Add new permission type for creators, update app creation endpoint to allow creators and assign access to new apps

This commit is contained in:
Andrew Kingston 2023-11-23 16:22:16 +00:00
parent 974b117500
commit c2c0012013
4 changed files with 24 additions and 6 deletions

View File

@ -160,4 +160,5 @@ export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
// utility as a lot of things need simply the builder permission // utility as a lot of things need simply the builder permission
export const BUILDER = PermissionType.BUILDER export const BUILDER = PermissionType.BUILDER
export const CREATOR = PermissionType.CREATOR
export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER

View File

@ -51,6 +51,8 @@ import {
import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts" import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
import sdk from "../../sdk" import sdk from "../../sdk"
import { builderSocket } from "../../websockets" import { builderSocket } from "../../websockets"
import * as userSdk from "../../sdk/users"
import { sdk as sharedCoreSDK } from "@budibase/shared-core"
// utility function, need to do away with this // utility function, need to do away with this
async function getLayouts() { async function getLayouts() {
@ -394,6 +396,13 @@ async function appPostCreate(ctx: UserCtx, app: App) {
} }
} }
} }
// If the user is a creator, we need to give them access to the new app
if (sharedCoreSDK.users.hasCreatorPermissions(ctx.user)) {
let user = await users.UserDB.getUser(ctx.user._id!)
user.roles[dbCore.getProdAppID(app.appId)] = roles.BUILTIN_ROLE_IDS.ADMIN
await users.UserDB.save(user)
}
} }
export async function create(ctx: UserCtx) { export async function create(ctx: UserCtx) {

View File

@ -16,7 +16,7 @@ router
) )
.post( .post(
"/api/applications", "/api/applications",
authorized(permissions.GLOBAL_BUILDER), authorized(permissions.CREATOR),
applicationValidator(), applicationValidator(),
controller.create controller.create
) )

View File

@ -5,7 +5,7 @@ import {
roles, roles,
users, users,
} from "@budibase/backend-core" } from "@budibase/backend-core"
import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types" import { PermissionLevel, PermissionType, UserCtx } from "@budibase/types"
import builderMiddleware from "./builder" import builderMiddleware from "./builder"
import { isWebhookEndpoint } from "./utils" import { isWebhookEndpoint } from "./utils"
import { paramResource } from "./resourceId" import { paramResource } from "./resourceId"
@ -31,13 +31,20 @@ const checkAuthorized = async (
) => { ) => {
const appId = context.getAppId() const appId = context.getAppId()
const isGlobalBuilderApi = permType === PermissionType.GLOBAL_BUILDER const isGlobalBuilderApi = permType === PermissionType.GLOBAL_BUILDER
const isCreatorApi = permType === PermissionType.CREATOR
const isBuilderApi = permType === PermissionType.BUILDER const isBuilderApi = permType === PermissionType.BUILDER
const globalBuilder = users.isGlobalBuilder(ctx.user) const isGlobalBuilder = users.isGlobalBuilder(ctx.user)
let isBuilder = appId const isCreator = users.isCreator(ctx.user)
const isBuilder = appId
? users.isBuilder(ctx.user, appId) ? users.isBuilder(ctx.user, appId)
: users.hasBuilderPermissions(ctx.user) : users.hasBuilderPermissions(ctx.user)
// check if this is a builder api and the user is not a builder
if ((isGlobalBuilderApi && !globalBuilder) || (isBuilderApi && !isBuilder)) { // check api permission type against user
if (
(isGlobalBuilderApi && !isGlobalBuilder) ||
(isCreatorApi && !isCreator) ||
(isBuilderApi && !isBuilder)
) {
return ctx.throw(403, "Not Authorized") return ctx.throw(403, "Not Authorized")
} }
@ -148,6 +155,7 @@ const authorized =
// to find API endpoints which are builder focused // to find API endpoints which are builder focused
if ( if (
permType === PermissionType.BUILDER || permType === PermissionType.BUILDER ||
permType === PermissionType.CREATOR ||
permType === PermissionType.GLOBAL_BUILDER permType === PermissionType.GLOBAL_BUILDER
) { ) {
await builderMiddleware(ctx) await builderMiddleware(ctx)