Updating permissions to allow roles other than builder/admin to use apps properly.
This commit is contained in:
parent
88b31d7406
commit
aab11fa932
|
@ -17,7 +17,6 @@ const PermissionTypes = {
|
|||
BUILDER: "builder",
|
||||
VIEW: "view",
|
||||
QUERY: "query",
|
||||
APP: "app",
|
||||
}
|
||||
|
||||
function Permission(type, level) {
|
||||
|
@ -87,7 +86,6 @@ const BUILTIN_PERMISSIONS = {
|
|||
new Permission(PermissionTypes.QUERY, PermissionLevels.READ),
|
||||
new Permission(PermissionTypes.TABLE, PermissionLevels.READ),
|
||||
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
|
||||
new Permission(PermissionTypes.APP, PermissionLevels.READ),
|
||||
],
|
||||
},
|
||||
WRITE: {
|
||||
|
@ -120,7 +118,6 @@ const BUILTIN_PERMISSIONS = {
|
|||
new Permission(PermissionTypes.VIEW, PermissionLevels.ADMIN),
|
||||
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
|
||||
new Permission(PermissionTypes.QUERY, PermissionLevels.ADMIN),
|
||||
new Permission(PermissionTypes.APP, PermissionLevels.ADMIN),
|
||||
],
|
||||
},
|
||||
}
|
||||
|
|
|
@ -1,16 +1,15 @@
|
|||
const Router = require("@koa/router")
|
||||
const controller = require("../controllers/application")
|
||||
const authorized = require("../../middleware/authorized")
|
||||
const { BUILDER, PermissionTypes, PermissionLevels } = require("@budibase/auth/permissions")
|
||||
const { BUILDER } = require("@budibase/auth/permissions")
|
||||
|
||||
const router = Router()
|
||||
|
||||
router
|
||||
.get("/api/applications/:appId/definition", controller.fetchAppDefinition)
|
||||
.get("/api/applications", authorized(PermissionTypes.APP, PermissionLevels.READ), controller.fetch)
|
||||
.get("/api/applications", controller.fetch)
|
||||
.get(
|
||||
"/api/applications/:appId/appPackage",
|
||||
authorized(PermissionTypes.APP, PermissionLevels.READ),
|
||||
controller.fetchAppPackage
|
||||
)
|
||||
.put("/api/applications/:appId", authorized(BUILDER), controller.update)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
const { getAppId, setCookie, getCookie } = require("@budibase/auth").utils
|
||||
const { Cookies } = require("@budibase/auth").constants
|
||||
const { getRole } = require("@budibase/auth/roles")
|
||||
const { getGlobalUsers } = require("../utilities/workerRequests")
|
||||
const { getGlobalUsers, getGlobalSelf } = require("../utilities/workerRequests")
|
||||
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
|
||||
const { generateUserMetadataID } = require("../db/utils")
|
||||
|
||||
|
@ -25,10 +25,11 @@ module.exports = async (ctx, next) => {
|
|||
requestAppId != null &&
|
||||
(appCookie == null ||
|
||||
requestAppId !== appCookie.appId ||
|
||||
appCookie.roleId === BUILTIN_ROLE_IDS.PUBLIC)
|
||||
appCookie.roleId === BUILTIN_ROLE_IDS.PUBLIC ||
|
||||
!appCookie.roleId)
|
||||
) {
|
||||
// Different App ID means cookie needs reset, or if the same public user has logged in
|
||||
const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user._id)
|
||||
const globalUser = await getGlobalSelf(ctx, requestAppId)
|
||||
updateCookie = true
|
||||
appId = requestAppId
|
||||
// retrieving global user gets the right role
|
||||
|
@ -51,6 +52,7 @@ module.exports = async (ctx, next) => {
|
|||
// override userID with metadata one
|
||||
_id: userId,
|
||||
userId,
|
||||
roleId,
|
||||
role: await getRole(appId, roleId),
|
||||
}
|
||||
}
|
||||
|
|
|
@ -119,16 +119,19 @@ exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {
|
|||
return users
|
||||
}
|
||||
|
||||
exports.getGlobalSelf = async ctx => {
|
||||
exports.getGlobalSelf = async (ctx, appId = null) => {
|
||||
const endpoint = `/api/admin/users/self`
|
||||
const response = await fetch(
|
||||
checkSlashesInUrl(env.WORKER_URL + endpoint),
|
||||
request(ctx, { method: "GET" })
|
||||
)
|
||||
const json = await response.json()
|
||||
let json = await response.json()
|
||||
if (json.status !== 200 && response.status !== 200) {
|
||||
ctx.throw(400, "Unable to get self globally.")
|
||||
}
|
||||
if (appId) {
|
||||
json = getAppRole(appId, json)
|
||||
}
|
||||
return json
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue