diff --git a/lerna.json b/lerna.json index 1102d1e9d0..d761f49f6d 100644 --- a/lerna.json +++ b/lerna.json @@ -1,5 +1,5 @@ { - "version": "0.9.154-alpha.1", + "version": "0.9.156", "npmClient": "yarn", "packages": [ "packages/*" diff --git a/packages/auth/package.json b/packages/auth/package.json index bc890882f7..c2b70119de 100644 --- a/packages/auth/package.json +++ b/packages/auth/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/auth", - "version": "0.9.154-alpha.1", + "version": "0.9.156", "description": "Authentication middlewares for budibase builder and apps", "main": "src/index.js", "author": "Budibase", diff --git a/packages/bbui/package.json b/packages/bbui/package.json index 2657593a0c..35ae9f46a7 100644 --- a/packages/bbui/package.json +++ b/packages/bbui/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/bbui", "description": "A UI solution used in the different Budibase projects.", - "version": "0.9.154-alpha.1", + "version": "0.9.156", "license": "AGPL-3.0", "svelte": "src/index.js", "module": "dist/bbui.es.js", diff --git a/packages/builder/package.json b/packages/builder/package.json index 44233f152a..e97c1aa4bd 100644 --- a/packages/builder/package.json +++ b/packages/builder/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/builder", - "version": "0.9.154-alpha.1", + "version": "0.9.156", "license": "AGPL-3.0", "private": true, "scripts": { @@ -65,10 +65,10 @@ } }, "dependencies": { - "@budibase/bbui": "^0.9.154-alpha.1", - "@budibase/client": "^0.9.154-alpha.1", + "@budibase/bbui": "^0.9.156", + "@budibase/client": "^0.9.156", "@budibase/colorpicker": "1.1.2", - "@budibase/string-templates": "^0.9.154-alpha.1", + "@budibase/string-templates": "^0.9.156", "@sentry/browser": "5.19.1", "@spectrum-css/page": "^3.0.1", "@spectrum-css/vars": "^3.0.1", diff --git a/packages/cli/package.json b/packages/cli/package.json index 62a90b5c6d..32a1fded6d 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/cli", - "version": "0.9.154-alpha.1", + "version": "0.9.156", "description": "Budibase CLI, for developers, self hosting and migrations.", "main": "src/index.js", "bin": { diff --git a/packages/client/package.json b/packages/client/package.json index d4ddb724f3..cab9a8fe65 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/client", - "version": "0.9.154-alpha.1", + "version": "0.9.156", "license": "MPL-2.0", "module": "dist/budibase-client.js", "main": "dist/budibase-client.js", @@ -19,9 +19,9 @@ "dev:builder": "rollup -cw" }, "dependencies": { - "@budibase/bbui": "^0.9.154-alpha.1", + "@budibase/bbui": "^0.9.156", "@budibase/standard-components": "^0.9.139", - "@budibase/string-templates": "^0.9.154-alpha.1", + "@budibase/string-templates": "^0.9.156", "regexparam": "^1.3.0", "shortid": "^2.2.15", "svelte-spa-router": "^3.0.5" diff --git a/packages/server/package.json b/packages/server/package.json index afe8bebf2c..c1de0be72c 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/server", "email": "hi@budibase.com", - "version": "0.9.154-alpha.1", + "version": "0.9.156", "description": "Budibase Web Server", "main": "src/index.js", "repository": { @@ -66,9 +66,9 @@ "author": "Budibase", "license": "AGPL-3.0-or-later", "dependencies": { - "@budibase/auth": "^0.9.154-alpha.1", - "@budibase/client": "^0.9.154-alpha.1", - "@budibase/string-templates": "^0.9.154-alpha.1", + "@budibase/auth": "^0.9.156", + "@budibase/client": "^0.9.156", + "@budibase/string-templates": "^0.9.156", "@elastic/elasticsearch": "7.10.0", "@koa/router": "8.0.0", "@sendgrid/mail": "7.1.1", diff --git a/packages/server/src/middleware/currentapp.js b/packages/server/src/middleware/currentapp.js index f43345b2fe..e523850e1d 100644 --- a/packages/server/src/middleware/currentapp.js +++ b/packages/server/src/middleware/currentapp.js @@ -4,9 +4,13 @@ const { Cookies } = require("@budibase/auth").constants const { getRole } = require("@budibase/auth/roles") const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles") const { generateUserMetadataID } = require("../db/utils") -const { dbExists } = require("@budibase/auth/db") +const { dbExists, getTenantIDFromAppID } = require("@budibase/auth/db") +const { getTenantId } = require("@budibase/auth/tenancy") const { getCachedSelf } = require("../utilities/global") const CouchDB = require("../db") +const env = require("../environment") + +const DEFAULT_TENANT_ID = "default" module.exports = async (ctx, next) => { // try to get the appID from the request @@ -45,11 +49,21 @@ module.exports = async (ctx, next) => { // retrieving global user gets the right role roleId = globalUser.roleId || BUILTIN_ROLE_IDS.BASIC } + // nothing more to do if (!appId) { return next() } + // If user and app tenant Ids do not match, 403 + if (env.MULTI_TENANCY && ctx.user) { + const userTenantId = getTenantId() + const tenantId = getTenantIDFromAppID(appId) || DEFAULT_TENANT_ID + if (tenantId !== userTenantId) { + ctx.throw(403, "Cannot access application.") + } + } + ctx.appId = appId if (roleId) { ctx.roleId = roleId diff --git a/packages/string-templates/package.json b/packages/string-templates/package.json index 923ed47404..ef9c4ae10d 100644 --- a/packages/string-templates/package.json +++ b/packages/string-templates/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/string-templates", - "version": "0.9.154-alpha.1", + "version": "0.9.156", "description": "Handlebars wrapper for Budibase templating.", "main": "src/index.cjs", "module": "dist/bundle.mjs", diff --git a/packages/worker/package.json b/packages/worker/package.json index d996413f98..58284e108b 100644 --- a/packages/worker/package.json +++ b/packages/worker/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/worker", "email": "hi@budibase.com", - "version": "0.9.154-alpha.1", + "version": "0.9.156", "description": "Budibase background service", "main": "src/index.js", "repository": { @@ -27,8 +27,8 @@ "author": "Budibase", "license": "AGPL-3.0-or-later", "dependencies": { - "@budibase/auth": "^0.9.154-alpha.1", - "@budibase/string-templates": "^0.9.154-alpha.1", + "@budibase/auth": "^0.9.156", + "@budibase/string-templates": "^0.9.156", "@koa/router": "^8.0.0", "@techpass/passport-openidconnect": "^0.3.0", "aws-sdk": "^2.811.0",