instanceid removal
This commit is contained in:
parent
f0ee729376
commit
bf14aa5ccb
|
@ -1,17 +1,17 @@
|
|||
const apiCall = method => async (url, body) => {
|
||||
const response = await fetch(url, {
|
||||
method: method,
|
||||
headers: {
|
||||
const apiCall = (method, instanceId) => async (url, body) => {
|
||||
const headers = {
|
||||
"Content-Type": "application/json",
|
||||
"x-user-agent": "Budibase Builder",
|
||||
},
|
||||
}
|
||||
if (instanceId) {
|
||||
headers["x-budibase-instanceid"] = instanceId
|
||||
}
|
||||
const response = await fetch(url, {
|
||||
method: method,
|
||||
body: body && JSON.stringify(body),
|
||||
headers,
|
||||
})
|
||||
|
||||
// if (response.status === 500) {
|
||||
// throw new Error("Server Error");
|
||||
// }
|
||||
|
||||
return response
|
||||
}
|
||||
|
||||
|
@ -21,10 +21,20 @@ export const patch = apiCall("PATCH")
|
|||
export const del = apiCall("DELETE")
|
||||
export const put = apiCall("PUT")
|
||||
|
||||
export default {
|
||||
post,
|
||||
get,
|
||||
patch,
|
||||
delete: del,
|
||||
put,
|
||||
}
|
||||
// usage: api(instanceId).post(...) ... will supply instance Id in header
|
||||
const api = instanceId => ({
|
||||
post: apiCall("POST", instanceId),
|
||||
get: apiCall("GET", instanceId),
|
||||
patch: apiCall("PATCH", instanceId),
|
||||
delete: apiCall("DELETE", instanceId),
|
||||
put: apiCall("PUT", instanceId),
|
||||
})
|
||||
|
||||
// usage: api.post(...)... will not supply instanceid in header
|
||||
api.post = apiCall("POST")
|
||||
api.get = apiCall("GET")
|
||||
api.patch = apiCall("PATCH")
|
||||
api.delete = apiCall("DELETE")
|
||||
api.put = apiCall("PUT")
|
||||
|
||||
export default api
|
||||
|
|
|
@ -24,8 +24,8 @@ export const getBackendUiStore = () => {
|
|||
store.actions = {
|
||||
database: {
|
||||
select: async db => {
|
||||
const modelsResponse = await api.get(`/api/${db._id}/models`)
|
||||
const viewsResponse = await api.get(`/api/${db._id}/views`)
|
||||
const modelsResponse = await api(db._id).get(`/api/models`)
|
||||
const viewsResponse = await api(db._id).get(`/api/views`)
|
||||
const models = await modelsResponse.json()
|
||||
const views = await viewsResponse.json()
|
||||
store.update(state => {
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
import { values } from "lodash/fp"
|
||||
import { backendUiStore } from "builderStore"
|
||||
import * as backendStoreActions from "./backend"
|
||||
import { writable, get } from "svelte/store"
|
||||
import api from "../api"
|
||||
|
@ -295,13 +294,10 @@ const addChildComponent = store => (componentToAdd, presetName) => {
|
|||
|
||||
const presetProps = presetName ? component.presets[presetName] : {}
|
||||
|
||||
const instanceId = get(backendUiStore).selectedDatabase._id
|
||||
|
||||
const newComponent = createProps(
|
||||
component,
|
||||
{
|
||||
...presetProps,
|
||||
_instanceId: instanceId,
|
||||
},
|
||||
state
|
||||
)
|
||||
|
|
|
@ -4,8 +4,8 @@ import Workflow from "./Workflow"
|
|||
|
||||
const workflowActions = store => ({
|
||||
fetch: async instanceId => {
|
||||
const WORKFLOWS_URL = `/api/${instanceId}/workflows`
|
||||
const workflowResponse = await api.get(WORKFLOWS_URL)
|
||||
const WORKFLOWS_URL = `/api/workflows`
|
||||
const workflowResponse = await api(instanceId).get(WORKFLOWS_URL)
|
||||
const json = await workflowResponse.json()
|
||||
store.update(state => {
|
||||
state.workflows = json
|
||||
|
@ -19,8 +19,8 @@ const workflowActions = store => ({
|
|||
steps: [],
|
||||
},
|
||||
}
|
||||
const CREATE_WORKFLOW_URL = `/api/${instanceId}/workflows`
|
||||
const response = await api.post(CREATE_WORKFLOW_URL, workflow)
|
||||
const CREATE_WORKFLOW_URL = `/api/workflows`
|
||||
const response = await api(instanceId).post(CREATE_WORKFLOW_URL, workflow)
|
||||
const json = await response.json()
|
||||
store.update(state => {
|
||||
state.workflows = state.workflows.concat(json.workflow)
|
||||
|
@ -29,8 +29,8 @@ const workflowActions = store => ({
|
|||
})
|
||||
},
|
||||
save: async ({ instanceId, workflow }) => {
|
||||
const UPDATE_WORKFLOW_URL = `/api/${instanceId}/workflows`
|
||||
const response = await api.put(UPDATE_WORKFLOW_URL, workflow)
|
||||
const UPDATE_WORKFLOW_URL = `/api/workflows`
|
||||
const response = await api(instanceId).put(UPDATE_WORKFLOW_URL, workflow)
|
||||
const json = await response.json()
|
||||
store.update(state => {
|
||||
const existingIdx = state.workflows.findIndex(
|
||||
|
@ -43,8 +43,8 @@ const workflowActions = store => ({
|
|||
})
|
||||
},
|
||||
update: async ({ instanceId, workflow }) => {
|
||||
const UPDATE_WORKFLOW_URL = `/api/${instanceId}/workflows`
|
||||
const response = await api.put(UPDATE_WORKFLOW_URL, workflow)
|
||||
const UPDATE_WORKFLOW_URL = `/api/workflows`
|
||||
const response = await api(instanceId).put(UPDATE_WORKFLOW_URL, workflow)
|
||||
const json = await response.json()
|
||||
store.update(state => {
|
||||
const existingIdx = state.workflows.findIndex(
|
||||
|
@ -57,8 +57,8 @@ const workflowActions = store => ({
|
|||
},
|
||||
delete: async ({ instanceId, workflow }) => {
|
||||
const { _id, _rev } = workflow
|
||||
const DELETE_WORKFLOW_URL = `/api/${instanceId}/workflows/${_id}/${_rev}`
|
||||
await api.delete(DELETE_WORKFLOW_URL)
|
||||
const DELETE_WORKFLOW_URL = `/api/workflows/${_id}/${_rev}`
|
||||
await api(instanceId).delete(DELETE_WORKFLOW_URL)
|
||||
|
||||
store.update(state => {
|
||||
const existingIdx = state.workflows.findIndex(
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
import api from "builderStore/api"
|
||||
|
||||
export async function createUser(user, instanceId) {
|
||||
const CREATE_USER_URL = `/api/${instanceId}/users`
|
||||
const response = await api.post(CREATE_USER_URL, user)
|
||||
const CREATE_USER_URL = `/api/users`
|
||||
const response = await api(instanceId).post(CREATE_USER_URL, user)
|
||||
return await response.json()
|
||||
}
|
||||
|
||||
|
@ -15,21 +15,21 @@ export async function createDatabase(appname, instanceName) {
|
|||
}
|
||||
|
||||
export async function deleteRecord(record, instanceId) {
|
||||
const DELETE_RECORDS_URL = `/api/${instanceId}/${record._modelId}/records/${record._id}/${record._rev}`
|
||||
const response = await api.delete(DELETE_RECORDS_URL)
|
||||
const DELETE_RECORDS_URL = `/api/${record._modelId}/records/${record._id}/${record._rev}`
|
||||
const response = await api(instanceId).delete(DELETE_RECORDS_URL)
|
||||
return response
|
||||
}
|
||||
|
||||
export async function saveRecord(record, instanceId, modelId) {
|
||||
const SAVE_RECORDS_URL = `/api/${instanceId}/${modelId}/records`
|
||||
const response = await api.post(SAVE_RECORDS_URL, record)
|
||||
const SAVE_RECORDS_URL = `/api/${modelId}/records`
|
||||
const response = await api(instanceId).post(SAVE_RECORDS_URL, record)
|
||||
|
||||
return await response.json()
|
||||
}
|
||||
|
||||
export async function fetchDataForView(viewName, instanceId) {
|
||||
const FETCH_RECORDS_URL = `/api/${instanceId}/views/${viewName}`
|
||||
const FETCH_RECORDS_URL = `/api/views/${viewName}`
|
||||
|
||||
const response = await api.get(FETCH_RECORDS_URL)
|
||||
const response = await api(instanceId).get(FETCH_RECORDS_URL)
|
||||
return await response.json()
|
||||
}
|
||||
|
|
|
@ -27,8 +27,8 @@
|
|||
function onFinishedFieldEdit() {}
|
||||
|
||||
async function saveModel() {
|
||||
const SAVE_MODEL_URL = `/api/${instanceId}/models`
|
||||
const response = await api.post(SAVE_MODEL_URL, model)
|
||||
const SAVE_MODEL_URL = `/api/models`
|
||||
const response = await api(instanceId).post(SAVE_MODEL_URL, model)
|
||||
const newModel = await response.json()
|
||||
backendUiStore.actions.models.create(newModel)
|
||||
onClosed()
|
||||
|
|
|
@ -29,8 +29,8 @@
|
|||
function deleteView() {}
|
||||
|
||||
async function saveView() {
|
||||
const SAVE_VIEW_URL = `/api/${instanceId}/views`
|
||||
const response = await api.post(SAVE_VIEW_URL, view)
|
||||
const SAVE_VIEW_URL = `/api/views`
|
||||
const response = await api(instanceId).post(SAVE_VIEW_URL, view)
|
||||
backendUiStore.update(state => {
|
||||
state.views = [...state.views, response.view]
|
||||
return state
|
||||
|
|
|
@ -7,7 +7,6 @@
|
|||
CreateEditModelModal,
|
||||
CreateEditViewModal,
|
||||
} from "components/database/ModelDataTable/modals"
|
||||
import api from "builderStore/api"
|
||||
|
||||
const { open, close } = getContext("simple-modal")
|
||||
|
||||
|
|
|
@ -52,8 +52,8 @@
|
|||
}
|
||||
|
||||
async function deleteModel(modelToDelete) {
|
||||
const DELETE_MODEL_URL = `/api/${instanceId}/models/${node._id}/${node._rev}`
|
||||
const response = await api.delete(DELETE_MODEL_URL)
|
||||
const DELETE_MODEL_URL = `/api/models/${node._id}/${node._rev}`
|
||||
const response = await api(instanceId).delete(DELETE_MODEL_URL)
|
||||
backendUiStore.update(state => {
|
||||
state.models = state.models.filter(
|
||||
model => model._id !== modelToDelete._id
|
||||
|
|
|
@ -16,8 +16,8 @@
|
|||
}
|
||||
|
||||
async function fetchUsers() {
|
||||
const FETCH_USERS_URL = `/api/${currentAppInfo.instanceId}/users`
|
||||
const response = await api.get(FETCH_USERS_URL)
|
||||
const FETCH_USERS_URL = `/api/users`
|
||||
const response = await api(currentAppInfo.instanceId).get(FETCH_USERS_URL)
|
||||
const users = await response.json()
|
||||
backendUiStore.update(state => {
|
||||
state.users = users
|
||||
|
|
|
@ -108,6 +108,7 @@
|
|||
selectedComponentId,
|
||||
frontendDefinition,
|
||||
appId: $store.appId,
|
||||
instanceId: $backendUiStore.selectedDatabase._id,
|
||||
})
|
||||
)
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ export default `<html>
|
|||
font-weight: bold;
|
||||
}
|
||||
</style>
|
||||
<script src='/assets/budibase-client.js'></script>
|
||||
<script>
|
||||
function receiveMessage(event) {
|
||||
|
||||
|
@ -44,13 +45,11 @@ export default `<html>
|
|||
document.head.appendChild(styles)
|
||||
styles.appendChild(document.createTextNode(data.styles))
|
||||
|
||||
document.cookie = "budibase:appid=" + data.appId
|
||||
window["##BUDIBASE_FRONTEND_DEFINITION##"] = data.frontendDefinition;
|
||||
if (clientModule) {
|
||||
clientModule.loadBudibase({ window, localStorage })
|
||||
if (window.loadBudibase) {
|
||||
loadBudibase({ window, localStorage })
|
||||
}
|
||||
}
|
||||
let clientModule
|
||||
let styles
|
||||
let selectedComponentStyle
|
||||
|
||||
|
@ -60,12 +59,9 @@ export default `<html>
|
|||
return false;
|
||||
}, true)
|
||||
|
||||
import('/_builder/budibase-client.esm.mjs')
|
||||
.then(module => {
|
||||
clientModule = module
|
||||
window.addEventListener('message', receiveMessage)
|
||||
window.dispatchEvent(new Event('bb-ready'))
|
||||
})
|
||||
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
<script>
|
||||
import { store, backendUiStore, workflowStore } from "builderStore"
|
||||
import { notifier } from "@beyonk/svelte-notifications"
|
||||
import api from "builderStore/api"
|
||||
import ActionButton from "components/common/ActionButton.svelte"
|
||||
|
||||
export let onClosed
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
import { onMount, getContext } from "svelte"
|
||||
import { backendUiStore, workflowStore } from "builderStore"
|
||||
import { notifier } from "@beyonk/svelte-notifications"
|
||||
import api from "builderStore/api"
|
||||
import WorkflowBlockSetup from "./WorkflowBlockSetup.svelte"
|
||||
import DeleteWorkflowModal from "./DeleteWorkflowModal.svelte"
|
||||
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
import { workflowStore, backendUiStore } from "builderStore"
|
||||
import { notifier } from "@beyonk/svelte-notifications"
|
||||
import Flowchart from "./flowchart/FlowChart.svelte"
|
||||
import api from "builderStore/api"
|
||||
|
||||
let selectedWorkflow
|
||||
let uiTree
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
import { backendUiStore, workflowStore } from "builderStore"
|
||||
import { WorkflowList } from "../"
|
||||
import WorkflowBlock from "./WorkflowBlock.svelte"
|
||||
import api from "builderStore/api"
|
||||
import blockDefinitions from "../blockDefinitions"
|
||||
|
||||
let selectedTab = "TRIGGER"
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
<script>
|
||||
import { store, backendUiStore, workflowStore } from "builderStore"
|
||||
import { notifier } from "@beyonk/svelte-notifications"
|
||||
import api from "builderStore/api"
|
||||
import ActionButton from "components/common/ActionButton.svelte"
|
||||
|
||||
export let onClosed
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
import { notifier } from "@beyonk/svelte-notifications"
|
||||
import { onMount, getContext } from "svelte"
|
||||
import { backendUiStore, workflowStore } from "builderStore"
|
||||
import api from "builderStore/api"
|
||||
import CreateWorkflowModal from "./CreateWorkflowModal.svelte"
|
||||
|
||||
const { open, close } = getContext("simple-modal")
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
import { onMount } from "svelte"
|
||||
import { backendUiStore, workflowStore } from "builderStore"
|
||||
import { WorkflowList, BlockList } from "./"
|
||||
import api from "builderStore/api"
|
||||
import blockDefinitions from "./blockDefinitions"
|
||||
|
||||
let selectedTab = "WORKFLOWS"
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
export const getAppId = cookie =>
|
||||
cookie
|
||||
export const getAppId = cookie => {
|
||||
const base64Token = cookie
|
||||
.split(";")
|
||||
.find(c => c.trim().startsWith("budibase:appid"))
|
||||
.find(c => c.trim().startsWith("budibase:token"))
|
||||
.split("=")[1]
|
||||
|
||||
const user = JSON.parse(atob(base64Token.split(".")[1]))
|
||||
return user.appId
|
||||
}
|
||||
|
|
|
@ -7,8 +7,9 @@ export const load = async (page, screens, url, host = "test.com") => {
|
|||
|
||||
const fullUrl = `http://${host}${url}`
|
||||
const cookieJar = new jsdom.CookieJar()
|
||||
const cookie = btoa('{}{"appId":"TEST_APP_ID"}signature')
|
||||
cookieJar.setCookie(
|
||||
`budibase:appid=TEST_APP_ID;domain=${host};path=/`,
|
||||
`budibase:token=${cookie};domain=${host};path=/`,
|
||||
fullUrl,
|
||||
{
|
||||
looseMode: false,
|
||||
|
@ -20,9 +21,6 @@ export const load = async (page, screens, url, host = "test.com") => {
|
|||
url: fullUrl,
|
||||
cookieJar,
|
||||
})
|
||||
/*const cookie = tough.Cookie
|
||||
cookie.key = "budibase:appid"
|
||||
cookie.value = "TEST_APPID"*/
|
||||
|
||||
autoAssignIds(page.props)
|
||||
for (let s of screens) {
|
||||
|
@ -44,7 +42,6 @@ export const load = async (page, screens, url, host = "test.com") => {
|
|||
}
|
||||
|
||||
const addWindowGlobals = (window, page, screens) => {
|
||||
window.document.cookie = "budibase:appid=TEST_APP_ID"
|
||||
window["##BUDIBASE_FRONTEND_DEFINITION##"] = {
|
||||
page,
|
||||
screens,
|
||||
|
|
|
@ -8,7 +8,7 @@ const {
|
|||
} = require("../../utilities/accessLevels")
|
||||
|
||||
exports.fetch = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const body = await db.query("database/by_type", {
|
||||
include_docs: true,
|
||||
key: ["accesslevel"],
|
||||
|
@ -19,12 +19,12 @@ exports.fetch = async function(ctx) {
|
|||
{
|
||||
_id: ADMIN_LEVEL_ID,
|
||||
name: "Admin",
|
||||
permissions: await generateAdminPermissions(ctx.params.instanceId),
|
||||
permissions: await generateAdminPermissions(ctx.user.instanceId),
|
||||
},
|
||||
{
|
||||
_id: POWERUSER_LEVEL_ID,
|
||||
name: "Power User",
|
||||
permissions: await generatePowerUserPermissions(ctx.params.instanceId),
|
||||
permissions: await generatePowerUserPermissions(ctx.user.instanceId),
|
||||
},
|
||||
]
|
||||
|
||||
|
@ -32,12 +32,12 @@ exports.fetch = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.find = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
ctx.body = await db.get(ctx.params.levelId)
|
||||
}
|
||||
|
||||
exports.update = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const level = await db.get(ctx.params.levelId)
|
||||
level.name = ctx.body.name
|
||||
level.permissions = ctx.request.body.permissions
|
||||
|
@ -48,7 +48,7 @@ exports.update = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.patch = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const level = await db.get(ctx.params.levelId)
|
||||
const { removedPermissions, addedPermissions, _rev } = ctx.request.body
|
||||
|
||||
|
@ -84,7 +84,7 @@ exports.patch = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.create = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
|
||||
const level = {
|
||||
name: ctx.request.body.name,
|
||||
|
@ -101,7 +101,7 @@ exports.create = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.destroy = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
await db.remove(ctx.params.levelId, ctx.params.rev)
|
||||
ctx.message = `Access Level ${ctx.params.id} deleted successfully`
|
||||
ctx.status = 200
|
||||
|
|
|
@ -9,6 +9,7 @@ const { copy, exists, readFile, writeFile } = require("fs-extra")
|
|||
const { budibaseAppsDir } = require("../../utilities/budibaseDir")
|
||||
const { exec } = require("child_process")
|
||||
const sqrl = require("squirrelly")
|
||||
const setBuilderToken = require("../../utilities/builder/setBuilderToken")
|
||||
|
||||
exports.fetch = async function(ctx) {
|
||||
const db = new CouchDB(ClientDb.name(getClientId(ctx)))
|
||||
|
@ -25,6 +26,14 @@ exports.fetchAppPackage = async function(ctx) {
|
|||
const db = new CouchDB(ClientDb.name(clientId))
|
||||
const application = await db.get(ctx.params.applicationId)
|
||||
ctx.body = await getPackageForBuilder(ctx.config, application)
|
||||
/*
|
||||
instance is hardcoded now - this can only change when we move
|
||||
pages and screens into the database
|
||||
*/
|
||||
const devInstance = application.instances.find(
|
||||
i => i.name === `dev-${clientId}`
|
||||
)
|
||||
setBuilderToken(ctx, ctx.params.applicationId, devInstance._id)
|
||||
}
|
||||
|
||||
exports.create = async function(ctx) {
|
||||
|
@ -37,10 +46,12 @@ exports.create = async function(ctx) {
|
|||
const appId = newid()
|
||||
// insert an appId -> clientId lookup
|
||||
const masterDb = new CouchDB("clientAppLookup")
|
||||
|
||||
await masterDb.put({
|
||||
_id: appId,
|
||||
clientId,
|
||||
})
|
||||
|
||||
const db = new CouchDB(ClientDb.name(clientId))
|
||||
|
||||
const newApplication = {
|
||||
|
@ -56,18 +67,18 @@ exports.create = async function(ctx) {
|
|||
description: ctx.request.body.description,
|
||||
}
|
||||
|
||||
const { rev } = await db.post(newApplication)
|
||||
const { rev } = await db.put(newApplication)
|
||||
newApplication._rev = rev
|
||||
|
||||
const createInstCtx = {
|
||||
params: {
|
||||
applicationId: newApplication._id,
|
||||
user: {
|
||||
appId: newApplication._id,
|
||||
},
|
||||
request: {
|
||||
body: { name: `dev-${clientId}` },
|
||||
},
|
||||
}
|
||||
await instanceController.create(createInstCtx)
|
||||
newApplication.instances.push(createInstCtx.body)
|
||||
|
||||
if (ctx.isDev) {
|
||||
const newAppFolder = await createEmptyAppPackage(ctx, newApplication)
|
||||
|
|
|
@ -4,7 +4,7 @@ const ClientDb = require("../../db/clientDb")
|
|||
const bcrypt = require("../../utilities/bcrypt")
|
||||
|
||||
exports.authenticate = async ctx => {
|
||||
if (!ctx.appId) ctx.throw(400, "No appId")
|
||||
if (!ctx.user.appId) ctx.throw(400, "No appId")
|
||||
|
||||
const { username, password } = ctx.request.body
|
||||
|
||||
|
@ -13,18 +13,22 @@ exports.authenticate = async ctx => {
|
|||
|
||||
const masterDb = new CouchDB("clientAppLookup")
|
||||
|
||||
const { clientId } = await masterDb.get(ctx.appId)
|
||||
const { clientId } = await masterDb.get(ctx.user.appId)
|
||||
|
||||
if (!clientId) {
|
||||
ctx.throw(400, "ClientId not suplied")
|
||||
}
|
||||
// find the instance that the user is associated with
|
||||
const db = new CouchDB(ClientDb.name(clientId))
|
||||
const app = await db.get(ctx.appId)
|
||||
const app = await db.get(ctx.user.appId)
|
||||
const instanceId = app.userInstanceMap[username]
|
||||
|
||||
if (!instanceId)
|
||||
ctx.throw(500, "User is not associated with an instance of app", ctx.appId)
|
||||
ctx.throw(
|
||||
500,
|
||||
"User is not associated with an instance of app",
|
||||
ctx.user.appId
|
||||
)
|
||||
|
||||
// Check the user exists in the instance DB by username
|
||||
const instanceDb = new CouchDB(instanceId)
|
||||
|
@ -43,6 +47,7 @@ exports.authenticate = async ctx => {
|
|||
const payload = {
|
||||
userId: dbUser._id,
|
||||
accessLevelId: dbUser.accessLevelId,
|
||||
appId: ctx.user.appId,
|
||||
instanceId,
|
||||
}
|
||||
|
||||
|
|
|
@ -4,19 +4,19 @@ const newid = require("../../db/newid")
|
|||
|
||||
exports.create = async function(ctx) {
|
||||
const instanceName = ctx.request.body.name
|
||||
const appShortId = ctx.params.applicationId.substring(0, 7)
|
||||
const { appId } = ctx.user
|
||||
const appShortId = appId.substring(0, 7)
|
||||
const instanceId = `inst_${appShortId}_${newid()}`
|
||||
const { applicationId } = ctx.params
|
||||
|
||||
const masterDb = new CouchDB("clientAppLookup")
|
||||
const { clientId } = await masterDb.get(applicationId)
|
||||
const { clientId } = await masterDb.get(appId)
|
||||
|
||||
const db = new CouchDB(instanceId)
|
||||
await db.put({
|
||||
_id: "_design/database",
|
||||
metadata: {
|
||||
clientId,
|
||||
applicationId,
|
||||
applicationId: appId,
|
||||
},
|
||||
views: {
|
||||
by_username: {
|
||||
|
@ -46,7 +46,7 @@ exports.create = async function(ctx) {
|
|||
|
||||
// Add the new instance under the app clientDB
|
||||
const clientDb = new CouchDB(client.name(clientId))
|
||||
const budibaseApp = await clientDb.get(applicationId)
|
||||
const budibaseApp = await clientDb.get(appId)
|
||||
const instance = { _id: instanceId, name: instanceName }
|
||||
budibaseApp.instances.push(instance)
|
||||
await clientDb.put(budibaseApp)
|
||||
|
|
|
@ -2,7 +2,7 @@ const CouchDB = require("../../db")
|
|||
const newid = require("../../db/newid")
|
||||
|
||||
exports.fetch = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const body = await db.query("database/by_type", {
|
||||
include_docs: true,
|
||||
key: ["model"],
|
||||
|
@ -11,13 +11,13 @@ exports.fetch = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.find = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const model = await db.get(ctx.params.id)
|
||||
ctx.body = model
|
||||
}
|
||||
|
||||
exports.create = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const newModel = {
|
||||
type: "model",
|
||||
...ctx.request.body,
|
||||
|
@ -65,7 +65,7 @@ exports.create = async function(ctx) {
|
|||
exports.update = async function() {}
|
||||
|
||||
exports.destroy = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
|
||||
const modelToDelete = await db.get(ctx.params.modelId)
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ const validateJs = require("validate.js")
|
|||
const newid = require("../../db/newid")
|
||||
|
||||
exports.save = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const record = ctx.request.body
|
||||
record.modelId = ctx.params.modelId
|
||||
|
||||
|
@ -46,7 +46,7 @@ exports.save = async function(ctx) {
|
|||
ctx.eventEmitter &&
|
||||
ctx.eventEmitter.emit(`record:save`, {
|
||||
record,
|
||||
instanceId: ctx.params.instanceId,
|
||||
instanceId: ctx.user.instanceId,
|
||||
})
|
||||
ctx.body = record
|
||||
ctx.status = 200
|
||||
|
@ -54,7 +54,7 @@ exports.save = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.fetchView = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const response = await db.query(`database/${ctx.params.viewName}`, {
|
||||
include_docs: true,
|
||||
})
|
||||
|
@ -62,7 +62,7 @@ exports.fetchView = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.fetchModelRecords = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const response = await db.query(`database/all_${ctx.params.modelId}`, {
|
||||
include_docs: true,
|
||||
})
|
||||
|
@ -70,7 +70,7 @@ exports.fetchModelRecords = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.search = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const response = await db.allDocs({
|
||||
include_docs: true,
|
||||
...ctx.request.body,
|
||||
|
@ -79,7 +79,7 @@ exports.search = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.find = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const record = await db.get(ctx.params.recordId)
|
||||
if (record.modelId !== ctx.params.modelId) {
|
||||
ctx.throw(400, "Supplied modelId doe not match the record's modelId")
|
||||
|
@ -89,7 +89,7 @@ exports.find = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.destroy = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const record = await db.get(ctx.params.recordId)
|
||||
if (record.modelId !== ctx.params.modelId) {
|
||||
ctx.throw(400, "Supplied modelId doe not match the record's modelId")
|
||||
|
@ -101,7 +101,7 @@ exports.destroy = async function(ctx) {
|
|||
|
||||
exports.validate = async function(ctx) {
|
||||
const errors = await validate({
|
||||
instanceId: ctx.params.instanceId,
|
||||
instanceId: ctx.user.instanceId,
|
||||
modelId: ctx.params.modelId,
|
||||
record: ctx.request.body,
|
||||
})
|
||||
|
|
|
@ -4,11 +4,12 @@ const {
|
|||
budibaseAppsDir,
|
||||
budibaseTempDir,
|
||||
} = require("../../utilities/budibaseDir")
|
||||
const env = require("../../environment")
|
||||
const setBuilderToken = require("../../utilities/builder/setBuilderToken")
|
||||
const { ANON_LEVEL_ID } = require("../../utilities/accessLevels")
|
||||
|
||||
exports.serveBuilder = async function(ctx) {
|
||||
let builderPath = resolve(__dirname, "../../../builder")
|
||||
ctx.cookies.set("builder:token", env.ADMIN_SECRET)
|
||||
setBuilderToken(ctx)
|
||||
await send(ctx, ctx.file, { root: ctx.devPath || builderPath })
|
||||
}
|
||||
|
||||
|
@ -22,11 +23,15 @@ exports.serveApp = async function(ctx) {
|
|||
)
|
||||
// only set the appId cookie for /appId .. we COULD check for valid appIds
|
||||
// but would like to avoid that DB hit
|
||||
if (looksLikeAppId(ctx.params.appId)) {
|
||||
ctx.cookies.set("budibase:appid", ctx.params.appId, {
|
||||
if (looksLikeAppId(ctx.params.appId) && !ctx.isAuthenticated) {
|
||||
const anonToken = {
|
||||
userId: "ANON",
|
||||
accessLevelId: ANON_LEVEL_ID,
|
||||
appId: ctx.params.appId,
|
||||
}
|
||||
ctx.cookies.set("budibase:token", anonToken, {
|
||||
path: "/",
|
||||
httpOnly: false,
|
||||
expires: new Date(2099, 1, 1),
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -37,7 +42,7 @@ exports.serveAppAsset = async function(ctx) {
|
|||
// default to homedir
|
||||
const appPath = resolve(
|
||||
budibaseAppsDir(),
|
||||
ctx.appId,
|
||||
ctx.user.appId,
|
||||
"public",
|
||||
ctx.isAuthenticated ? "main" : "unauthenticated"
|
||||
)
|
||||
|
@ -49,7 +54,7 @@ exports.serveComponentLibrary = async function(ctx) {
|
|||
// default to homedir
|
||||
let componentLibraryPath = resolve(
|
||||
budibaseAppsDir(),
|
||||
ctx.appId,
|
||||
ctx.user.appId,
|
||||
"node_modules",
|
||||
decodeURI(ctx.query.library),
|
||||
"dist"
|
||||
|
|
|
@ -8,7 +8,7 @@ const {
|
|||
} = require("../../utilities/accessLevels")
|
||||
|
||||
exports.fetch = async function(ctx) {
|
||||
const database = new CouchDB(ctx.params.instanceId)
|
||||
const database = new CouchDB(ctx.user.instanceId)
|
||||
const data = await database.query("database/by_type", {
|
||||
include_docs: true,
|
||||
key: ["user"],
|
||||
|
@ -18,7 +18,7 @@ exports.fetch = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.create = async function(ctx) {
|
||||
const database = new CouchDB(ctx.params.instanceId)
|
||||
const database = new CouchDB(ctx.user.instanceId)
|
||||
const appId = (await database.get("_design/database")).metadata.applicationId
|
||||
const { username, password, name, accessLevelId } = ctx.request.body
|
||||
|
||||
|
@ -50,7 +50,7 @@ exports.create = async function(ctx) {
|
|||
|
||||
app.userInstanceMap = {
|
||||
...app.userInstanceMap,
|
||||
[username]: ctx.params.instanceId,
|
||||
[username]: ctx.user.instanceId,
|
||||
}
|
||||
await db.put(app)
|
||||
|
||||
|
@ -66,14 +66,14 @@ exports.create = async function(ctx) {
|
|||
exports.update = async function() {}
|
||||
|
||||
exports.destroy = async function(ctx) {
|
||||
const database = new CouchDB(ctx.params.instanceId)
|
||||
const database = new CouchDB(ctx.user.instanceId)
|
||||
await database.destroy(getUserId(ctx.params.username))
|
||||
ctx.message = `User ${ctx.params.username} deleted.`
|
||||
ctx.status = 200
|
||||
}
|
||||
|
||||
exports.find = async function(ctx) {
|
||||
const database = new CouchDB(ctx.params.instanceId)
|
||||
const database = new CouchDB(ctx.user.instanceId)
|
||||
const user = await database.get(getUserId(ctx.params.username))
|
||||
ctx.body = {
|
||||
username: user.username,
|
||||
|
|
|
@ -3,7 +3,7 @@ const CouchDB = require("../../db")
|
|||
const controller = {
|
||||
query: async () => {},
|
||||
fetch: async ctx => {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const designDoc = await db.get("_design/database")
|
||||
const response = []
|
||||
|
||||
|
@ -24,7 +24,7 @@ const controller = {
|
|||
ctx.body = response
|
||||
},
|
||||
create: async ctx => {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const newView = ctx.request.body
|
||||
|
||||
const designDoc = await db.get("_design/database")
|
||||
|
@ -38,7 +38,7 @@ const controller = {
|
|||
ctx.message = `View ${newView.name} created successfully.`
|
||||
},
|
||||
destroy: async ctx => {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
ctx.body = await db.destroy(ctx.params.userId)
|
||||
},
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@ const CouchDB = require("../../../db")
|
|||
const newid = require("../../../db/newid")
|
||||
|
||||
exports.create = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const workflow = ctx.request.body
|
||||
|
||||
workflow._id = newid()
|
||||
|
@ -22,7 +22,7 @@ exports.create = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.update = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const workflow = ctx.request.body
|
||||
|
||||
const response = await db.put(workflow)
|
||||
|
@ -40,7 +40,7 @@ exports.update = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.fetch = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
const response = await db.query(`database/by_type`, {
|
||||
key: ["workflow"],
|
||||
include_docs: true,
|
||||
|
@ -69,6 +69,6 @@ exports.fetchActionScript = async function(ctx) {
|
|||
}
|
||||
|
||||
exports.destroy = async function(ctx) {
|
||||
const db = new CouchDB(ctx.params.instanceId)
|
||||
const db = new CouchDB(ctx.user.instanceId)
|
||||
ctx.body = await db.remove(ctx.params.id, ctx.params.rev)
|
||||
}
|
||||
|
|
|
@ -60,11 +60,6 @@ router.use(async (ctx, next) => {
|
|||
}
|
||||
})
|
||||
|
||||
router.use(async (ctx, next) => {
|
||||
ctx.appId = ctx.cookies.get("budibase:appid")
|
||||
await next()
|
||||
})
|
||||
|
||||
router.use(authRoutes.routes())
|
||||
router.use(authRoutes.allowedMethods())
|
||||
|
||||
|
|
|
@ -4,11 +4,11 @@ const controller = require("../controllers/accesslevel")
|
|||
const router = Router()
|
||||
|
||||
router
|
||||
.post("/api/:instanceId/accesslevels", controller.create)
|
||||
.put("/api/:instanceId/accesslevels", controller.update)
|
||||
.get("/api/:instanceId/accesslevels", controller.fetch)
|
||||
.get("/api/:instanceId/accesslevels/:levelId", controller.find)
|
||||
.delete("/api/:instanceId/accesslevels/:levelId/:rev", controller.destroy)
|
||||
.patch("/api/:instanceId/accesslevels/:levelId", controller.patch)
|
||||
.post("/api/accesslevels", controller.create)
|
||||
.put("/api/accesslevels", controller.update)
|
||||
.get("/api/accesslevels", controller.fetch)
|
||||
.get("/api/accesslevels/:levelId", controller.find)
|
||||
.delete("/api/accesslevels/:levelId/:rev", controller.destroy)
|
||||
.patch("/api/accesslevels/:levelId", controller.patch)
|
||||
|
||||
module.exports = router
|
||||
|
|
|
@ -6,7 +6,7 @@ const { BUILDER } = require("../../utilities/accessLevels")
|
|||
const router = Router()
|
||||
|
||||
router
|
||||
.post("/api/:applicationId/instances", authorized(BUILDER), controller.create)
|
||||
.post("/api/instances", authorized(BUILDER), controller.create)
|
||||
.delete("/api/instances/:instanceId", authorized(BUILDER), controller.destroy)
|
||||
|
||||
module.exports = router
|
||||
|
|
|
@ -1,17 +1,21 @@
|
|||
const Router = require("@koa/router")
|
||||
const modelController = require("../controllers/model")
|
||||
const authorized = require("../../middleware/authorized")
|
||||
const { BUILDER } = require("../../utilities/accessLevels")
|
||||
const { BUILDER, READ_MODEL } = require("../../utilities/accessLevels")
|
||||
|
||||
const router = Router()
|
||||
|
||||
router
|
||||
.get("/api/:instanceId/models", authorized(BUILDER), modelController.fetch)
|
||||
.get("/api/:instanceId/models/:id", authorized(BUILDER), modelController.find)
|
||||
.post("/api/:instanceId/models", authorized(BUILDER), modelController.create)
|
||||
.get("/api/models", modelController.fetch)
|
||||
.get(
|
||||
"/api/models/:id",
|
||||
authorized(READ_MODEL, ctx => ctx.params.id),
|
||||
modelController.find
|
||||
)
|
||||
.post("/api/models", authorized(BUILDER), modelController.create)
|
||||
// .patch("/api/:instanceId/models", controller.update)
|
||||
.delete(
|
||||
"/api/:instanceId/models/:modelId/:revId",
|
||||
"/api/models/:modelId/:revId",
|
||||
authorized(BUILDER),
|
||||
modelController.destroy
|
||||
)
|
||||
|
|
|
@ -7,28 +7,28 @@ const router = Router()
|
|||
|
||||
router
|
||||
.get(
|
||||
"/api/:instanceId/:modelId/records",
|
||||
"/api/:modelId/records",
|
||||
authorized(READ_MODEL, ctx => ctx.params.modelId),
|
||||
recordController.fetchModelRecords
|
||||
)
|
||||
.get(
|
||||
"/api/:instanceId/:modelId/records/:recordId",
|
||||
"/api/:modelId/records/:recordId",
|
||||
authorized(READ_MODEL, ctx => ctx.params.modelId),
|
||||
recordController.find
|
||||
)
|
||||
.post("/api/:instanceId/records/search", recordController.search)
|
||||
.post("/api/records/search", recordController.search)
|
||||
.post(
|
||||
"/api/:instanceId/:modelId/records",
|
||||
"/api/:modelId/records",
|
||||
authorized(WRITE_MODEL, ctx => ctx.params.modelId),
|
||||
recordController.save
|
||||
)
|
||||
.post(
|
||||
"/api/:instanceId/:modelId/records/validate",
|
||||
"/api/:modelId/records/validate",
|
||||
authorized(WRITE_MODEL, ctx => ctx.params.modelId),
|
||||
recordController.validate
|
||||
)
|
||||
.delete(
|
||||
"/api/:instanceId/:modelId/records/:recordId/:revId",
|
||||
"/api/:modelId/records/:recordId/:revId",
|
||||
authorized(WRITE_MODEL, ctx => ctx.params.modelId),
|
||||
recordController.destroy
|
||||
)
|
||||
|
|
|
@ -6,12 +6,8 @@ const { BUILDER } = require("../../utilities/accessLevels")
|
|||
const router = Router()
|
||||
|
||||
router
|
||||
.get("/api/:instanceId/screens", authorized(BUILDER), controller.fetch)
|
||||
.post("/api/:instanceId/screens", authorized(BUILDER), controller.save)
|
||||
.delete(
|
||||
"/api/:instanceId/:screenId/:revId",
|
||||
authorized(BUILDER),
|
||||
controller.destroy
|
||||
)
|
||||
.get("/api/screens", authorized(BUILDER), controller.fetch)
|
||||
.post("/api/screens", authorized(BUILDER), controller.save)
|
||||
.delete("/api/:screenId/:revId", authorized(BUILDER), controller.destroy)
|
||||
|
||||
module.exports = router
|
||||
|
|
|
@ -36,8 +36,8 @@ describe("/accesslevels", () => {
|
|||
|
||||
beforeEach(async () => {
|
||||
instanceId = (await createInstance(request, appId))._id
|
||||
model = await createModel(request, instanceId)
|
||||
view = await createView(request, instanceId)
|
||||
model = await createModel(request, appId, instanceId)
|
||||
view = await createView(request, appId, instanceId)
|
||||
})
|
||||
|
||||
describe("create", () => {
|
||||
|
@ -46,7 +46,7 @@ describe("/accesslevels", () => {
|
|||
const res = await request
|
||||
.post(`/api/${instanceId}/accesslevels`)
|
||||
.send({ name: "user" })
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -64,7 +64,7 @@ describe("/accesslevels", () => {
|
|||
const createRes = await request
|
||||
.post(`/api/${instanceId}/accesslevels`)
|
||||
.send({ name: "user", permissions: [ { itemId: model._id, name: READ_MODEL }] })
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -72,7 +72,7 @@ describe("/accesslevels", () => {
|
|||
|
||||
const res = await request
|
||||
.get(`/api/${instanceId}/accesslevels`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -97,7 +97,7 @@ describe("/accesslevels", () => {
|
|||
const createRes = await request
|
||||
.post(`/api/${instanceId}/accesslevels`)
|
||||
.send({ name: "user", permissions: [ { itemId: model._id, name: READ_MODEL } ] })
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -105,12 +105,12 @@ describe("/accesslevels", () => {
|
|||
|
||||
await request
|
||||
.delete(`/api/${instanceId}/accesslevels/${customLevel._id}/${customLevel._rev}`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect(200)
|
||||
|
||||
await request
|
||||
.get(`/api/${instanceId}/accesslevels/${customLevel._id}`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect(404)
|
||||
})
|
||||
})
|
||||
|
@ -120,7 +120,7 @@ describe("/accesslevels", () => {
|
|||
const createRes = await request
|
||||
.post(`/api/${instanceId}/accesslevels`)
|
||||
.send({ name: "user", permissions: [ { itemId: model._id, name: READ_MODEL }] })
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -132,13 +132,13 @@ describe("/accesslevels", () => {
|
|||
_rev: customLevel._rev,
|
||||
addedPermissions: [ { itemId: model._id, name: WRITE_MODEL } ]
|
||||
})
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
const finalRes = await request
|
||||
.get(`/api/${instanceId}/accesslevels/${customLevel._id}`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect(200)
|
||||
|
||||
expect(finalRes.body.permissions.length).toBe(2)
|
||||
|
@ -156,7 +156,7 @@ describe("/accesslevels", () => {
|
|||
{ itemId: model._id, name: WRITE_MODEL },
|
||||
]
|
||||
})
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -168,13 +168,13 @@ describe("/accesslevels", () => {
|
|||
_rev: customLevel._rev,
|
||||
removedPermissions: [ { itemId: model._id, name: WRITE_MODEL }]
|
||||
})
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
const finalRes = await request
|
||||
.get(`/api/${instanceId}/accesslevels/${customLevel._id}`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(appId, instanceId))
|
||||
.expect(200)
|
||||
|
||||
expect(finalRes.body.permissions.length).toBe(1)
|
||||
|
|
|
@ -34,14 +34,14 @@ describe("/applications", () => {
|
|||
const res = await request
|
||||
.post("/api/applications")
|
||||
.send({ name: "My App" })
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders())
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
expect(res.res.statusMessage).toEqual("Application My App created successfully")
|
||||
expect(res.body._id).toBeDefined()
|
||||
})
|
||||
|
||||
it("should apply authorization to endpoint", async () => {
|
||||
fit("should apply authorization to endpoint", async () => {
|
||||
const otherApplication = await createApplication(request)
|
||||
const instance = await createInstance(request, otherApplication._id)
|
||||
await builderEndpointShouldBlockNormalUsers({
|
||||
|
@ -49,6 +49,7 @@ describe("/applications", () => {
|
|||
method: "POST",
|
||||
url: `/api/applications`,
|
||||
instanceId: instance._id,
|
||||
appId: otherApplication._id,
|
||||
body: { name: "My App" }
|
||||
})
|
||||
})
|
||||
|
@ -63,7 +64,7 @@ describe("/applications", () => {
|
|||
|
||||
const res = await request
|
||||
.get("/api/applications")
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders())
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -77,13 +78,13 @@ describe("/applications", () => {
|
|||
const blah = await request
|
||||
.post("/api/applications")
|
||||
.send({ name: "app2", clientId: "new_client"})
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders())
|
||||
.expect('Content-Type', /json/)
|
||||
//.expect(200)
|
||||
|
||||
const client1Res = await request
|
||||
.get(`/api/applications?clientId=${TEST_CLIENT_ID}`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders())
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -92,7 +93,7 @@ describe("/applications", () => {
|
|||
|
||||
const client2Res = await request
|
||||
.get(`/api/applications?clientId=new_client`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders())
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -109,6 +110,7 @@ describe("/applications", () => {
|
|||
method: "GET",
|
||||
url: `/api/applications`,
|
||||
instanceId: instance._id,
|
||||
appId: otherApplication._id,
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
|
@ -4,8 +4,12 @@ const supertest = require("supertest")
|
|||
const app = require("../../../app")
|
||||
const {
|
||||
POWERUSER_LEVEL_ID,
|
||||
ANON_LEVEL_ID,
|
||||
BUILDER_LEVEL_ID,
|
||||
generateAdminPermissions,
|
||||
} = require("../../../utilities/accessLevels")
|
||||
const jwt = require("jsonwebtoken")
|
||||
const env = require("../../../environment")
|
||||
|
||||
const TEST_CLIENT_ID = "test-client-id"
|
||||
|
||||
|
@ -20,13 +24,24 @@ exports.supertest = async () => {
|
|||
return { request, server }
|
||||
}
|
||||
|
||||
exports.defaultHeaders = {
|
||||
exports.defaultHeaders = (appId, instanceId) => {
|
||||
const builderUser = {
|
||||
userId: "BUILDER",
|
||||
accessLevelId: BUILDER_LEVEL_ID,
|
||||
appId,
|
||||
instanceId,
|
||||
}
|
||||
|
||||
const builderToken = jwt.sign(builderUser, env.JWT_SECRET)
|
||||
|
||||
return {
|
||||
Accept: "application/json",
|
||||
Cookie: ["builder:token=test-admin-secret"],
|
||||
Cookie: [`builder:token=${builderToken}`],
|
||||
"x-user-agent": "Budibase Builder",
|
||||
}
|
||||
}
|
||||
|
||||
exports.createModel = async (request, instanceId, model) => {
|
||||
exports.createModel = async (request, appId, instanceId, model) => {
|
||||
model = model || {
|
||||
name: "TestModel",
|
||||
type: "model",
|
||||
|
@ -43,19 +58,19 @@ exports.createModel = async (request, instanceId, model) => {
|
|||
|
||||
const res = await request
|
||||
.post(`/api/${instanceId}/models`)
|
||||
.set(exports.defaultHeaders)
|
||||
.set(exports.defaultHeaders(appId, instanceId))
|
||||
.send(model)
|
||||
return res.body
|
||||
}
|
||||
|
||||
exports.createView = async (request, instanceId, view) => {
|
||||
exports.createView = async (request, appId, instanceId, view) => {
|
||||
view = view || {
|
||||
map: "function(doc) { emit(doc[doc.key], doc._id); } ",
|
||||
}
|
||||
|
||||
const res = await request
|
||||
.post(`/api/${instanceId}/views`)
|
||||
.set(exports.defaultHeaders)
|
||||
.set(exports.defaultHeaders(appId, instanceId))
|
||||
.send(view)
|
||||
return res.body
|
||||
}
|
||||
|
@ -65,7 +80,7 @@ exports.createClientDatabase = async id => await create(id || TEST_CLIENT_ID)
|
|||
exports.createApplication = async (request, name = "test_application") => {
|
||||
const res = await request
|
||||
.post("/api/applications")
|
||||
.set(exports.defaultHeaders)
|
||||
.set(exports.defaultHeaders())
|
||||
.send({
|
||||
name,
|
||||
})
|
||||
|
@ -76,8 +91,8 @@ exports.destroyClientDatabase = async () => await destroy(TEST_CLIENT_ID)
|
|||
|
||||
exports.createInstance = async (request, appId) => {
|
||||
const res = await request
|
||||
.post(`/api/${appId}/instances`)
|
||||
.set(exports.defaultHeaders)
|
||||
.post(`/api/instances`)
|
||||
.set(exports.defaultHeaders(appId))
|
||||
.send({
|
||||
name: "test-instance",
|
||||
})
|
||||
|
@ -86,13 +101,14 @@ exports.createInstance = async (request, appId) => {
|
|||
|
||||
exports.createUser = async (
|
||||
request,
|
||||
appId,
|
||||
instanceId,
|
||||
username = "babs",
|
||||
password = "babs_password"
|
||||
) => {
|
||||
const res = await request
|
||||
.post(`/api/${instanceId}/users`)
|
||||
.set(exports.defaultHeaders)
|
||||
.post(`/api/users`)
|
||||
.set(exports.defaultHeaders(appId, instanceId))
|
||||
.send({
|
||||
name: "Bill",
|
||||
username,
|
||||
|
@ -104,6 +120,7 @@ exports.createUser = async (
|
|||
|
||||
const createUserWithOnePermission = async (
|
||||
request,
|
||||
appId,
|
||||
instanceId,
|
||||
permName,
|
||||
itemId
|
||||
|
@ -115,17 +132,19 @@ const createUserWithOnePermission = async (
|
|||
|
||||
return await createUserWithPermissions(
|
||||
request,
|
||||
appId,
|
||||
instanceId,
|
||||
permissions,
|
||||
"onePermOnlyUser"
|
||||
)
|
||||
}
|
||||
|
||||
const createUserWithAdminPermissions = async (request, instanceId) => {
|
||||
const createUserWithAdminPermissions = async (request, appId, instanceId) => {
|
||||
let permissions = await generateAdminPermissions(instanceId)
|
||||
|
||||
return await createUserWithPermissions(
|
||||
request,
|
||||
appId,
|
||||
instanceId,
|
||||
permissions,
|
||||
"adminUser"
|
||||
|
@ -134,6 +153,7 @@ const createUserWithAdminPermissions = async (request, instanceId) => {
|
|||
|
||||
const createUserWithAllPermissionExceptOne = async (
|
||||
request,
|
||||
appId,
|
||||
instanceId,
|
||||
permName,
|
||||
itemId
|
||||
|
@ -145,6 +165,7 @@ const createUserWithAllPermissionExceptOne = async (
|
|||
|
||||
return await createUserWithPermissions(
|
||||
request,
|
||||
appId,
|
||||
instanceId,
|
||||
permissions,
|
||||
"allPermsExceptOneUser"
|
||||
|
@ -153,6 +174,7 @@ const createUserWithAllPermissionExceptOne = async (
|
|||
|
||||
const createUserWithPermissions = async (
|
||||
request,
|
||||
appId,
|
||||
instanceId,
|
||||
permissions,
|
||||
username
|
||||
|
@ -160,12 +182,12 @@ const createUserWithPermissions = async (
|
|||
const accessRes = await request
|
||||
.post(`/api/${instanceId}/accesslevels`)
|
||||
.send({ name: "TestLevel", permissions })
|
||||
.set(exports.defaultHeaders)
|
||||
.set(exports.defaultHeaders(appId, instanceId))
|
||||
|
||||
const password = `password_${username}`
|
||||
await request
|
||||
.post(`/api/${instanceId}/users`)
|
||||
.set(exports.defaultHeaders)
|
||||
.set(exports.defaultHeaders(appId, instanceId))
|
||||
.send({
|
||||
name: username,
|
||||
username,
|
||||
|
@ -173,12 +195,20 @@ const createUserWithPermissions = async (
|
|||
accessLevelId: accessRes.body._id,
|
||||
})
|
||||
|
||||
const db = new CouchDB(instanceId)
|
||||
const designDoc = await db.get("_design/database")
|
||||
//const db = new CouchDB(instanceId)
|
||||
//const designDoc = await db.get("_design/database")
|
||||
|
||||
const anonUser = {
|
||||
userId: "ANON",
|
||||
accessLevelId: ANON_LEVEL_ID,
|
||||
appId: appId,
|
||||
}
|
||||
|
||||
const anonToken = jwt.sign(anonUser, env.JWT_SECRET)
|
||||
|
||||
const loginResult = await request
|
||||
.post(`/api/authenticate`)
|
||||
.set({ Cookie: `budibase:appid=${designDoc.metadata.applicationId}` })
|
||||
.set({ Cookie: `budibase:token=${anonToken}` })
|
||||
.send({ username, password })
|
||||
|
||||
// returning necessary request headers
|
||||
|
@ -193,12 +223,14 @@ exports.testPermissionsForEndpoint = async ({
|
|||
method,
|
||||
url,
|
||||
body,
|
||||
appId,
|
||||
instanceId,
|
||||
permissionName,
|
||||
itemId,
|
||||
}) => {
|
||||
const headers = await createUserWithOnePermission(
|
||||
request,
|
||||
appId,
|
||||
instanceId,
|
||||
permissionName,
|
||||
itemId
|
||||
|
@ -210,6 +242,7 @@ exports.testPermissionsForEndpoint = async ({
|
|||
|
||||
const noPermsHeaders = await createUserWithAllPermissionExceptOne(
|
||||
request,
|
||||
appId,
|
||||
instanceId,
|
||||
permissionName,
|
||||
itemId
|
||||
|
@ -225,9 +258,14 @@ exports.builderEndpointShouldBlockNormalUsers = async ({
|
|||
method,
|
||||
url,
|
||||
body,
|
||||
appId,
|
||||
instanceId,
|
||||
}) => {
|
||||
const headers = await createUserWithAdminPermissions(request, instanceId)
|
||||
const headers = await createUserWithAdminPermissions(
|
||||
request,
|
||||
appId,
|
||||
instanceId
|
||||
)
|
||||
|
||||
await createRequest(request, method, url, body)
|
||||
.set(headers)
|
||||
|
|
|
@ -24,9 +24,9 @@ describe("/instances", () => {
|
|||
|
||||
it("returns a success message when the instance database is successfully created", async () => {
|
||||
const res = await request
|
||||
.post(`/api/${TEST_APP_ID}/instances`)
|
||||
.post(`/api/instances`)
|
||||
.send({ name: "test-instance" })
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(TEST_APP_ID))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -42,7 +42,7 @@ describe("/instances", () => {
|
|||
const instance = await createInstance(request, TEST_APP_ID);
|
||||
const res = await request
|
||||
.delete(`/api/instances/${instance._id}`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(TEST_APP_ID))
|
||||
.expect(200)
|
||||
|
||||
expect(res.res.statusMessage).toEqual(`Instance Database ${instance._id} successfully destroyed.`);
|
||||
|
|
|
@ -41,7 +41,7 @@ describe("/models", () => {
|
|||
name: { type: "string" }
|
||||
}
|
||||
})
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
.end(async (err, res) => {
|
||||
|
@ -73,13 +73,13 @@ describe("/models", () => {
|
|||
|
||||
beforeEach(async () => {
|
||||
instance = await createInstance(request, app._id)
|
||||
testModel = await createModel(request, instance._id, testModel)
|
||||
testModel = await createModel(request, app._id, instance._id, testModel)
|
||||
});
|
||||
|
||||
it("returns all the models for that instance in the response body", done => {
|
||||
request
|
||||
.get(`/api/${instance._id}/models`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
.end(async (_, res) => {
|
||||
|
@ -105,7 +105,7 @@ describe("/models", () => {
|
|||
|
||||
beforeEach(async () => {
|
||||
instance = await createInstance(request, app._id)
|
||||
testModel = await createModel(request, instance._id, testModel)
|
||||
testModel = await createModel(request, app._id, instance._id, testModel)
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
|
@ -115,7 +115,7 @@ describe("/models", () => {
|
|||
it("returns a success response when a model is deleted.", async done => {
|
||||
request
|
||||
.delete(`/api/${instance._id}/models/${testModel._id}/${testModel._rev}`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
.end(async (_, res) => {
|
||||
|
@ -125,7 +125,7 @@ describe("/models", () => {
|
|||
})
|
||||
|
||||
it("deletes linked references to the model after deletion", async done => {
|
||||
const linkedModel = await createModel(request, instance._id, {
|
||||
const linkedModel = await createModel(request, app._id, instance._id, {
|
||||
name: "LinkedModel",
|
||||
type: "model",
|
||||
key: "name",
|
||||
|
@ -148,7 +148,7 @@ describe("/models", () => {
|
|||
|
||||
request
|
||||
.delete(`/api/${instance._id}/models/${testModel._id}/${testModel._rev}`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
.end(async (_, res) => {
|
||||
|
|
|
@ -27,7 +27,7 @@ describe("/records", () => {
|
|||
|
||||
beforeEach(async () => {
|
||||
instance = await createInstance(request, app._id)
|
||||
model = await createModel(request, instance._id)
|
||||
model = await createModel(request, app._id, instance._id)
|
||||
record = {
|
||||
name: "Test Contact",
|
||||
status: "new",
|
||||
|
@ -39,13 +39,13 @@ describe("/records", () => {
|
|||
|
||||
const createRecord = async r =>
|
||||
await request
|
||||
.post(`/api/${instance._id}/${model._id}/records`)
|
||||
.post(`/api/${model._id}/records`)
|
||||
.send(r || record)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
it("returns a success message when the record is created", async () => {
|
||||
fit("returns a success message when the record is created", async () => {
|
||||
const res = await createRecord()
|
||||
expect(res.res.statusMessage).toEqual(`${model.name} created successfully`)
|
||||
expect(res.body.name).toEqual("Test Contact")
|
||||
|
@ -57,14 +57,14 @@ describe("/records", () => {
|
|||
const existing = rec.body
|
||||
|
||||
const res = await request
|
||||
.post(`/api/${instance._id}/${model._id}/records`)
|
||||
.post(`/api/${model._id}/records`)
|
||||
.send({
|
||||
_id: existing._id,
|
||||
_rev: existing._rev,
|
||||
modelId: model._id,
|
||||
name: "Updated Name",
|
||||
})
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -77,8 +77,8 @@ describe("/records", () => {
|
|||
const existing = rec.body
|
||||
|
||||
const res = await request
|
||||
.get(`/api/${instance._id}/${model._id}/records/${existing._id}`)
|
||||
.set(defaultHeaders)
|
||||
.get(`/api/${model._id}/records/${existing._id}`)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -100,8 +100,8 @@ describe("/records", () => {
|
|||
await createRecord(newRecord)
|
||||
|
||||
const res = await request
|
||||
.get(`/api/${instance._id}/${model._id}/records`)
|
||||
.set(defaultHeaders)
|
||||
.get(`/api/${model._id}/records`)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -122,8 +122,8 @@ describe("/records", () => {
|
|||
const recordIds = [record.body._id, secondRecord.body._id]
|
||||
|
||||
const res = await request
|
||||
.post(`/api/${instance._id}/records/search`)
|
||||
.set(defaultHeaders)
|
||||
.post(`/api/records/search`)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.send({
|
||||
keys: recordIds
|
||||
})
|
||||
|
@ -137,8 +137,8 @@ describe("/records", () => {
|
|||
it("load should return 404 when record does not exist", async () => {
|
||||
await createRecord()
|
||||
await request
|
||||
.get(`/api/${instance._id}/${model._id}/records/not-a-valid-id`)
|
||||
.set(defaultHeaders)
|
||||
.get(`/api/${model._id}/records/not-a-valid-id`)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(404)
|
||||
})
|
||||
|
@ -147,9 +147,9 @@ describe("/records", () => {
|
|||
describe("validate", () => {
|
||||
it("should return no errors on valid record", async () => {
|
||||
const result = await request
|
||||
.post(`/api/${instance._id}/${model._id}/records/validate`)
|
||||
.post(`/api/${model._id}/records/validate`)
|
||||
.send({ name: "ivan" })
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -159,9 +159,9 @@ describe("/records", () => {
|
|||
|
||||
it("should errors on invalid record", async () => {
|
||||
const result = await request
|
||||
.post(`/api/${instance._id}/${model._id}/records/validate`)
|
||||
.post(`/api/${model._id}/records/validate`)
|
||||
.send({ name: 1 })
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
|
|
@ -36,11 +36,11 @@ describe("/users", () => {
|
|||
describe("fetch", () => {
|
||||
|
||||
it("returns a list of users from an instance db", async () => {
|
||||
await createUser(request, instance._id, "brenda", "brendas_password")
|
||||
await createUser(request, instance._id, "pam", "pam_password")
|
||||
await createUser(request, app._id, instance._id, "brenda", "brendas_password")
|
||||
await createUser(request, app._id, instance._id, "pam", "pam_password")
|
||||
const res = await request
|
||||
.get(`/api/${instance._id}/users`)
|
||||
.set(defaultHeaders)
|
||||
.get(`/api/users`)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -50,7 +50,7 @@ describe("/users", () => {
|
|||
})
|
||||
|
||||
it("should apply authorization to endpoint", async () => {
|
||||
await createUser(request, instance._id, "brenda", "brendas_password")
|
||||
await createUser(request, app._id, instance._id, "brenda", "brendas_password")
|
||||
await testPermissionsForEndpoint({
|
||||
request,
|
||||
method: "GET",
|
||||
|
@ -67,7 +67,7 @@ describe("/users", () => {
|
|||
it("returns a success message when a user is successfully created", async () => {
|
||||
const res = await request
|
||||
.post(`/api/${instance._id}/users`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.send({ name: "Bill", username: "bill", password: "bills_password", accessLevelId: POWERUSER_LEVEL_ID })
|
||||
.expect(200)
|
||||
.expect('Content-Type', /json/)
|
||||
|
|
|
@ -40,7 +40,7 @@ describe("/views", () => {
|
|||
}`,
|
||||
reduce: `function(keys, values) { }`
|
||||
})
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -56,14 +56,14 @@ describe("/views", () => {
|
|||
describe("fetch", () => {
|
||||
|
||||
beforeEach(async () => {
|
||||
model = await createModel(request, instance._id);
|
||||
model = await createModel(request, app._id, instance._id);
|
||||
});
|
||||
|
||||
it("should only return custom views", async () => {
|
||||
const view = await createView()
|
||||
const res = await request
|
||||
.get(`/api/${instance._id}/views`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
expect(res.body.length).toBe(1)
|
||||
|
|
|
@ -64,7 +64,7 @@ describe("/workflows", () => {
|
|||
it("returns a success message when the workflow is successfully created", async () => {
|
||||
const res = await request
|
||||
.post(`/api/${instance._id}/workflows`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.send(TEST_WORKFLOW)
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
@ -93,7 +93,7 @@ describe("/workflows", () => {
|
|||
|
||||
const res = await request
|
||||
.put(`/api/${instance._id}/workflows`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.send(workflow)
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
@ -108,7 +108,7 @@ describe("/workflows", () => {
|
|||
await createWorkflow();
|
||||
const res = await request
|
||||
.get(`/api/${instance._id}/workflows`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
@ -130,7 +130,7 @@ describe("/workflows", () => {
|
|||
await createWorkflow();
|
||||
const res = await request
|
||||
.delete(`/api/${instance._id}/workflows/${workflow.id}/${workflow.rev}`)
|
||||
.set(defaultHeaders)
|
||||
.set(defaultHeaders(app._id, instance._id))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200)
|
||||
|
||||
|
|
|
@ -6,19 +6,11 @@ const { USER_MANAGEMENT, LIST_USERS } = require("../../utilities/accessLevels")
|
|||
const router = Router()
|
||||
|
||||
router
|
||||
.get("/api/:instanceId/users", authorized(LIST_USERS), controller.fetch)
|
||||
.get(
|
||||
"/api/:instanceId/users/:username",
|
||||
authorized(USER_MANAGEMENT),
|
||||
controller.find
|
||||
)
|
||||
.post(
|
||||
"/api/:instanceId/users",
|
||||
authorized(USER_MANAGEMENT),
|
||||
controller.create
|
||||
)
|
||||
.get("/api/users", authorized(LIST_USERS), controller.fetch)
|
||||
.get("/api/users/:username", authorized(USER_MANAGEMENT), controller.find)
|
||||
.post("/api/users", authorized(USER_MANAGEMENT), controller.create)
|
||||
.delete(
|
||||
"/api/:instanceId/users/:username",
|
||||
"/api/users/:username",
|
||||
authorized(USER_MANAGEMENT),
|
||||
controller.destroy
|
||||
)
|
||||
|
|
|
@ -8,13 +8,13 @@ const router = Router()
|
|||
|
||||
router
|
||||
.get(
|
||||
"/api/:instanceId/views/:viewName",
|
||||
"/api/views/:viewName",
|
||||
authorized(READ_VIEW, ctx => ctx.params.viewName),
|
||||
recordController.fetchView
|
||||
)
|
||||
.get("/api/:instanceId/views", authorized(BUILDER), viewController.fetch)
|
||||
.get("/api/views", authorized(BUILDER), viewController.fetch)
|
||||
// .patch("/api/:databaseId/views", controller.update);
|
||||
// .delete("/api/:instanceId/views/:viewId/:revId", controller.destroy);
|
||||
.post("/api/:instanceId/views", authorized(BUILDER), viewController.create)
|
||||
.post("/api/views", authorized(BUILDER), viewController.create)
|
||||
|
||||
module.exports = router
|
||||
|
|
|
@ -6,20 +6,16 @@ const { BUILDER } = require("../../utilities/accessLevels")
|
|||
const router = Router()
|
||||
|
||||
router
|
||||
.get("/api/:instanceId/workflows", authorized(BUILDER), controller.fetch)
|
||||
.get("/api/workflows", authorized(BUILDER), controller.fetch)
|
||||
.get("/api/workflows/:id", authorized(BUILDER), controller.find)
|
||||
.get(
|
||||
"/api/:instanceId/workflows/:id/:action",
|
||||
"/api/workflows/:id/:action",
|
||||
authorized(BUILDER),
|
||||
controller.fetchActionScript
|
||||
)
|
||||
.put("/api/:instanceId/workflows", authorized(BUILDER), controller.update)
|
||||
.post("/api/:instanceId/workflows", authorized(BUILDER), controller.create)
|
||||
.put("/api/workflows", authorized(BUILDER), controller.update)
|
||||
.post("/api/workflows", authorized(BUILDER), controller.create)
|
||||
.post("/api/workflows/action", controller.executeAction)
|
||||
.delete(
|
||||
"/api/:instanceId/workflows/:id/:rev",
|
||||
authorized(BUILDER),
|
||||
controller.destroy
|
||||
)
|
||||
.delete("/api/workflows/:id/:rev", authorized(BUILDER), controller.destroy)
|
||||
|
||||
module.exports = router
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
const jwt = require("jsonwebtoken")
|
||||
const STATUS_CODES = require("../utilities/statusCodes")
|
||||
const env = require("../environment")
|
||||
const accessLevelController = require("../api/controllers/accesslevel")
|
||||
const {
|
||||
ADMIN_LEVEL_ID,
|
||||
POWERUSER_LEVEL_ID,
|
||||
BUILDER_LEVEL_ID,
|
||||
ANON_LEVEL_ID,
|
||||
} = require("../utilities/accessLevels")
|
||||
|
||||
module.exports = async (ctx, next) => {
|
||||
|
@ -21,10 +22,19 @@ module.exports = async (ctx, next) => {
|
|||
const shouldAuthAsBuilder = isBuilderAgent && builderToken
|
||||
|
||||
if (shouldAuthAsBuilder) {
|
||||
const builderTokenValid = builderToken === env.ADMIN_SECRET
|
||||
|
||||
ctx.isAuthenticated = builderTokenValid
|
||||
ctx.isBuilder = builderTokenValid
|
||||
try {
|
||||
const jwtPayload = jwt.verify(builderToken, ctx.config.jwtSecret)
|
||||
ctx.isAuthenticated = jwtPayload.accessLevelId === BUILDER_LEVEL_ID
|
||||
ctx.user = {
|
||||
...jwtPayload,
|
||||
accessLevel: await getAccessLevel(
|
||||
jwtPayload.instanceId,
|
||||
jwtPayload.accessLevelId
|
||||
),
|
||||
}
|
||||
} catch (_) {
|
||||
// empty: do nothing
|
||||
}
|
||||
|
||||
await next()
|
||||
return
|
||||
|
@ -46,7 +56,7 @@ module.exports = async (ctx, next) => {
|
|||
jwtPayload.accessLevelId
|
||||
),
|
||||
}
|
||||
ctx.isAuthenticated = true
|
||||
ctx.isAuthenticated = ctx.user.accessLevelId !== ANON_LEVEL_ID
|
||||
} catch (err) {
|
||||
ctx.throw(err.status || STATUS_CODES.FORBIDDEN, err.text)
|
||||
}
|
||||
|
@ -57,7 +67,9 @@ module.exports = async (ctx, next) => {
|
|||
const getAccessLevel = async (instanceId, accessLevelId) => {
|
||||
if (
|
||||
accessLevelId === POWERUSER_LEVEL_ID ||
|
||||
accessLevelId === ADMIN_LEVEL_ID
|
||||
accessLevelId === ADMIN_LEVEL_ID ||
|
||||
accessLevelId === BUILDER_LEVEL_ID ||
|
||||
accessLevelId === ANON_LEVEL_ID
|
||||
) {
|
||||
return {
|
||||
_id: accessLevelId,
|
||||
|
|
|
@ -2,6 +2,7 @@ const {
|
|||
adminPermissions,
|
||||
ADMIN_LEVEL_ID,
|
||||
POWERUSER_LEVEL_ID,
|
||||
BUILDER_LEVEL_ID,
|
||||
BUILDER,
|
||||
} = require("../utilities/accessLevels")
|
||||
|
||||
|
@ -10,7 +11,11 @@ module.exports = (permName, getItemId) => async (ctx, next) => {
|
|||
ctx.throw(403, "Session not authenticated")
|
||||
}
|
||||
|
||||
if (ctx.isBuilder) {
|
||||
if (!ctx.user) {
|
||||
ctx.throw(403, "User not found")
|
||||
}
|
||||
|
||||
if (ctx.user.accessLevel._id === BUILDER_LEVEL_ID) {
|
||||
await next()
|
||||
return
|
||||
}
|
||||
|
@ -20,10 +25,6 @@ module.exports = (permName, getItemId) => async (ctx, next) => {
|
|||
return
|
||||
}
|
||||
|
||||
if (!ctx.user) {
|
||||
ctx.throw(403, "User not found")
|
||||
}
|
||||
|
||||
const permissionId = ({ name, itemId }) => name + (itemId ? `-${itemId}` : "")
|
||||
|
||||
if (ctx.user.accessLevel._id === ADMIN_LEVEL_ID) {
|
||||
|
|
|
@ -5,6 +5,8 @@ const workflowController = require("../api/controllers/workflow")
|
|||
// Access Level IDs
|
||||
const ADMIN_LEVEL_ID = "ADMIN"
|
||||
const POWERUSER_LEVEL_ID = "POWER_USER"
|
||||
const BUILDER_LEVEL_ID = "BUILDER"
|
||||
const ANON_LEVEL_ID = "ANON"
|
||||
|
||||
// Permissions
|
||||
const READ_MODEL = "read-model"
|
||||
|
@ -28,7 +30,7 @@ const generateAdminPermissions = async instanceId => [
|
|||
|
||||
const generatePowerUserPermissions = async instanceId => {
|
||||
const fetchModelsCtx = {
|
||||
params: {
|
||||
user: {
|
||||
instanceId,
|
||||
},
|
||||
}
|
||||
|
@ -36,7 +38,7 @@ const generatePowerUserPermissions = async instanceId => {
|
|||
const models = fetchModelsCtx.body
|
||||
|
||||
const fetchViewsCtx = {
|
||||
params: {
|
||||
user: {
|
||||
instanceId,
|
||||
},
|
||||
}
|
||||
|
@ -44,7 +46,7 @@ const generatePowerUserPermissions = async instanceId => {
|
|||
const views = fetchViewsCtx.body
|
||||
|
||||
const fetchWorkflowsCtx = {
|
||||
params: {
|
||||
user: {
|
||||
instanceId,
|
||||
},
|
||||
}
|
||||
|
@ -83,6 +85,8 @@ const generatePowerUserPermissions = async instanceId => {
|
|||
module.exports = {
|
||||
ADMIN_LEVEL_ID,
|
||||
POWERUSER_LEVEL_ID,
|
||||
BUILDER_LEVEL_ID,
|
||||
ANON_LEVEL_ID,
|
||||
READ_MODEL,
|
||||
WRITE_MODEL,
|
||||
READ_VIEW,
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
const { BUILDER_LEVEL_ID } = require("../accessLevels")
|
||||
const jwt = require("jsonwebtoken")
|
||||
|
||||
module.exports = (ctx, appId, instanceId) => {
|
||||
const builderUser = {
|
||||
userId: "BUILDER",
|
||||
accessLevelId: BUILDER_LEVEL_ID,
|
||||
instanceId,
|
||||
appId,
|
||||
}
|
||||
|
||||
const token = jwt.sign(builderUser, ctx.config.jwtSecret, {
|
||||
expiresIn: "30 days",
|
||||
})
|
||||
|
||||
var expiry = new Date()
|
||||
expiry.setDate(expiry.getDate() + 30)
|
||||
ctx.cookies.set("builder:token", token, { expires: expiry, httpOnly: false })
|
||||
}
|
|
@ -8,7 +8,6 @@
|
|||
fcRoot(FusionCharts, Charts, FusionTheme)
|
||||
|
||||
export let _bb
|
||||
export let _instanceId
|
||||
export let model
|
||||
export let type = "column2d"
|
||||
|
||||
|
@ -25,7 +24,7 @@
|
|||
}
|
||||
|
||||
async function fetchData() {
|
||||
const FETCH_RECORDS_URL = `/api/${_instanceId}/views/all_${model}`
|
||||
const FETCH_RECORDS_URL = `/api/views/all_${model}`
|
||||
const response = await _bb.api.get(FETCH_RECORDS_URL)
|
||||
if (response.status === 200) {
|
||||
const json = await response.json()
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
import { onMount } from "svelte"
|
||||
|
||||
export let _bb
|
||||
export let _instanceId
|
||||
export let model
|
||||
|
||||
let username
|
||||
|
@ -21,14 +20,14 @@
|
|||
$: fields = Object.keys(schema)
|
||||
|
||||
async function fetchModel() {
|
||||
const FETCH_MODEL_URL = `/api/${_instanceId}/models/${model}`
|
||||
const FETCH_MODEL_URL = `/api/models/${model}`
|
||||
const response = await _bb.api.get(FETCH_MODEL_URL)
|
||||
modelDef = await response.json()
|
||||
schema = modelDef.schema
|
||||
}
|
||||
|
||||
async function save() {
|
||||
const SAVE_RECORD_URL = `/api/${_instanceId}/${model}/records`
|
||||
const SAVE_RECORD_URL = `/api/${model}/records`
|
||||
const response = await _bb.api.post(SAVE_RECORD_URL, newModel)
|
||||
const json = await response.json()
|
||||
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
import { onMount } from "svelte"
|
||||
|
||||
export let _bb
|
||||
export let _instanceId
|
||||
export let model
|
||||
export let layout = "list"
|
||||
|
||||
|
@ -12,7 +11,7 @@
|
|||
async function fetchData() {
|
||||
if (!model || !model.length) return
|
||||
|
||||
const FETCH_RECORDS_URL = `/api/${_instanceId}/views/all_${model}`
|
||||
const FETCH_RECORDS_URL = `/api/views/all_${model}`
|
||||
const response = await _bb.api.get(FETCH_RECORDS_URL)
|
||||
if (response.status === 200) {
|
||||
const json = await response.json()
|
||||
|
|
|
@ -3,14 +3,13 @@
|
|||
|
||||
export let _bb
|
||||
export let onLoad
|
||||
export let _instanceId
|
||||
export let model
|
||||
|
||||
let headers = []
|
||||
let store = _bb.store
|
||||
|
||||
async function fetchData() {
|
||||
const FETCH_RECORDS_URL = `/api/${_instanceId}/views/all_${model}`
|
||||
const FETCH_RECORDS_URL = `/api/views/all_${model}`
|
||||
|
||||
const response = await _bb.api.get(FETCH_RECORDS_URL)
|
||||
if (response.status === 200) {
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
import { onMount } from "svelte"
|
||||
|
||||
export let _bb
|
||||
export let _instanceId
|
||||
export let model
|
||||
export let layout = "list"
|
||||
|
||||
|
@ -13,7 +12,7 @@
|
|||
async function fetchData() {
|
||||
if (!model || !model.length) return
|
||||
|
||||
const FETCH_RECORDS_URL = `/api/${_instanceId}/views/all_${model}`
|
||||
const FETCH_RECORDS_URL = `/api/views/all_${model}`
|
||||
const response = await _bb.api.get(FETCH_RECORDS_URL)
|
||||
if (response.status === 200) {
|
||||
const json = await response.json()
|
||||
|
|
Loading…
Reference in New Issue