (ctx) {
for (let level of SUPPORTED_LEVELS) { for (let level of SUPPORTED_LEVELS) {
// update the various roleIds in the resource permissions // update the various roleIds in the resource permissions
for (let role of roles) { for (let role of roles) {
if (role.permissions && role.permissions[resourceId] === level) { const rolePerms = role.permissions
permissions = fetchLevelPerms( if (
permissions, rolePerms &&
level, (rolePerms[resourceId] === level ||
getExternalRoleID(role._id) rolePerms[resourceId].indexOf(level) !== -1)
) ) {
permissions[level] = getExternalRoleID(role._id)
} }
} }
} }

View File

@ -72,7 +72,7 @@ describe("/roles", () => {
.expect(200) .expect(200)
expect(res.body.length).toBeGreaterThan(0) expect(res.body.length).toBeGreaterThan(0)
const power = res.body.find(role => role._id === BUILTIN_ROLE_IDS.POWER) const power = res.body.find(role => role._id === BUILTIN_ROLE_IDS.POWER)
expect(power.permissions[table._id]).toEqual("read") expect(power.permissions[table._id]).toEqual(["read"])
}) })
}) })

View File

@ -17,6 +17,9 @@ module PostgresModule {
convertType, convertType,
copyExistingPropsOver, copyExistingPropsOver,
} = require("./utils") } = require("./utils")
const { escapeDangerousCharacters } = require("../utilities")
const JSON_REGEX = /'{.*}'::json/s
interface PostgresConfig { interface PostgresConfig {
host: string host: string
@ -98,6 +101,17 @@ module PostgresModule {
} }
async function internalQuery(client: any, query: SqlQuery) { async function internalQuery(client: any, query: SqlQuery) {
// need to handle a specific issue with json data types in postgres,
// new lines inside the JSON data will break it
if (query && query.sql) {
const matches = query.sql.match(JSON_REGEX)
if (matches && matches.length > 0) {
for (let match of matches) {
const escaped = escapeDangerousCharacters(match)
query.sql = query.sql.replace(match, escaped)
}
}
}
try { try {
return await client.query(query.sql, query.bindings || []) return await client.query(query.sql, query.bindings || [])
} catch (err) { } catch (err) {

View File

@ -10,6 +10,14 @@ exports.wait = ms => new Promise(resolve => setTimeout(resolve, ms))
exports.isDev = env.isDev exports.isDev = env.isDev
exports.removeFromArray = (array, element) => {
const index = array.indexOf(element)
if (index !== -1) {
array.splice(index, 1)
}
return array
}
/** /**
* Makes sure that a URL has the correct number of slashes, while maintaining the * Makes sure that a URL has the correct number of slashes, while maintaining the
* http(s):// double slashes. * http(s):// double slashes.
@ -106,3 +114,13 @@ exports.deleteEntityMetadata = async (appId, type, entityId) => {
await db.remove(id, rev) await db.remove(id, rev)
} }
} }
exports.escapeDangerousCharacters = string => {
return string
.replace(/[\\]/g, "\\\\")
.replace(/[\b]/g, "\\b")
.replace(/[\f]/g, "\\f")
.replace(/[\n]/g, "\\n")
.replace(/[\r]/g, "\\r")
.replace(/[\t]/g, "\\t")
}

View File

@ -1,6 +1,6 @@
{ {
"name": "@budibase/string-templates", "name": "@budibase/string-templates",
"version": "0.9.140-alpha.11", "version": "0.9.140-alpha.12",
"description": "Handlebars wrapper for Budibase templating.", "description": "Handlebars wrapper for Budibase templating.",
"main": "src/index.cjs", "main": "src/index.cjs",
"module": "dist/bundle.mjs", "module": "dist/bundle.mjs",

View File

@ -1,7 +1,7 @@
{ {
"name": "@budibase/worker", "name": "@budibase/worker",
"email": "hi@budibase.com", "email": "hi@budibase.com",
"version": "0.9.140-alpha.11", "version": "0.9.140-alpha.12",
"description": "Budibase background service", "description": "Budibase background service",
"main": "src/index.js", "main": "src/index.js",
"repository": { "repository": {
@ -25,8 +25,8 @@
"author": "Budibase", "author": "Budibase",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"dependencies": { "dependencies": {
"@budibase/auth": "^0.9.140-alpha.11", "@budibase/auth": "^0.9.140-alpha.12",
"@budibase/string-templates": "^0.9.140-alpha.11", "@budibase/string-templates": "^0.9.140-alpha.12",
"@koa/router": "^8.0.0", "@koa/router": "^8.0.0",
"@techpass/passport-openidconnect": "^0.3.0", "@techpass/passport-openidconnect": "^0.3.0",
"aws-sdk": "^2.811.0", "aws-sdk": "^2.811.0",