Fix for #1710 - don't allow setting setting info from within apps and making the user portal a bit more clear about builders being global admins.

This commit is contained in:
mike12345567 2021-06-14 15:23:24 +01:00
parent afcab1af1b
commit b0bb2a23db
3 changed files with 18 additions and 12 deletions

View File

@ -104,6 +104,7 @@
options={$roles} options={$roles}
getOptionLabel={role => role.name} getOptionLabel={role => role.name}
getOptionValue={role => role._id} getOptionValue={role => role._id}
disabled={!creating}
/> />
{#each customSchemaKeys as [key, meta]} {#each customSchemaKeys as [key, meta]}
{#if !meta.autocolumn} {#if !meta.autocolumn}

View File

@ -33,12 +33,17 @@
role: {}, role: {},
} }
$: defaultRoleId = $userFetch?.data?.builder?.global ? "ADMIN" : ""
$: console.log(defaultRoleId)
// Merge the Apps list and the roles response to get something that makes sense for the table // Merge the Apps list and the roles response to get something that makes sense for the table
$: appList = Object.keys($apps?.data).map(id => ({ $: appList = Object.keys($apps?.data).map(id => {
...$apps?.data?.[id], const role = $userFetch?.data?.roles?.[id] || defaultRoleId
_id: id, return {
role: [$userFetch?.data?.roles?.[id]], ...$apps?.data?.[id],
})) _id: id,
role: [role],
}
})
let selectedApp let selectedApp
const userFetch = fetchData(`/api/admin/users/${userId}`) const userFetch = fetchData(`/api/admin/users/${userId}`)

View File

@ -12,14 +12,14 @@ exports.updateAppRole = (appId, user) => {
if (!user.roles) { if (!user.roles) {
return user return user
} }
if (user.builder && user.builder.global) {
// always use the deployed app
user.roleId = user.roles[getDeployedAppID(appId)]
// if a role wasn't found then either set as admin (builder) or public (everyone else)
if (!user.roleId && user.builder && user.builder.global) {
user.roleId = BUILTIN_ROLE_IDS.ADMIN user.roleId = BUILTIN_ROLE_IDS.ADMIN
} else { } else if (!user.roleId) {
// always use the deployed app user.roleId = BUILTIN_ROLE_IDS.PUBLIC
user.roleId = user.roles[getDeployedAppID(appId)]
if (!user.roleId) {
user.roleId = BUILTIN_ROLE_IDS.PUBLIC
}
} }
delete user.roles delete user.roles
return user return user