Minor update to make use of new client header to state the request is from the client, not the builder.
This commit is contained in:
parent
c541cd078b
commit
c03923360b
|
@ -62,11 +62,10 @@ exports.fetch = async ctx => {
|
||||||
|
|
||||||
exports.clientFetch = async ctx => {
|
exports.clientFetch = async ctx => {
|
||||||
const routing = await getRoutingStructure(ctx.appId)
|
const routing = await getRoutingStructure(ctx.appId)
|
||||||
const accessLevelId = ctx.user.accessLevel._id
|
let accessLevelId = ctx.user.accessLevel._id
|
||||||
// builder is a special case, always return the full routing structure
|
// builder is a special case, always return the full routing structure
|
||||||
if (accessLevelId === BUILTIN_LEVEL_IDS.BUILDER) {
|
if (accessLevelId === BUILTIN_LEVEL_IDS.BUILDER) {
|
||||||
ctx.body = routing
|
accessLevelId = BUILTIN_LEVEL_IDS.ADMIN
|
||||||
return
|
|
||||||
}
|
}
|
||||||
const accessLevelIds = await getUserAccessLevelHierarchy(
|
const accessLevelIds = await getUserAccessLevelHierarchy(
|
||||||
ctx.appId,
|
ctx.appId,
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
const jwt = require("jsonwebtoken")
|
const jwt = require("jsonwebtoken")
|
||||||
const STATUS_CODES = require("../utilities/statusCodes")
|
const STATUS_CODES = require("../utilities/statusCodes")
|
||||||
const { getAccessLevel } = require("../utilities/security/accessLevels")
|
const { getAccessLevel, BUILTIN_LEVELS } = require("../utilities/security/accessLevels")
|
||||||
const env = require("../environment")
|
const env = require("../environment")
|
||||||
const { AuthTypes } = require("../constants")
|
const { AuthTypes } = require("../constants")
|
||||||
const { getAppId, getCookieName, setCookie } = require("../utilities")
|
const { getAppId, getCookieName, setCookie, isClient } = require("../utilities")
|
||||||
|
|
||||||
module.exports = async (ctx, next) => {
|
module.exports = async (ctx, next) => {
|
||||||
if (ctx.path === "/_builder") {
|
if (ctx.path === "/_builder") {
|
||||||
|
@ -21,17 +21,13 @@ module.exports = async (ctx, next) => {
|
||||||
appId = cookieAppId
|
appId = cookieAppId
|
||||||
}
|
}
|
||||||
|
|
||||||
const appToken = ctx.cookies.get(getCookieName(appId))
|
|
||||||
const builderToken = ctx.cookies.get(getCookieName())
|
|
||||||
|
|
||||||
let token
|
let token
|
||||||
// if running locally in the builder itself
|
if (isClient(ctx)) {
|
||||||
if (!env.CLOUD && !appToken) {
|
|
||||||
token = builderToken
|
|
||||||
ctx.auth.authenticated = AuthTypes.BUILDER
|
|
||||||
} else {
|
|
||||||
token = appToken
|
|
||||||
ctx.auth.authenticated = AuthTypes.APP
|
ctx.auth.authenticated = AuthTypes.APP
|
||||||
|
token = ctx.cookies.get(getCookieName(appId))
|
||||||
|
} else {
|
||||||
|
ctx.auth.authenticated = AuthTypes.BUILDER
|
||||||
|
token = ctx.cookies.get(getCookieName())
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!token) {
|
if (!token) {
|
||||||
|
@ -39,6 +35,7 @@ module.exports = async (ctx, next) => {
|
||||||
ctx.appId = appId
|
ctx.appId = appId
|
||||||
ctx.user = {
|
ctx.user = {
|
||||||
appId,
|
appId,
|
||||||
|
accessLevel: BUILTIN_LEVELS.PUBLIC,
|
||||||
}
|
}
|
||||||
await next()
|
await next()
|
||||||
return
|
return
|
||||||
|
|
|
@ -70,3 +70,7 @@ exports.setCookie = (ctx, name, value) => {
|
||||||
overwrite: true,
|
overwrite: true,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exports.isClient = ctx => {
|
||||||
|
return ctx.headers["x-budibase-type"] === "client"
|
||||||
|
}
|
||||||
|
|
|
@ -21,7 +21,7 @@ exports.BUILTIN_LEVELS = {
|
||||||
ADMIN: new AccessLevel(BUILTIN_IDS.ADMIN, "Admin", BUILTIN_IDS.POWER),
|
ADMIN: new AccessLevel(BUILTIN_IDS.ADMIN, "Admin", BUILTIN_IDS.POWER),
|
||||||
POWER: new AccessLevel(BUILTIN_IDS.POWER, "Power", BUILTIN_IDS.BASIC),
|
POWER: new AccessLevel(BUILTIN_IDS.POWER, "Power", BUILTIN_IDS.BASIC),
|
||||||
BASIC: new AccessLevel(BUILTIN_IDS.BASIC, "Basic", BUILTIN_IDS.PUBLIC),
|
BASIC: new AccessLevel(BUILTIN_IDS.BASIC, "Basic", BUILTIN_IDS.PUBLIC),
|
||||||
ANON: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
|
PUBLIC: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
|
||||||
BUILDER: new AccessLevel(BUILTIN_IDS.BUILDER, "Builder"),
|
BUILDER: new AccessLevel(BUILTIN_IDS.BUILDER, "Builder"),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue