Merge pull request #12136 from Budibase/fix/BUDI-7637-allow-basic-users-query-users

Make user search allow basic users, so that can be used in apps
2023-10-20 16:03:55 +01:00 · 2023-10-20 16:03:55 +01:00 · de7dcce498
parent 0010e07b47 8c744ea7a9
commit de7dcce498
8 changed files with 35 additions and 16 deletions
--- a/packages/backend-core/src/users/db.ts
+++ b/packages/backend-core/src/users/db.ts
@ -164,14 +164,14 @@ export class UserDB {
    }
  }

-  static async getUsersByAppAccess(appId?: string) {
-    const opts: any = {
+  static async getUsersByAppAccess(opts: { appId?: string; limit?: number }) {
+    const params: any = {
      include_docs: true,
-      limit: 50,
+      limit: opts.limit || 50,
    }
    let response: User[] = await usersCore.searchGlobalUsersByAppAccess(
-      appId,
-      opts
+      opts.appId,
+      params
    )
    return response
  }
--- a/packages/backend-core/src/users/users.ts
+++ b/packages/backend-core/src/users/users.ts
@ -19,6 +19,7 @@ import {
  SearchUsersRequest,
  User,
  ContextUser,
+  DatabaseQueryOpts,
 } from "@budibase/types"
 import { getGlobalDB } from "../context"
 import * as context from "../context"
@ -241,12 +242,14 @@ export const paginatedUsers = async ({
  bookmark,
  query,
  appId,
+  limit,
 }: SearchUsersRequest = {}) => {
  const db = getGlobalDB()
+  const pageLimit = limit ? limit + 1 : PAGE_LIMIT + 1
  // get one extra document, to have the next page
-  const opts: any = {
+  const opts: DatabaseQueryOpts = {
    include_docs: true,
-    limit: PAGE_LIMIT + 1,
+    limit: pageLimit,
  }
  // add a startkey if the page was specified (anchor)
  if (bookmark) {
@ -269,7 +272,7 @@ export const paginatedUsers = async ({
    const response = await db.allDocs(getGlobalUserParams(null, opts))
    userList = response.rows.map((row: any) => row.doc)
  }
-  return pagination(userList, PAGE_LIMIT, {
+  return pagination(userList, pageLimit, {
    paginate: true,
    property,
    getKey,
--- a/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
@ -114,8 +114,9 @@
      query: {
        appId: query || !filterByAppAccess ? null : prodAppId,
        email: query,
-        paginated: query || !filterByAppAccess ? null : false,
      },
+      limit: 50,
+      paginate: query || !filterByAppAccess ? null : false,
    })
    await usersFetch.refresh()

--- a/packages/types/src/api/web/user.ts
+++ b/packages/types/src/api/web/user.ts
@ -55,6 +55,7 @@ export interface SearchUsersRequest {
  bookmark?: string
  query?: SearchQuery
  appId?: string
+  limit?: number
  paginate?: boolean
 }

--- a/packages/worker/src/api/controllers/global/users.ts
+++ b/packages/worker/src/api/controllers/global/users.ts
@ -189,7 +189,10 @@ export const destroy = async (ctx: any) => {

 export const getAppUsers = async (ctx: Ctx<SearchUsersRequest>) => {
  const body = ctx.request.body
-  const users = await userSdk.db.getUsersByAppAccess(body?.appId)
+  const users = await userSdk.db.getUsersByAppAccess({
+    appId: body.appId,
+    limit: body.limit,
+  })

  ctx.body = { data: users }
 }
--- a/packages/worker/src/api/routes/global/tests/users.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/users.spec.ts
@ -569,9 +569,13 @@ describe("/api/global/users", () => {
        {
          query: { equal: { firstName: user.firstName } },
        },
-        501
+        { status: 501 }
      )
    })
+
+    it("should throw an error if public query performed", async () => {
+      await config.api.users.searchUsers({}, { status: 403, noHeaders: true })
+    })
  })

  describe("DELETE /api/global/users/:userId", () => {
--- a/packages/worker/src/api/routes/global/users.ts
+++ b/packages/worker/src/api/routes/global/users.ts
@ -72,7 +72,8 @@ router
  )

  .get("/api/global/users", auth.builderOrAdmin, controller.fetch)
-  .post("/api/global/users/search", auth.builderOrAdmin, controller.search)
+  // search can be used by any user now, to retrieve users for user column
+  .post("/api/global/users/search", controller.search)
  .delete("/api/global/users/:id", auth.adminOnly, controller.destroy)
  .get(
    "/api/global/users/count/:appId",
--- a/packages/worker/src/tests/api/users.ts
+++ b/packages/worker/src/tests/api/users.ts
@ -134,13 +134,19 @@ export class UserAPI extends TestAPI {
      .expect(status ? status : 200)
  }

-  searchUsers = ({ query }: { query?: SearchQuery }, status = 200) => {
-    return this.request
+  searchUsers = (
+    { query }: { query?: SearchQuery },
+    opts?: { status?: number; noHeaders?: boolean }
+  ) => {
+    const req = this.request
      .post("/api/global/users/search")
-      .set(this.config.defaultHeaders())
      .send({ query })
      .expect("Content-Type", /json/)
-      .expect(status ? status : 200)
+      .expect(opts?.status ? opts.status : 200)
+    if (!opts?.noHeaders) {
+      req.set(this.config.defaultHeaders())
+    }
+    return req
  }

  getUser = (userId: string, opts?: TestAPIOpts) => {