Merge pull request #7093 from Budibase/fix/builder-delete-apps

Allow builders that don't have admin access to delete apps
This commit is contained in:
Michael Drury 2022-08-04 19:38:19 +01:00 committed by GitHub
commit d88a0a1204
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 31 additions and 55 deletions

View File

@ -19,6 +19,8 @@ const {
csrf, csrf,
internalApi, internalApi,
adminOnly, adminOnly,
builderOnly,
builderOrAdmin,
joiValidator, joiValidator,
} = require("./middleware") } = require("./middleware")
@ -176,5 +178,7 @@ module.exports = {
updateUserOAuth, updateUserOAuth,
ssoCallbackUrl, ssoCallbackUrl,
adminOnly, adminOnly,
builderOnly,
builderOrAdmin,
joiValidator, joiValidator,
} }

View File

@ -81,7 +81,7 @@ module.exports = (
const session = await getSession(userId, sessionId) const session = await getSession(userId, sessionId)
if (!session) { if (!session) {
error = "No session found" error = `Session not found - ${userId} - ${sessionId}`
} else { } else {
try { try {
if (opts && opts.populateUser) { if (opts && opts.populateUser) {

View File

@ -10,6 +10,8 @@ const internalApi = require("./internalApi")
const datasourceGoogle = require("./passport/datasource/google") const datasourceGoogle = require("./passport/datasource/google")
const csrf = require("./csrf") const csrf = require("./csrf")
const adminOnly = require("./adminOnly") const adminOnly = require("./adminOnly")
const builderOrAdmin = require("./builderOrAdmin")
const builderOnly = require("./builderOnly")
const joiValidator = require("./joi-validator") const joiValidator = require("./joi-validator")
module.exports = { module.exports = {
google, google,
@ -27,5 +29,7 @@ module.exports = {
}, },
csrf, csrf,
adminOnly, adminOnly,
builderOnly,
builderOrAdmin,
joiValidator, joiValidator,
} }

View File

@ -1,6 +1,7 @@
const redis = require("../redis/init") const redis = require("../redis/init")
const { v4: uuidv4 } = require("uuid") const { v4: uuidv4 } = require("uuid")
const { logWarn } = require("../logging") const { logWarn } = require("../logging")
const env = require("../environment")
// a week in seconds // a week in seconds
const EXPIRY_SECONDS = 86400 * 7 const EXPIRY_SECONDS = 86400 * 7
@ -34,17 +35,21 @@ async function invalidateSessions(userId, sessionIds = null) {
})) }))
} }
const client = await redis.getSessionClient() if (sessions && sessions.length > 0) {
const promises = [] const client = await redis.getSessionClient()
for (let session of sessions) { const promises = []
promises.push(client.delete(session.key)) for (let session of sessions) {
promises.push(client.delete(session.key))
}
if (!env.isTest()) {
logWarn(
`Invalidating sessions for ${userId} - ${sessions
.map(session => session.key)
.join(", ")}`
)
}
await Promise.all(promises)
} }
logWarn(
`Invalidating sessions for ${userId} - ${sessions
.map(session => session.key)
.join(", ")}`
)
await Promise.all(promises)
} catch (err) { } catch (err) {
console.error(`Error invalidating sessions: ${err}`) console.error(`Error invalidating sessions: ${err}`)
} }

View File

@ -1,12 +1,12 @@
const Router = require("@koa/router") const Router = require("@koa/router")
const controller = require("../../controllers/global/roles") const controller = require("../../controllers/global/roles")
const { adminOnly } = require("@budibase/backend-core/auth") const { builderOrAdmin } = require("@budibase/backend-core/auth")
const router = Router() const router = Router()
router router
.get("/api/global/roles", adminOnly, controller.fetch) .get("/api/global/roles", builderOrAdmin, controller.fetch)
.get("/api/global/roles/:appId", adminOnly, controller.find) .get("/api/global/roles/:appId", builderOrAdmin, controller.find)
.delete("/api/global/roles/:appId", adminOnly, controller.removeAppRole) .delete("/api/global/roles/:appId", builderOrAdmin, controller.removeAppRole)
module.exports = router module.exports = router

View File

@ -1,6 +1,6 @@
const Router = require("@koa/router") const Router = require("@koa/router")
const controller = require("../../controllers/global/self") const controller = require("../../controllers/global/self")
const builderOnly = require("../../../middleware/builderOnly") const { builderOnly } = require("@budibase/backend-core/auth")
const { users } = require("../validation") const { users } = require("../validation")
const router = Router() const router = Router()

View File

@ -6,7 +6,7 @@ const Joi = require("joi")
const cloudRestricted = require("../../../middleware/cloudRestricted") const cloudRestricted = require("../../../middleware/cloudRestricted")
const { users } = require("../validation") const { users } = require("../validation")
const selfController = require("../../controllers/global/self") const selfController = require("../../controllers/global/self")
const builderOrAdmin = require("../../../middleware/builderOrAdmin") const { builderOrAdmin } = require("@budibase/backend-core/auth")
const router = Router() const router = Router()

View File

@ -1,4 +1,4 @@
import joiValidator from "../../../middleware/joi-validator" const { joiValidator } = require("@budibase/backend-core/auth")
import Joi from "joi" import Joi from "joi"
let schema: any = { let schema: any = {

View File

@ -1,9 +0,0 @@
module.exports = async (ctx, next) => {
if (
!ctx.internal &&
(!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
) {
ctx.throw(403, "Admin user only endpoint.")
}
return next()
}

View File

@ -1,28 +0,0 @@
function validate(schema, property) {
// Return a Koa middleware function
return (ctx, next) => {
if (!schema) {
return next()
}
let params = null
if (ctx[property] != null) {
params = ctx[property]
} else if (ctx.request[property] != null) {
params = ctx.request[property]
}
const { error } = schema.validate(params)
if (error) {
ctx.throw(400, `Invalid ${property} - ${error.message}`)
return
}
return next()
}
}
module.exports.body = schema => {
return validate(schema, "body")
}
module.exports.params = schema => {
return validate(schema, "params")
}