Merge branch 'master' into feature/add-buttongroup-to-formblock

2023-12-05 15:13:17 +00:00 · 2023-12-05 15:13:17 +00:00 · a384956d29
parent 79bc945fb7 7ef09b6fec
commit a384956d29
4 changed files with 45 additions and 33 deletions
--- a/packages/backend-core/src/tenancy/tenancy.ts
+++ b/packages/backend-core/src/tenancy/tenancy.ts
@ -93,11 +93,19 @@ export const getTenantIDFromCtx = (
  // subdomain
  if (isAllowed(TenantResolutionStrategy.SUBDOMAIN)) {
    // e.g. budibase.app or local.com:10000
-    const platformHost = new URL(getPlatformURL()).host.split(":")[0]
+    let platformHost
+    try {
+      platformHost = new URL(getPlatformURL()).host.split(":")[0]
+    } catch (err: any) {
+      // if invalid URL, just don't try to process subdomain
+      if (err.code !== "ERR_INVALID_URL") {
+        throw err
+      }
+    }
    // e.g. tenant.budibase.app or tenant.local.com
    const requestHost = ctx.host
    // parse the tenant id from the difference
-    if (requestHost.includes(platformHost)) {
+    if (platformHost && requestHost.includes(platformHost)) {
      const tenantId = requestHost.substring(
        0,
        requestHost.indexOf(`.${platformHost}`)
--- a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
+++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
@ -307,12 +307,6 @@
      dispatch("updatecolumns")
      gridDispatch("close-edit-column")

-      if (saveColumn.type === LINK_TYPE) {
-        // Fetching the new tables
-        tables.fetch()
-        // Fetching the new relationships
-        datasources.fetch()
-      }
      if (originalName) {
        notifications.success("Column updated successfully")
      } else {
@ -339,11 +333,6 @@
        confirmDeleteDialog.hide()
        dispatch("updatecolumns")
        gridDispatch("close-edit-column")
-
-        if (editableColumn.type === LINK_TYPE) {
-          // Updating the relationships
-          datasources.fetch()
-        }
      }
    } catch (error) {
      notifications.error(`Error deleting column: ${error.message}`)
--- a/packages/builder/src/stores/backend/tables.js
+++ b/packages/builder/src/stores/backend/tables.js
@ -81,13 +81,21 @@ export function createTablesStore() {
    replaceTable(savedTable._id, savedTable)
    select(savedTable._id)
    // make sure tables up to date (related)
-    let tableIdsToFetch = []
+    let newTableIds = []
    for (let column of Object.values(updatedTable?.schema || {})) {
      if (column.type === FIELDS.LINK.type) {
-        tableIdsToFetch.push(column.tableId)
+        newTableIds.push(column.tableId)
      }
    }
-    tableIdsToFetch = [...new Set(tableIdsToFetch)]
+
+    let oldTableIds = []
+    for (let column of Object.values(oldTable?.schema || {})) {
+      if (column.type === FIELDS.LINK.type) {
+        oldTableIds.push(column.tableId)
+      }
+    }
+
+    const tableIdsToFetch = [...new Set([...newTableIds, ...oldTableIds])]
    // too many tables to fetch, just get all
    if (tableIdsToFetch.length > 3) {
      await fetch()
--- a/packages/server/src/middleware/currentapp.ts
+++ b/packages/server/src/middleware/currentapp.ts
@ -5,6 +5,7 @@ import {
  tenancy,
  context,
  users,
+  auth,
 } from "@budibase/backend-core"
 import { generateUserMetadataID, isDevAppID } from "../db/utils"
 import { getCachedSelf } from "../utilities/global"
@ -69,28 +70,34 @@ export default async (ctx: UserCtx, next: any) => {
    return next()
  }

-  return context.doInAppContext(appId, async () => {
-    // if the user not in the right tenant then make sure they have no permissions
-    // need to judge this only based on the request app ID,
-    if (
-      env.MULTI_TENANCY &&
-      ctx.user?._id &&
-      requestAppId &&
-      !tenancy.isUserInAppTenant(requestAppId, ctx.user)
-    ) {
-      // don't error, simply remove the users rights (they are a public user)
-      ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
-      ctx.isAuthenticated = false
-      roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
-    }
+  const userId = ctx.user ? generateUserMetadataID(ctx.user._id!) : undefined

+  // if the user is not in the right tenant then make sure to wipe their cookie
+  // also cleanse any information about them that has been allocated
+  // this avoids apps making calls to say the worker which are cross tenant,
+  // we simply remove the authentication
+  if (
+    env.MULTI_TENANCY &&
+    userId &&
+    requestAppId &&
+    !tenancy.isUserInAppTenant(requestAppId, ctx.user)
+  ) {
+    // clear out the user
+    ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
+    ctx.isAuthenticated = false
+    roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
+    // remove the cookie, so future calls are public
+    await auth.platformLogout({
+      ctx,
+      userId,
+    })
+  }
+
+  return context.doInAppContext(appId, async () => {
    ctx.appId = appId
    if (roleId) {
      ctx.roleId = roleId
      const globalId = ctx.user ? ctx.user._id : undefined
-      const userId = ctx.user
-        ? generateUserMetadataID(ctx.user._id!)
-        : undefined
      ctx.user = {
        ...ctx.user!,
        // override userID with metadata one