Minor update to make use of new client header to state the request is from the client, not the builder.
This commit is contained in:
parent
5bbc99ef18
commit
a16063b11f
|
@ -62,11 +62,10 @@ exports.fetch = async ctx => {
|
|||
|
||||
exports.clientFetch = async ctx => {
|
||||
const routing = await getRoutingStructure(ctx.appId)
|
||||
const accessLevelId = ctx.user.accessLevel._id
|
||||
let accessLevelId = ctx.user.accessLevel._id
|
||||
// builder is a special case, always return the full routing structure
|
||||
if (accessLevelId === BUILTIN_LEVEL_IDS.BUILDER) {
|
||||
ctx.body = routing
|
||||
return
|
||||
accessLevelId = BUILTIN_LEVEL_IDS.ADMIN
|
||||
}
|
||||
const accessLevelIds = await getUserAccessLevelHierarchy(
|
||||
ctx.appId,
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
const jwt = require("jsonwebtoken")
|
||||
const STATUS_CODES = require("../utilities/statusCodes")
|
||||
const { getAccessLevel } = require("../utilities/security/accessLevels")
|
||||
const { getAccessLevel, BUILTIN_LEVELS } = require("../utilities/security/accessLevels")
|
||||
const env = require("../environment")
|
||||
const { AuthTypes } = require("../constants")
|
||||
const { getAppId, getCookieName, setCookie } = require("../utilities")
|
||||
const { getAppId, getCookieName, setCookie, isClient } = require("../utilities")
|
||||
|
||||
module.exports = async (ctx, next) => {
|
||||
if (ctx.path === "/_builder") {
|
||||
|
@ -21,17 +21,13 @@ module.exports = async (ctx, next) => {
|
|||
appId = cookieAppId
|
||||
}
|
||||
|
||||
const appToken = ctx.cookies.get(getCookieName(appId))
|
||||
const builderToken = ctx.cookies.get(getCookieName())
|
||||
|
||||
let token
|
||||
// if running locally in the builder itself
|
||||
if (!env.CLOUD && !appToken) {
|
||||
token = builderToken
|
||||
ctx.auth.authenticated = AuthTypes.BUILDER
|
||||
} else {
|
||||
token = appToken
|
||||
if (isClient(ctx)) {
|
||||
ctx.auth.authenticated = AuthTypes.APP
|
||||
token = ctx.cookies.get(getCookieName(appId))
|
||||
} else {
|
||||
ctx.auth.authenticated = AuthTypes.BUILDER
|
||||
token = ctx.cookies.get(getCookieName())
|
||||
}
|
||||
|
||||
if (!token) {
|
||||
|
@ -39,6 +35,7 @@ module.exports = async (ctx, next) => {
|
|||
ctx.appId = appId
|
||||
ctx.user = {
|
||||
appId,
|
||||
accessLevel: BUILTIN_LEVELS.PUBLIC,
|
||||
}
|
||||
await next()
|
||||
return
|
||||
|
|
|
@ -70,3 +70,7 @@ exports.setCookie = (ctx, name, value) => {
|
|||
overwrite: true,
|
||||
})
|
||||
}
|
||||
|
||||
exports.isClient = ctx => {
|
||||
return ctx.headers["x-budibase-type"] === "client"
|
||||
}
|
||||
|
|
|
@ -21,7 +21,7 @@ exports.BUILTIN_LEVELS = {
|
|||
ADMIN: new AccessLevel(BUILTIN_IDS.ADMIN, "Admin", BUILTIN_IDS.POWER),
|
||||
POWER: new AccessLevel(BUILTIN_IDS.POWER, "Power", BUILTIN_IDS.BASIC),
|
||||
BASIC: new AccessLevel(BUILTIN_IDS.BASIC, "Basic", BUILTIN_IDS.PUBLIC),
|
||||
ANON: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
|
||||
PUBLIC: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
|
||||
BUILDER: new AccessLevel(BUILTIN_IDS.BUILDER, "Builder"),
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue