Updating permissions to allow roles other than builder/admin to use apps properly.

This commit is contained in:
mike12345567 2021-05-27 14:53:41 +01:00
parent c311bae7b9
commit bc6660fd0e
4 changed files with 12 additions and 11 deletions

View File

@ -17,7 +17,6 @@ const PermissionTypes = {
BUILDER: "builder",
VIEW: "view",
QUERY: "query",
APP: "app",
}
function Permission(type, level) {
@ -87,7 +86,6 @@ const BUILTIN_PERMISSIONS = {
new Permission(PermissionTypes.QUERY, PermissionLevels.READ),
new Permission(PermissionTypes.TABLE, PermissionLevels.READ),
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
new Permission(PermissionTypes.APP, PermissionLevels.READ),
],
},
WRITE: {
@ -120,7 +118,6 @@ const BUILTIN_PERMISSIONS = {
new Permission(PermissionTypes.VIEW, PermissionLevels.ADMIN),
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
new Permission(PermissionTypes.QUERY, PermissionLevels.ADMIN),
new Permission(PermissionTypes.APP, PermissionLevels.ADMIN),
],
},
}

View File

@ -1,16 +1,15 @@
const Router = require("@koa/router")
const controller = require("../controllers/application")
const authorized = require("../../middleware/authorized")
const { BUILDER, PermissionTypes, PermissionLevels } = require("@budibase/auth/permissions")
const { BUILDER } = require("@budibase/auth/permissions")
const router = Router()
router
.get("/api/applications/:appId/definition", controller.fetchAppDefinition)
.get("/api/applications", authorized(PermissionTypes.APP, PermissionLevels.READ), controller.fetch)
.get("/api/applications", controller.fetch)
.get(
"/api/applications/:appId/appPackage",
authorized(PermissionTypes.APP, PermissionLevels.READ),
controller.fetchAppPackage
)
.put("/api/applications/:appId", authorized(BUILDER), controller.update)

View File

@ -1,7 +1,7 @@
const { getAppId, setCookie, getCookie } = require("@budibase/auth").utils
const { Cookies } = require("@budibase/auth").constants
const { getRole } = require("@budibase/auth/roles")
const { getGlobalUsers } = require("../utilities/workerRequests")
const { getGlobalUsers, getGlobalSelf } = require("../utilities/workerRequests")
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
const { generateUserMetadataID } = require("../db/utils")
@ -25,10 +25,11 @@ module.exports = async (ctx, next) => {
requestAppId != null &&
(appCookie == null ||
requestAppId !== appCookie.appId ||
appCookie.roleId === BUILTIN_ROLE_IDS.PUBLIC)
appCookie.roleId === BUILTIN_ROLE_IDS.PUBLIC ||
!appCookie.roleId)
) {
// Different App ID means cookie needs reset, or if the same public user has logged in
const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user._id)
const globalUser = await getGlobalSelf(ctx, requestAppId)
updateCookie = true
appId = requestAppId
// retrieving global user gets the right role
@ -51,6 +52,7 @@ module.exports = async (ctx, next) => {
// override userID with metadata one
_id: userId,
userId,
roleId,
role: await getRole(appId, roleId),
}
}

View File

@ -119,16 +119,19 @@ exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {
return users
}
exports.getGlobalSelf = async ctx => {
exports.getGlobalSelf = async (ctx, appId = null) => {
const endpoint = `/api/admin/users/self`
const response = await fetch(
checkSlashesInUrl(env.WORKER_URL + endpoint),
request(ctx, { method: "GET" })
)
const json = await response.json()
let json = await response.json()
if (json.status !== 200 && response.status !== 200) {
ctx.throw(400, "Unable to get self globally.")
}
if (appId) {
json = getAppRole(appId, json)
}
return json
}