Merge pull request #7093 from Budibase/fix/builder-delete-apps
Allow builders that don't have admin access to delete apps
This commit is contained in:
commit
d88a0a1204
|
@ -19,6 +19,8 @@ const {
|
||||||
csrf,
|
csrf,
|
||||||
internalApi,
|
internalApi,
|
||||||
adminOnly,
|
adminOnly,
|
||||||
|
builderOnly,
|
||||||
|
builderOrAdmin,
|
||||||
joiValidator,
|
joiValidator,
|
||||||
} = require("./middleware")
|
} = require("./middleware")
|
||||||
|
|
||||||
|
@ -176,5 +178,7 @@ module.exports = {
|
||||||
updateUserOAuth,
|
updateUserOAuth,
|
||||||
ssoCallbackUrl,
|
ssoCallbackUrl,
|
||||||
adminOnly,
|
adminOnly,
|
||||||
|
builderOnly,
|
||||||
|
builderOrAdmin,
|
||||||
joiValidator,
|
joiValidator,
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,7 +81,7 @@ module.exports = (
|
||||||
|
|
||||||
const session = await getSession(userId, sessionId)
|
const session = await getSession(userId, sessionId)
|
||||||
if (!session) {
|
if (!session) {
|
||||||
error = "No session found"
|
error = `Session not found - ${userId} - ${sessionId}`
|
||||||
} else {
|
} else {
|
||||||
try {
|
try {
|
||||||
if (opts && opts.populateUser) {
|
if (opts && opts.populateUser) {
|
||||||
|
|
|
@ -10,6 +10,8 @@ const internalApi = require("./internalApi")
|
||||||
const datasourceGoogle = require("./passport/datasource/google")
|
const datasourceGoogle = require("./passport/datasource/google")
|
||||||
const csrf = require("./csrf")
|
const csrf = require("./csrf")
|
||||||
const adminOnly = require("./adminOnly")
|
const adminOnly = require("./adminOnly")
|
||||||
|
const builderOrAdmin = require("./builderOrAdmin")
|
||||||
|
const builderOnly = require("./builderOnly")
|
||||||
const joiValidator = require("./joi-validator")
|
const joiValidator = require("./joi-validator")
|
||||||
module.exports = {
|
module.exports = {
|
||||||
google,
|
google,
|
||||||
|
@ -27,5 +29,7 @@ module.exports = {
|
||||||
},
|
},
|
||||||
csrf,
|
csrf,
|
||||||
adminOnly,
|
adminOnly,
|
||||||
|
builderOnly,
|
||||||
|
builderOrAdmin,
|
||||||
joiValidator,
|
joiValidator,
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
const redis = require("../redis/init")
|
const redis = require("../redis/init")
|
||||||
const { v4: uuidv4 } = require("uuid")
|
const { v4: uuidv4 } = require("uuid")
|
||||||
const { logWarn } = require("../logging")
|
const { logWarn } = require("../logging")
|
||||||
|
const env = require("../environment")
|
||||||
|
|
||||||
// a week in seconds
|
// a week in seconds
|
||||||
const EXPIRY_SECONDS = 86400 * 7
|
const EXPIRY_SECONDS = 86400 * 7
|
||||||
|
@ -34,17 +35,21 @@ async function invalidateSessions(userId, sessionIds = null) {
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
const client = await redis.getSessionClient()
|
if (sessions && sessions.length > 0) {
|
||||||
const promises = []
|
const client = await redis.getSessionClient()
|
||||||
for (let session of sessions) {
|
const promises = []
|
||||||
promises.push(client.delete(session.key))
|
for (let session of sessions) {
|
||||||
|
promises.push(client.delete(session.key))
|
||||||
|
}
|
||||||
|
if (!env.isTest()) {
|
||||||
|
logWarn(
|
||||||
|
`Invalidating sessions for ${userId} - ${sessions
|
||||||
|
.map(session => session.key)
|
||||||
|
.join(", ")}`
|
||||||
|
)
|
||||||
|
}
|
||||||
|
await Promise.all(promises)
|
||||||
}
|
}
|
||||||
logWarn(
|
|
||||||
`Invalidating sessions for ${userId} - ${sessions
|
|
||||||
.map(session => session.key)
|
|
||||||
.join(", ")}`
|
|
||||||
)
|
|
||||||
await Promise.all(promises)
|
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
console.error(`Error invalidating sessions: ${err}`)
|
console.error(`Error invalidating sessions: ${err}`)
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
const Router = require("@koa/router")
|
const Router = require("@koa/router")
|
||||||
const controller = require("../../controllers/global/roles")
|
const controller = require("../../controllers/global/roles")
|
||||||
const { adminOnly } = require("@budibase/backend-core/auth")
|
const { builderOrAdmin } = require("@budibase/backend-core/auth")
|
||||||
|
|
||||||
const router = Router()
|
const router = Router()
|
||||||
|
|
||||||
router
|
router
|
||||||
.get("/api/global/roles", adminOnly, controller.fetch)
|
.get("/api/global/roles", builderOrAdmin, controller.fetch)
|
||||||
.get("/api/global/roles/:appId", adminOnly, controller.find)
|
.get("/api/global/roles/:appId", builderOrAdmin, controller.find)
|
||||||
.delete("/api/global/roles/:appId", adminOnly, controller.removeAppRole)
|
.delete("/api/global/roles/:appId", builderOrAdmin, controller.removeAppRole)
|
||||||
|
|
||||||
module.exports = router
|
module.exports = router
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
const Router = require("@koa/router")
|
const Router = require("@koa/router")
|
||||||
const controller = require("../../controllers/global/self")
|
const controller = require("../../controllers/global/self")
|
||||||
const builderOnly = require("../../../middleware/builderOnly")
|
const { builderOnly } = require("@budibase/backend-core/auth")
|
||||||
const { users } = require("../validation")
|
const { users } = require("../validation")
|
||||||
|
|
||||||
const router = Router()
|
const router = Router()
|
||||||
|
|
|
@ -6,7 +6,7 @@ const Joi = require("joi")
|
||||||
const cloudRestricted = require("../../../middleware/cloudRestricted")
|
const cloudRestricted = require("../../../middleware/cloudRestricted")
|
||||||
const { users } = require("../validation")
|
const { users } = require("../validation")
|
||||||
const selfController = require("../../controllers/global/self")
|
const selfController = require("../../controllers/global/self")
|
||||||
const builderOrAdmin = require("../../../middleware/builderOrAdmin")
|
const { builderOrAdmin } = require("@budibase/backend-core/auth")
|
||||||
|
|
||||||
const router = Router()
|
const router = Router()
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
import joiValidator from "../../../middleware/joi-validator"
|
const { joiValidator } = require("@budibase/backend-core/auth")
|
||||||
import Joi from "joi"
|
import Joi from "joi"
|
||||||
|
|
||||||
let schema: any = {
|
let schema: any = {
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
module.exports = async (ctx, next) => {
|
|
||||||
if (
|
|
||||||
!ctx.internal &&
|
|
||||||
(!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
|
|
||||||
) {
|
|
||||||
ctx.throw(403, "Admin user only endpoint.")
|
|
||||||
}
|
|
||||||
return next()
|
|
||||||
}
|
|
|
@ -1,28 +0,0 @@
|
||||||
function validate(schema, property) {
|
|
||||||
// Return a Koa middleware function
|
|
||||||
return (ctx, next) => {
|
|
||||||
if (!schema) {
|
|
||||||
return next()
|
|
||||||
}
|
|
||||||
let params = null
|
|
||||||
if (ctx[property] != null) {
|
|
||||||
params = ctx[property]
|
|
||||||
} else if (ctx.request[property] != null) {
|
|
||||||
params = ctx.request[property]
|
|
||||||
}
|
|
||||||
const { error } = schema.validate(params)
|
|
||||||
if (error) {
|
|
||||||
ctx.throw(400, `Invalid ${property} - ${error.message}`)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
return next()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
module.exports.body = schema => {
|
|
||||||
return validate(schema, "body")
|
|
||||||
}
|
|
||||||
|
|
||||||
module.exports.params = schema => {
|
|
||||||
return validate(schema, "params")
|
|
||||||
}
|
|
Loading…
Reference in New Issue