From d87b8c0563a00f63b9e7993be2a80e08ff09e8ad Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Fri, 4 Feb 2022 17:34:39 +0000 Subject: [PATCH 1/3] Fix for #4267 - allow admins to access all roles. --- packages/backend-core/src/security/roles.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/backend-core/src/security/roles.js b/packages/backend-core/src/security/roles.js index 82bfbd5212..11abc70bdd 100644 --- a/packages/backend-core/src/security/roles.js +++ b/packages/backend-core/src/security/roles.js @@ -146,8 +146,9 @@ exports.getRole = async roleId => { * Simple function to get all the roles based on the top level user role ID. */ async function getAllUserRoles(userRoleId) { - if (!userRoleId) { - return [BUILTIN_IDS.BASIC] + // admins have access to all roles + if (userRoleId === BUILTIN_IDS.ADMIN) { + return exports.getAllRoles() } let currentRole = await exports.getRole(userRoleId) let roles = currentRole ? [currentRole] : [] From a214400e0362d6c36e9b3a6b6fa2de7ac9d7c8fa Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Fri, 4 Feb 2022 17:35:45 +0000 Subject: [PATCH 2/3] Fixing issue which was blocking the ability to logout fully, as well as causing issues with new user signup and password reset. --- packages/backend-core/src/utils.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/backend-core/src/utils.js b/packages/backend-core/src/utils.js index 6c71c51b9d..45fb4acd55 100644 --- a/packages/backend-core/src/utils.js +++ b/packages/backend-core/src/utils.js @@ -256,7 +256,7 @@ exports.saveUser = async ( exports.platformLogout = async ({ ctx, userId, keepActiveSession }) => { if (!ctx) throw new Error("Koa context must be supplied to logout.") - const currentSession = this.getCookie(ctx, Cookies.Auth) + const currentSession = exports.getCookie(ctx, Cookies.Auth) let sessions = await getUserSessions(userId) if (keepActiveSession) { @@ -265,8 +265,8 @@ exports.platformLogout = async ({ ctx, userId, keepActiveSession }) => { ) } else { // clear cookies - this.clearCookie(ctx, Cookies.Auth) - this.clearCookie(ctx, Cookies.CurrentApp) + exports.clearCookie(ctx, Cookies.Auth) + exports.clearCookie(ctx, Cookies.CurrentApp) } await invalidateSessions( From 30b6c1f3cabadb03e09f5cbdec0cd87dd5fae209 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Fri, 4 Feb 2022 17:37:13 +0000 Subject: [PATCH 3/3] Fixing an issue with user syncing on save to app DBs as well as fixing a problem with pretty app URLs not setting the app ID correctly into the context. --- .../src/api/controllers/static/index.js | 10 ++-- packages/server/src/api/controllers/user.js | 58 ++++++++++--------- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/packages/server/src/api/controllers/static/index.js b/packages/server/src/api/controllers/static/index.js index cafe999150..82e66ab545 100644 --- a/packages/server/src/api/controllers/static/index.js +++ b/packages/server/src/api/controllers/static/index.js @@ -16,7 +16,7 @@ const { clientLibraryPath } = require("../../../utilities") const { upload } = require("../../../utilities/fileSystem") const { attachmentsRelativeURL } = require("../../../utilities") const { DocumentTypes } = require("../../../db/utils") -const { getAppDB } = require("@budibase/backend-core/context") +const { getAppDB, updateAppId } = require("@budibase/backend-core/context") const AWS = require("aws-sdk") const AWS_REGION = env.AWS_REGION ? env.AWS_REGION : "eu-west-1" @@ -49,11 +49,9 @@ async function getAppIdFromUrl(ctx) { a => a.url && a.url.toLowerCase() === possibleAppUrl )[0] - if (app && app.appId) { - return app.appId - } else { - return ctx.params.appId - } + const appId = app && app.appId ? app.appId : ctx.params.appId + updateAppId(appId) + return appId } exports.serveBuilder = async function (ctx) { diff --git a/packages/server/src/api/controllers/user.js b/packages/server/src/api/controllers/user.js index ca7ef24162..7d4ef65994 100644 --- a/packages/server/src/api/controllers/user.js +++ b/packages/server/src/api/controllers/user.js @@ -14,7 +14,7 @@ const { dbExists, } = require("@budibase/backend-core/db") const { UserStatus } = require("@budibase/backend-core/constants") -const { getAppDB } = require("@budibase/backend-core/context") +const { getAppDB, doInAppContext } = require("@budibase/backend-core/context") async function rawMetadata() { const db = getAppDB() @@ -105,34 +105,36 @@ exports.syncUser = async function (ctx) { if (!(await dbExists(appId))) { continue } - const db = getAppDB() - const metadataId = generateUserMetadataID(userId) - let metadata - try { - metadata = await db.get(metadataId) - } catch (err) { - if (deleting) { - continue - } - metadata = { - tableId: InternalTables.USER_METADATA, - } - } - // assign the roleId for the metadata doc - if (roleId) { - metadata.roleId = roleId - } - let combined = !deleting - ? combineMetadataAndUser(user, metadata) - : { - ...metadata, - status: UserStatus.INACTIVE, - metadata: BUILTIN_ROLE_IDS.PUBLIC, + await doInAppContext(appId, async () => { + const db = getAppDB() + const metadataId = generateUserMetadataID(userId) + let metadata + try { + metadata = await db.get(metadataId) + } catch (err) { + if (deleting) { + return } - // if its null then there was no updates required - if (combined) { - await db.put(combined) - } + metadata = { + tableId: InternalTables.USER_METADATA, + } + } + // assign the roleId for the metadata doc + if (roleId) { + metadata.roleId = roleId + } + let combined = !deleting + ? combineMetadataAndUser(user, metadata) + : { + ...metadata, + status: UserStatus.INACTIVE, + metadata: BUILTIN_ROLE_IDS.PUBLIC, + } + // if its null then there was no updates required + if (combined) { + await db.put(combined) + } + }) } } ctx.body = {