Merge branch 'develop' into chore/typecheck_tests

packages/backend-core/package.json

@@ -23,6 +23,7 @@
   "dependencies": {
     "@budibase/nano": "10.1.2",
     "@budibase/pouchdb-replication-stream": "1.2.10",
+    "@budibase/shared-core": "0.0.0",
     "@budibase/types": "0.0.0",
     "@techpass/passport-openidconnect": "0.3.2",
     "aws-cloudfront-sign": "2.2.0",

packages/backend-core/src/constants/db.ts

@@ -1,5 +1,5 @@
-export const SEPARATOR = "_"
+import { prefixed, DocumentType } from "@budibase/types"
-export const UNICODE_MAX = "\ufff0"
+export { SEPARATOR, UNICODE_MAX, DocumentType } from "@budibase/types"
 
 /**
  * Can be used to create a few different forms of querying a view.
@@ -14,8 +14,6 @@ export enum ViewName {
   USER_BY_APP = "by_app",
   USER_BY_EMAIL = "by_email2",
   BY_API_KEY = "by_api_key",
-  /** @deprecated - could be deleted */
-  USER_BY_BUILDERS = "by_builders",
   LINK = "by_link",
   ROUTING = "screen_routes",
   AUTOMATION_LOGS = "automation_logs",
@@ -36,42 +34,6 @@ export enum InternalTable {
   USER_METADATA = "ta_users",
 }
 
-export enum DocumentType {
-  USER = "us",
-  GROUP = "gr",
-  WORKSPACE = "workspace",
-  CONFIG = "config",
-  TEMPLATE = "template",
-  APP = "app",
-  DEV = "dev",
-  APP_DEV = "app_dev",
-  APP_METADATA = "app_metadata",
-  ROLE = "role",
-  MIGRATIONS = "migrations",
-  DEV_INFO = "devinfo",
-  AUTOMATION_LOG = "log_au",
-  ACCOUNT_METADATA = "acc_metadata",
-  PLUGIN = "plg",
-  DATASOURCE = "datasource",
-  DATASOURCE_PLUS = "datasource_plus",
-  APP_BACKUP = "backup",
-  TABLE = "ta",
-  ROW = "ro",
-  AUTOMATION = "au",
-  LINK = "li",
-  WEBHOOK = "wh",
-  INSTANCE = "inst",
-  LAYOUT = "layout",
-  SCREEN = "screen",
-  QUERY = "query",
-  DEPLOYMENTS = "deployments",
-  METADATA = "metadata",
-  MEM_VIEW = "view",
-  USER_FLAG = "flag",
-  AUTOMATION_METADATA = "meta_au",
-  AUDIT_LOG = "al",
-}
-
 export const StaticDatabases = {
   GLOBAL: {
     name: "global-db",
@@ -95,7 +57,7 @@ export const StaticDatabases = {
   },
 }
 
-export const APP_PREFIX = DocumentType.APP + SEPARATOR
+export const APP_PREFIX = prefixed(DocumentType.APP)
-export const APP_DEV = DocumentType.APP_DEV + SEPARATOR
+export const APP_DEV = prefixed(DocumentType.APP_DEV)
 export const APP_DEV_PREFIX = APP_DEV
 export const BUDIBASE_DATASOURCE_TYPE = "budibase"

packages/backend-core/src/db/views.ts

@@ -105,16 +105,6 @@ export const createApiKeyView = async () => {
   await createView(db, viewJs, ViewName.BY_API_KEY)
 }
 
-export const createUserBuildersView = async () => {
-  const db = getGlobalDB()
-  const viewJs = `function(doc) {
-    if (doc.builder && doc.builder.global === true) {
-      emit(doc._id, doc._id)
-    }
-  }`
-  await createView(db, viewJs, ViewName.USER_BY_BUILDERS)
-}
-
 export interface QueryViewOptions {
   arrayResponse?: boolean
 }
@@ -223,7 +213,6 @@ export const queryPlatformView = async <T>(
 const CreateFuncByName: any = {
   [ViewName.USER_BY_EMAIL]: createNewUserEmailView,
   [ViewName.BY_API_KEY]: createApiKeyView,
-  [ViewName.USER_BY_BUILDERS]: createUserBuildersView,
   [ViewName.USER_BY_APP]: createUserAppView,
 }
 

packages/backend-core/src/environment.ts

@@ -1,4 +1,5 @@
 import { existsSync, readFileSync } from "fs"
+import { ServiceType } from "@budibase/types"
 
 function isTest() {
   return isCypress() || isJest()
@@ -83,10 +84,20 @@ function getPackageJsonFields(): {
   }
 }
 
+function isWorker() {
+  return environment.SERVICE_TYPE === ServiceType.WORKER
+}
+
+function isApps() {
+  return environment.SERVICE_TYPE === ServiceType.APPS
+}
+
 const environment = {
   isTest,
   isJest,
   isDev,
+  isWorker,
+  isApps,
   isProd: () => {
     return !isDev()
   },
@@ -153,6 +164,7 @@ const environment = {
   SMTP_FROM_ADDRESS: process.env.SMTP_FROM_ADDRESS,
   DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
   BLACKLIST_IPS: process.env.BLACKLIST_IPS,
+  SERVICE_TYPE: "unknown",
   /**
    * Enable to allow an admin user to login using a password.
    * This can be useful to prevent lockout when configuring SSO.

packages/backend-core/src/events/identification.ts

@@ -21,6 +21,7 @@ import { processors } from "./processors"
 import { newid } from "../utils"
 import * as installation from "../installation"
 import * as configs from "../configs"
+import * as users from "../users"
 import { withCache, TTL, CacheKey } from "../cache/generic"
 
 /**
@@ -164,8 +165,8 @@ const identifyUser = async (
   const id = user._id as string
   const tenantId = await getEventTenantId(user.tenantId)
   const type = IdentityType.USER
-  let builder = user.builder?.global || false
+  let builder = users.hasBuilderPermissions(user)
-  let admin = user.admin?.global || false
+  let admin = users.hasAdminPermissions(user)
   let providerType
   if (isSSOUser(user)) {
     providerType = user.providerType

packages/backend-core/src/middleware/adminOnly.ts

@@ -1,10 +1,8 @@
-import { BBContext } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
+import { isAdmin } from "../users"
 
-export default async (ctx: BBContext, next: any) => {
+export default async (ctx: UserCtx, next: any) => {
-  if (
+  if (!ctx.internal && !isAdmin(ctx.user)) {
-    !ctx.internal &&
-    (!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
-  ) {
     ctx.throw(403, "Admin user only endpoint.")
   }
   return next()

packages/backend-core/src/middleware/builderOnly.ts

@@ -1,10 +1,19 @@
-import { BBContext } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
+import { isBuilder, hasBuilderPermissions } from "../users"
+import { getAppId } from "../context"
+import env from "../environment"
 
-export default async (ctx: BBContext, next: any) => {
+export default async (ctx: UserCtx, next: any) => {
-  if (
+  const appId = getAppId()
-    !ctx.internal &&
+  const builderFn = env.isWorker()
-    (!ctx.user || !ctx.user.builder || !ctx.user.builder.global)
+    ? hasBuilderPermissions
-  ) {
+    : env.isApps()
+    ? isBuilder
+    : undefined
+  if (!builderFn) {
+    throw new Error("Service name unknown - middleware inactive.")
+  }
+  if (!ctx.internal && !builderFn(ctx.user, appId)) {
     ctx.throw(403, "Builder user only endpoint.")
   }
   return next()

packages/backend-core/src/middleware/builderOrAdmin.ts

@@ -1,12 +1,20 @@
-import { BBContext } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
+import { isBuilder, isAdmin, hasBuilderPermissions } from "../users"
+import { getAppId } from "../context"
+import env from "../environment"
 
-export default async (ctx: BBContext, next: any) => {
+export default async (ctx: UserCtx, next: any) => {
-  if (
+  const appId = getAppId()
-    !ctx.internal &&
+  const builderFn = env.isWorker()
-    (!ctx.user || !ctx.user.builder || !ctx.user.builder.global) &&
+    ? hasBuilderPermissions
-    (!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
+    : env.isApps()
-  ) {
+    ? isBuilder
-    ctx.throw(403, "Builder user only endpoint.")
+    : undefined
+  if (!builderFn) {
+    throw new Error("Service name unknown - middleware inactive.")
+  }
+  if (!ctx.internal && !builderFn(ctx.user, appId) && !isAdmin(ctx.user)) {
+    ctx.throw(403, "Admin/Builder user only endpoint.")
   }
   return next()
 }

packages/backend-core/src/middleware/tests/builder.spec.ts

@@ -0,0 +1,180 @@
+import adminOnly from "../adminOnly"
+import builderOnly from "../builderOnly"
+import builderOrAdmin from "../builderOrAdmin"
+import { structures } from "../../../tests"
+import { ContextUser, ServiceType } from "@budibase/types"
+import { doInAppContext } from "../../context"
+import env from "../../environment"
+env._set("SERVICE_TYPE", ServiceType.APPS)
+
+const appId = "app_aaa"
+const basicUser = structures.users.user()
+const adminUser = structures.users.adminUser()
+const adminOnlyUser = structures.users.adminOnlyUser()
+const builderUser = structures.users.builderUser()
+const appBuilderUser = structures.users.appBuilderUser(appId)
+
+function buildUserCtx(user: ContextUser) {
+  return {
+    internal: false,
+    user,
+    throw: jest.fn(),
+  } as any
+}
+
+function passed(throwFn: jest.Func, nextFn: jest.Func) {
+  expect(throwFn).not.toBeCalled()
+  expect(nextFn).toBeCalled()
+}
+
+function threw(throwFn: jest.Func) {
+  // cant check next, the throw function doesn't actually throw - so it still continues
+  expect(throwFn).toBeCalled()
+}
+
+describe("adminOnly middleware", () => {
+  it("should allow admin user", () => {
+    const ctx = buildUserCtx(adminUser),
+      next = jest.fn()
+    adminOnly(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser),
+      next = jest.fn()
+    adminOnly(ctx, next)
+    threw(ctx.throw)
+  })
+
+  it("should not allow builder user", () => {
+    const ctx = buildUserCtx(builderUser),
+      next = jest.fn()
+    adminOnly(ctx, next)
+    threw(ctx.throw)
+  })
+})
+
+describe("builderOnly middleware", () => {
+  it("should allow builder user", () => {
+    const ctx = buildUserCtx(builderUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow app builder user", () => {
+    const ctx = buildUserCtx(appBuilderUser),
+      next = jest.fn()
+    doInAppContext(appId, () => {
+      builderOnly(ctx, next)
+    })
+    passed(ctx.throw, next)
+  })
+
+  it("should allow admin and builder user", () => {
+    const ctx = buildUserCtx(adminUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should not allow admin user", () => {
+    const ctx = buildUserCtx(adminOnlyUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    threw(ctx.throw)
+  })
+
+  it("should not allow app builder user to different app", () => {
+    const ctx = buildUserCtx(appBuilderUser),
+      next = jest.fn()
+    doInAppContext("app_bbb", () => {
+      builderOnly(ctx, next)
+    })
+    threw(ctx.throw)
+  })
+
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    threw(ctx.throw)
+  })
+})
+
+describe("builderOrAdmin middleware", () => {
+  it("should allow builder user", () => {
+    const ctx = buildUserCtx(builderUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow builder and admin user", () => {
+    const ctx = buildUserCtx(adminUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow admin user", () => {
+    const ctx = buildUserCtx(adminOnlyUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow app builder user", () => {
+    const ctx = buildUserCtx(appBuilderUser),
+      next = jest.fn()
+    doInAppContext(appId, () => {
+      builderOrAdmin(ctx, next)
+    })
+    passed(ctx.throw, next)
+  })
+
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    threw(ctx.throw)
+  })
+})
+
+describe("check service difference", () => {
+  it("should not allow without app ID in apps", () => {
+    env._set("SERVICE_TYPE", ServiceType.APPS)
+    const appId = "app_a"
+    const ctx = buildUserCtx({
+      ...basicUser,
+      builder: {
+        apps: [appId],
+      },
+    })
+    const next = jest.fn()
+    doInAppContext(appId, () => {
+      builderOnly(ctx, next)
+    })
+    passed(ctx.throw, next)
+    doInAppContext("app_b", () => {
+      builderOnly(ctx, next)
+    })
+    threw(ctx.throw)
+  })
+
+  it("should allow without app ID in worker", () => {
+    env._set("SERVICE_TYPE", ServiceType.WORKER)
+    const ctx = buildUserCtx({
+      ...basicUser,
+      builder: {
+        apps: ["app_a"],
+      },
+    })
+    const next = jest.fn()
+    doInAppContext("app_b", () => {
+      builderOnly(ctx, next)
+    })
+    passed(ctx.throw, next)
+  })
+})

packages/backend-core/src/security/permissions.ts

@@ -1,3 +1,5 @@
+import { PermissionType, PermissionLevel } from "@budibase/types"
+export { PermissionType, PermissionLevel } from "@budibase/types"
 import flatten from "lodash/flatten"
 import cloneDeep from "lodash/fp/cloneDeep"
 
@@ -5,25 +7,6 @@ export type RoleHierarchy = {
   permissionId: string
 }[]
 
-export enum PermissionLevel {
-  READ = "read",
-  WRITE = "write",
-  EXECUTE = "execute",
-  ADMIN = "admin",
-}
-
-// these are the global types, that govern the underlying default behaviour
-export enum PermissionType {
-  APP = "app",
-  TABLE = "table",
-  USER = "user",
-  AUTOMATION = "automation",
-  WEBHOOK = "webhook",
-  BUILDER = "builder",
-  VIEW = "view",
-  QUERY = "query",
-}
-
 export class Permission {
   type: PermissionType
   level: PermissionLevel
@@ -173,3 +156,4 @@ export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
 
 // utility as a lot of things need simply the builder permission
 export const BUILDER = PermissionType.BUILDER
+export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER

packages/backend-core/src/users/db.ts

@@ -0,0 +1,460 @@
+import env from "../environment"
+import * as eventHelpers from "./events"
+import * as accounts from "../accounts"
+import * as cache from "../cache"
+import { getIdentity, getTenantId, getGlobalDB } from "../context"
+import * as dbUtils from "../db"
+import { EmailUnavailableError, HTTPError } from "../errors"
+import * as platform from "../platform"
+import * as sessions from "../security/sessions"
+import * as usersCore from "./users"
+import {
+  AllDocsResponse,
+  BulkUserCreated,
+  BulkUserDeleted,
+  RowResponse,
+  SaveUserOpts,
+  User,
+  Account,
+  isSSOUser,
+  isSSOAccount,
+  UserStatus,
+} from "@budibase/types"
+import * as accountSdk from "../accounts"
+import {
+  validateUniqueUser,
+  getAccountHolderFromUserIds,
+  isAdmin,
+} from "./utils"
+import { searchExistingEmails } from "./lookup"
+import { hash } from "../utils"
+
+type QuotaUpdateFn = (change: number, cb?: () => Promise<any>) => Promise<any>
+type GroupUpdateFn = (groupId: string, userIds: string[]) => Promise<any>
+type FeatureFn = () => Promise<Boolean>
+type QuotaFns = { addUsers: QuotaUpdateFn; removeUsers: QuotaUpdateFn }
+type GroupFns = { addUsers: GroupUpdateFn }
+type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }
+
+const bulkDeleteProcessing = async (dbUser: User) => {
+  const userId = dbUser._id as string
+  await platform.users.removeUser(dbUser)
+  await eventHelpers.handleDeleteEvents(dbUser)
+  await cache.user.invalidateUser(userId)
+  await sessions.invalidateSessions(userId, { reason: "bulk-deletion" })
+}
+
+export class UserDB {
+  static quotas: QuotaFns
+  static groups: GroupFns
+  static features: FeatureFns
+
+  static init(quotaFns: QuotaFns, groupFns: GroupFns, featureFns: FeatureFns) {
+    UserDB.quotas = quotaFns
+    UserDB.groups = groupFns
+    UserDB.features = featureFns
+  }
+
+  static async isPreventPasswordActions(user: User, account?: Account) {
+    // when in maintenance mode we allow sso users with the admin role
+    // to perform any password action - this prevents lockout
+    if (env.ENABLE_SSO_MAINTENANCE_MODE && isAdmin(user)) {
+      return false
+    }
+
+    // SSO is enforced for all users
+    if (await UserDB.features.isSSOEnforced()) {
+      return true
+    }
+
+    // Check local sso
+    if (isSSOUser(user)) {
+      return true
+    }
+
+    // Check account sso
+    if (!account) {
+      account = await accountSdk.getAccountByTenantId(getTenantId())
+    }
+    return !!(account && account.email === user.email && isSSOAccount(account))
+  }
+
+  static async buildUser(
+    user: User,
+    opts: SaveUserOpts = {
+      hashPassword: true,
+      requirePassword: true,
+    },
+    tenantId: string,
+    dbUser?: any,
+    account?: Account
+  ): Promise<User> {
+    let { password, _id } = user
+
+    // don't require a password if the db user doesn't already have one
+    if (dbUser && !dbUser.password) {
+      opts.requirePassword = false
+    }
+
+    let hashedPassword
+    if (password) {
+      if (await UserDB.isPreventPasswordActions(user, account)) {
+        throw new HTTPError("Password change is disabled for this user", 400)
+      }
+      hashedPassword = opts.hashPassword ? await hash(password) : password
+    } else if (dbUser) {
+      hashedPassword = dbUser.password
+    }
+
+    // passwords are never required if sso is enforced
+    const requirePasswords =
+      opts.requirePassword && !(await UserDB.features.isSSOEnforced())
+    if (!hashedPassword && requirePasswords) {
+      throw "Password must be specified."
+    }
+
+    _id = _id || dbUtils.generateGlobalUserID()
+
+    const fullUser = {
+      createdAt: Date.now(),
+      ...dbUser,
+      ...user,
+      _id,
+      password: hashedPassword,
+      tenantId,
+    }
+    // make sure the roles object is always present
+    if (!fullUser.roles) {
+      fullUser.roles = {}
+    }
+    // add the active status to a user if its not provided
+    if (fullUser.status == null) {
+      fullUser.status = UserStatus.ACTIVE
+    }
+
+    return fullUser
+  }
+
+  static async allUsers() {
+    const db = getGlobalDB()
+    const response = await db.allDocs(
+      dbUtils.getGlobalUserParams(null, {
+        include_docs: true,
+      })
+    )
+    return response.rows.map((row: any) => row.doc)
+  }
+
+  static async countUsersByApp(appId: string) {
+    let response: any = await usersCore.searchGlobalUsersByApp(appId, {})
+    return {
+      userCount: response.length,
+    }
+  }
+
+  static async getUsersByAppAccess(appId?: string) {
+    const opts: any = {
+      include_docs: true,
+      limit: 50,
+    }
+    let response: User[] = await usersCore.searchGlobalUsersByAppAccess(
+      appId,
+      opts
+    )
+    return response
+  }
+
+  static async getUserByEmail(email: string) {
+    return usersCore.getGlobalUserByEmail(email)
+  }
+
+  /**
+   * Gets a user by ID from the global database, based on the current tenancy.
+   */
+  static async getUser(userId: string) {
+    const user = await usersCore.getById(userId)
+    if (user) {
+      delete user.password
+    }
+    return user
+  }
+
+  static async save(user: User, opts: SaveUserOpts = {}): Promise<User> {
+    // default booleans to true
+    if (opts.hashPassword == null) {
+      opts.hashPassword = true
+    }
+    if (opts.requirePassword == null) {
+      opts.requirePassword = true
+    }
+    const tenantId = getTenantId()
+    const db = getGlobalDB()
+
+    let { email, _id, userGroups = [], roles } = user
+
+    if (!email && !_id) {
+      throw new Error("_id or email is required")
+    }
+
+    if (
+      user.builder?.apps?.length &&
+      !(await UserDB.features.isAppBuildersEnabled())
+    ) {
+      throw new Error("Unable to update app builders, please check license")
+    }
+
+    let dbUser: User | undefined
+    if (_id) {
+      // try to get existing user from db
+      try {
+        dbUser = (await db.get(_id)) as User
+        if (email && dbUser.email !== email) {
+          throw "Email address cannot be changed"
+        }
+        email = dbUser.email
+      } catch (e: any) {
+        if (e.status === 404) {
+          // do nothing, save this new user with the id specified - required for SSO auth
+        } else {
+          throw e
+        }
+      }
+    }
+
+    if (!dbUser && email) {
+      // no id was specified - load from email instead
+      dbUser = await usersCore.getGlobalUserByEmail(email)
+      if (dbUser && dbUser._id !== _id) {
+        throw new EmailUnavailableError(email)
+      }
+    }
+
+    const change = dbUser ? 0 : 1 // no change if there is existing user
+    return UserDB.quotas.addUsers(change, async () => {
+      await validateUniqueUser(email, tenantId)
+
+      let builtUser = await UserDB.buildUser(user, opts, tenantId, dbUser)
+      // don't allow a user to update its own roles/perms
+      if (opts.currentUserId && opts.currentUserId === dbUser?._id) {
+        builtUser = usersCore.cleanseUserObject(builtUser, dbUser) as User
+      }
+
+      if (!dbUser && roles?.length) {
+        builtUser.roles = { ...roles }
+      }
+
+      // make sure we set the _id field for a new user
+      // Also if this is a new user, associate groups with them
+      let groupPromises = []
+      if (!_id) {
+        _id = builtUser._id!
+
+        if (userGroups.length > 0) {
+          for (let groupId of userGroups) {
+            groupPromises.push(UserDB.groups.addUsers(groupId, [_id!]))
+          }
+        }
+      }
+
+      try {
+        // save the user to db
+        let response = await db.put(builtUser)
+        builtUser._rev = response.rev
+
+        await eventHelpers.handleSaveEvents(builtUser, dbUser)
+        await platform.users.addUser(tenantId, builtUser._id!, builtUser.email)
+        await cache.user.invalidateUser(response.id)
+
+        await Promise.all(groupPromises)
+
+        // finally returned the saved user from the db
+        return db.get(builtUser._id!)
+      } catch (err: any) {
+        if (err.status === 409) {
+          throw "User exists already"
+        } else {
+          throw err
+        }
+      }
+    })
+  }
+
+  static async bulkCreate(
+    newUsersRequested: User[],
+    groups: string[]
+  ): Promise<BulkUserCreated> {
+    const tenantId = getTenantId()
+
+    let usersToSave: any[] = []
+    let newUsers: any[] = []
+
+    const emails = newUsersRequested.map((user: User) => user.email)
+    const existingEmails = await searchExistingEmails(emails)
+    const unsuccessful: { email: string; reason: string }[] = []
+
+    for (const newUser of newUsersRequested) {
+      if (
+        newUsers.find(
+          (x: User) => x.email.toLowerCase() === newUser.email.toLowerCase()
+        ) ||
+        existingEmails.includes(newUser.email.toLowerCase())
+      ) {
+        unsuccessful.push({
+          email: newUser.email,
+          reason: `Unavailable`,
+        })
+        continue
+      }
+      newUser.userGroups = groups
+      newUsers.push(newUser)
+    }
+
+    const account = await accountSdk.getAccountByTenantId(tenantId)
+    return UserDB.quotas.addUsers(newUsers.length, async () => {
+      // create the promises array that will be called by bulkDocs
+      newUsers.forEach((user: any) => {
+        usersToSave.push(
+          UserDB.buildUser(
+            user,
+            {
+              hashPassword: true,
+              requirePassword: user.requirePassword,
+            },
+            tenantId,
+            undefined, // no dbUser
+            account
+          )
+        )
+      })
+
+      const usersToBulkSave = await Promise.all(usersToSave)
+      await usersCore.bulkUpdateGlobalUsers(usersToBulkSave)
+
+      // Post-processing of bulk added users, e.g. events and cache operations
+      for (const user of usersToBulkSave) {
+        // TODO: Refactor to bulk insert users into the info db
+        // instead of relying on looping tenant creation
+        await platform.users.addUser(tenantId, user._id, user.email)
+        await eventHelpers.handleSaveEvents(user, undefined)
+      }
+
+      const saved = usersToBulkSave.map(user => {
+        return {
+          _id: user._id,
+          email: user.email,
+        }
+      })
+
+      // now update the groups
+      if (Array.isArray(saved) && groups) {
+        const groupPromises = []
+        const createdUserIds = saved.map(user => user._id)
+        for (let groupId of groups) {
+          groupPromises.push(UserDB.groups.addUsers(groupId, createdUserIds))
+        }
+        await Promise.all(groupPromises)
+      }
+
+      return {
+        successful: saved,
+        unsuccessful,
+      }
+    })
+  }
+
+  static async bulkDelete(userIds: string[]): Promise<BulkUserDeleted> {
+    const db = getGlobalDB()
+
+    const response: BulkUserDeleted = {
+      successful: [],
+      unsuccessful: [],
+    }
+
+    // remove the account holder from the delete request if present
+    const account = await getAccountHolderFromUserIds(userIds)
+    if (account) {
+      userIds = userIds.filter(u => u !== account.budibaseUserId)
+      // mark user as unsuccessful
+      response.unsuccessful.push({
+        _id: account.budibaseUserId,
+        email: account.email,
+        reason: "Account holder cannot be deleted",
+      })
+    }
+
+    // Get users and delete
+    const allDocsResponse: AllDocsResponse<User> = await db.allDocs({
+      include_docs: true,
+      keys: userIds,
+    })
+    const usersToDelete: User[] = allDocsResponse.rows.map(
+      (user: RowResponse<User>) => {
+        return user.doc
+      }
+    )
+
+    // Delete from DB
+    const toDelete = usersToDelete.map(user => ({
+      ...user,
+      _deleted: true,
+    }))
+    const dbResponse = await usersCore.bulkUpdateGlobalUsers(toDelete)
+
+    await UserDB.quotas.removeUsers(toDelete.length)
+    for (let user of usersToDelete) {
+      await bulkDeleteProcessing(user)
+    }
+
+    // Build Response
+    // index users by id
+    const userIndex: { [key: string]: User } = {}
+    usersToDelete.reduce((prev, current) => {
+      prev[current._id!] = current
+      return prev
+    }, userIndex)
+
+    // add the successful and unsuccessful users to response
+    dbResponse.forEach(item => {
+      const email = userIndex[item.id].email
+      if (item.ok) {
+        response.successful.push({ _id: item.id, email })
+      } else {
+        response.unsuccessful.push({
+          _id: item.id,
+          email,
+          reason: "Database error",
+        })
+      }
+    })
+
+    return response
+  }
+
+  static async destroy(id: string) {
+    const db = getGlobalDB()
+    const dbUser = (await db.get(id)) as User
+    const userId = dbUser._id as string
+
+    if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
+      // root account holder can't be deleted from inside budibase
+      const email = dbUser.email
+      const account = await accounts.getAccount(email)
+      if (account) {
+        if (dbUser.userId === getIdentity()!._id) {
+          throw new HTTPError('Please visit "Account" to delete this user', 400)
+        } else {
+          throw new HTTPError("Account holder cannot be deleted", 400)
+        }
+      }
+    }
+
+    await platform.users.removeUser(dbUser)
+
+    await db.remove(userId, dbUser._rev)
+
+    await UserDB.quotas.removeUsers(1)
+    await eventHelpers.handleDeleteEvents(dbUser)
+    await cache.user.invalidateUser(userId)
+    await sessions.invalidateSessions(userId, { reason: "deletion" })
+  }
+}

packages/backend-core/src/users/events.ts

@@ -1,15 +1,18 @@
-import env from "../../environment"
+import env from "../environment"
-import { events, accounts, tenancy } from "@budibase/backend-core"
+import * as events from "../events"
+import * as accounts from "../accounts"
+import { getTenantId } from "../context"
 import { User, UserRoles, CloudAccount } from "@budibase/types"
+import { hasBuilderPermissions, hasAdminPermissions } from "./utils"
 
 export const handleDeleteEvents = async (user: any) => {
   await events.user.deleted(user)
 
-  if (isBuilder(user)) {
+  if (hasBuilderPermissions(user)) {
     await events.user.permissionBuilderRemoved(user)
   }
 
-  if (isAdmin(user)) {
+  if (hasAdminPermissions(user)) {
     await events.user.permissionAdminRemoved(user)
   }
 }
@@ -55,7 +58,7 @@ export const handleSaveEvents = async (
   user: User,
   existingUser: User | undefined
 ) => {
-  const tenantId = tenancy.getTenantId()
+  const tenantId = getTenantId()
   let tenantAccount: CloudAccount | undefined
   if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
     tenantAccount = await accounts.getAccountByTenantId(tenantId)
@@ -103,23 +106,20 @@ export const handleSaveEvents = async (
   await handleAppRoleEvents(user, existingUser)
 }
 
-const isBuilder = (user: any) => user.builder && user.builder.global
-const isAdmin = (user: any) => user.admin && user.admin.global
-
 export const isAddingBuilder = (user: any, existingUser: any) => {
-  return isAddingPermission(user, existingUser, isBuilder)
+  return isAddingPermission(user, existingUser, hasBuilderPermissions)
 }
 
 export const isRemovingBuilder = (user: any, existingUser: any) => {
-  return isRemovingPermission(user, existingUser, isBuilder)
+  return isRemovingPermission(user, existingUser, hasBuilderPermissions)
 }
 
 const isAddingAdmin = (user: any, existingUser: any) => {
-  return isAddingPermission(user, existingUser, isAdmin)
+  return isAddingPermission(user, existingUser, hasAdminPermissions)
 }
 
 const isRemovingAdmin = (user: any, existingUser: any) => {
-  return isRemovingPermission(user, existingUser, isAdmin)
+  return isRemovingPermission(user, existingUser, hasAdminPermissions)
 }
 
 const isOnboardingComplete = (user: any, existingUser: any) => {

packages/backend-core/src/users/index.ts

@@ -0,0 +1,4 @@
+export * from "./users"
+export * from "./utils"
+export * from "./lookup"
+export { UserDB } from "./db"

packages/backend-core/src/users/lookup.ts

@@ -0,0 +1,102 @@
+import {
+  AccountMetadata,
+  PlatformUser,
+  PlatformUserByEmail,
+  User,
+} from "@budibase/types"
+import * as dbUtils from "../db"
+import { ViewName } from "../constants"
+
+/**
+ * Apply a system-wide search on emails:
+ * - in tenant
+ * - cross tenant
+ * - accounts
+ * return an array of emails that match the supplied emails.
+ */
+export async function searchExistingEmails(emails: string[]) {
+  let matchedEmails: string[] = []
+
+  const existingTenantUsers = await getExistingTenantUsers(emails)
+  matchedEmails.push(...existingTenantUsers.map(user => user.email))
+
+  const existingPlatformUsers = await getExistingPlatformUsers(emails)
+  matchedEmails.push(...existingPlatformUsers.map(user => user._id!))
+
+  const existingAccounts = await getExistingAccounts(emails)
+  matchedEmails.push(...existingAccounts.map(account => account.email))
+
+  return [...new Set(matchedEmails.map(email => email.toLowerCase()))]
+}
+
+// lookup, could be email or userId, either will return a doc
+export async function getPlatformUser(
+  identifier: string
+): Promise<PlatformUser | null> {
+  // use the view here and allow to find anyone regardless of casing
+  // Use lowercase to ensure email login is case insensitive
+  return (await dbUtils.queryPlatformView(ViewName.PLATFORM_USERS_LOWERCASE, {
+    keys: [identifier.toLowerCase()],
+    include_docs: true,
+  })) as PlatformUser
+}
+
+export async function getExistingTenantUsers(
+  emails: string[]
+): Promise<User[]> {
+  const lcEmails = emails.map(email => email.toLowerCase())
+  const params = {
+    keys: lcEmails,
+    include_docs: true,
+  }
+
+  const opts = {
+    arrayResponse: true,
+  }
+
+  return (await dbUtils.queryGlobalView(
+    ViewName.USER_BY_EMAIL,
+    params,
+    undefined,
+    opts
+  )) as User[]
+}
+
+export async function getExistingPlatformUsers(
+  emails: string[]
+): Promise<PlatformUserByEmail[]> {
+  const lcEmails = emails.map(email => email.toLowerCase())
+  const params = {
+    keys: lcEmails,
+    include_docs: true,
+  }
+
+  const opts = {
+    arrayResponse: true,
+  }
+  return (await dbUtils.queryPlatformView(
+    ViewName.PLATFORM_USERS_LOWERCASE,
+    params,
+    opts
+  )) as PlatformUserByEmail[]
+}
+
+export async function getExistingAccounts(
+  emails: string[]
+): Promise<AccountMetadata[]> {
+  const lcEmails = emails.map(email => email.toLowerCase())
+  const params = {
+    keys: lcEmails,
+    include_docs: true,
+  }
+
+  const opts = {
+    arrayResponse: true,
+  }
+
+  return (await dbUtils.queryPlatformView(
+    ViewName.ACCOUNT_BY_EMAIL,
+    params,
+    opts
+  )) as AccountMetadata[]
+}

packages/backend-core/src/users/users.ts

@@ -11,10 +11,16 @@ import {
   SEPARATOR,
   UNICODE_MAX,
   ViewName,
-} from "./db"
+} from "../db"
-import { BulkDocsResponse, SearchUsersRequest, User } from "@budibase/types"
+import {
-import { getGlobalDB } from "./context"
+  BulkDocsResponse,
-import * as context from "./context"
+  SearchUsersRequest,
+  User,
+  ContextUser,
+} from "@budibase/types"
+import { getGlobalDB } from "../context"
+import * as context from "../context"
+import { user as userCache } from "../cache"
 
 type GetOpts = { cleanup?: boolean }
 
@@ -178,7 +184,7 @@ export const getGlobalUserByAppPage = (appId: string, user: User) => {
  * Performs a starts with search on the global email view.
  */
 export const searchGlobalUsersByEmail = async (
-  email: string,
+  email: string | unknown,
   opts: any,
   getOpts?: GetOpts
 ) => {
@@ -248,3 +254,23 @@ export async function getUserCount() {
   })
   return response.total_rows
 }
+
+// used to remove the builder/admin permissions, for processing the
+// user as an app user (they may have some specific role/group
+export function removePortalUserPermissions(user: User | ContextUser) {
+  delete user.admin
+  delete user.builder
+  return user
+}
+
+export function cleanseUserObject(user: User | ContextUser, base?: User) {
+  delete user.admin
+  delete user.builder
+  delete user.roles
+  if (base) {
+    user.admin = base.admin
+    user.builder = base.builder
+    user.roles = base.roles
+  }
+  return user
+}

packages/backend-core/src/users/utils.ts

@@ -0,0 +1,55 @@
+import { CloudAccount } from "@budibase/types"
+import * as accountSdk from "../accounts"
+import env from "../environment"
+import { getPlatformUser } from "./lookup"
+import { EmailUnavailableError } from "../errors"
+import { getTenantId } from "../context"
+import { sdk } from "@budibase/shared-core"
+import { getAccountByTenantId } from "../accounts"
+
+// extract from shared-core to make easily accessible from backend-core
+export const isBuilder = sdk.users.isBuilder
+export const isAdmin = sdk.users.isAdmin
+export const isGlobalBuilder = sdk.users.isGlobalBuilder
+export const isAdminOrBuilder = sdk.users.isAdminOrBuilder
+export const hasAdminPermissions = sdk.users.hasAdminPermissions
+export const hasBuilderPermissions = sdk.users.hasBuilderPermissions
+export const hasAppBuilderPermissions = sdk.users.hasAppBuilderPermissions
+
+export async function validateUniqueUser(email: string, tenantId: string) {
+  // check budibase users in other tenants
+  if (env.MULTI_TENANCY) {
+    const tenantUser = await getPlatformUser(email)
+    if (tenantUser != null && tenantUser.tenantId !== tenantId) {
+      throw new EmailUnavailableError(email)
+    }
+  }
+
+  // check root account users in account portal
+  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
+    const account = await accountSdk.getAccount(email)
+    if (account && account.verified && account.tenantId !== tenantId) {
+      throw new EmailUnavailableError(email)
+    }
+  }
+}
+
+/**
+ * For the given user id's, return the account holder if it is in the ids.
+ */
+export async function getAccountHolderFromUserIds(
+  userIds: string[]
+): Promise<CloudAccount | undefined> {
+  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
+    const tenantId = getTenantId()
+    const account = await getAccountByTenantId(tenantId)
+    if (!account) {
+      throw new Error(`Account not found for tenantId=${tenantId}`)
+    }
+
+    const budibaseUserId = account.budibaseUserId
+    if (userIds.includes(budibaseUserId)) {
+      return account
+    }
+  }
+}

packages/backend-core/tests/core/utilities/mocks/licenses.ts

@@ -94,6 +94,10 @@ export const useSyncAutomations = () => {
   return useFeature(Feature.SYNC_AUTOMATIONS)
 }
 
+export const useAppBuilders = () => {
+  return useFeature(Feature.APP_BUILDERS)
+}
+
 // QUOTAS
 
 export const setAutomationLogsQuota = (value: number) => {

packages/backend-core/tests/core/utilities/structures/users.ts

@@ -1,5 +1,6 @@
 import {
   AdminUser,
+  AdminOnlyUser,
   BuilderUser,
   SSOAuthDetails,
   SSOUser,
@@ -21,6 +22,15 @@ export const adminUser = (userProps?: any): AdminUser => {
   }
 }
 
+export const adminOnlyUser = (userProps?: any): AdminOnlyUser => {
+  return {
+    ...user(userProps),
+    admin: {
+      global: true,
+    },
+  }
+}
+
 export const builderUser = (userProps?: any): BuilderUser => {
   return {
     ...user(userProps),
@@ -30,6 +40,15 @@ export const builderUser = (userProps?: any): BuilderUser => {
   }
 }
 
+export const appBuilderUser = (appId: string, userProps?: any): BuilderUser => {
+  return {
+    ...user(userProps),
+    builder: {
+      apps: [appId],
+    },
+  }
+}
+
 export function ssoUser(
   opts: { user?: any; details?: SSOAuthDetails } = {}
 ): SSOUser {

packages/builder/src/components/start/AppRow.svelte

@@ -1,16 +1,21 @@
 <script>
   import { Heading, Body, Button, Icon } from "@budibase/bbui"
   import { processStringSync } from "@budibase/string-templates"
+  import { auth } from "stores/portal"
   import { goto } from "@roxi/routify"
   import { UserAvatars } from "@budibase/frontend-core"
+  import { sdk } from "@budibase/shared-core"
 
   export let app
   export let lockedAction
 
   $: editing = app.sessions?.length
+  $: isBuilder = sdk.users.isBuilder($auth.user, app?.devId)
 
   const handleDefaultClick = () => {
-    if (window.innerWidth < 640) {
+    if (!isBuilder) {
+      goToApp()
+    } else if (window.innerWidth < 640) {
       goToOverview()
     } else {
       goToBuilder()
@@ -24,6 +29,10 @@
   const goToOverview = () => {
     $goto(`../../app/${app.devId}/settings`)
   }
+
+  const goToApp = () => {
+    window.open(`/app/${app.name}`, "_blank")
+  }
 </script>
 
 <div class="app-row" on:click={lockedAction || handleDefaultClick}>
@@ -39,7 +48,7 @@
   </div>
 
   <div class="updated">
-    {#if editing}
+    {#if editing && isBuilder}
       Currently editing
       <UserAvatars users={app.sessions} />
     {:else if app.updatedAt}
@@ -56,14 +65,21 @@
     <Body size="S">{app.deployed ? "Published" : "Unpublished"}</Body>
   </div>
 
-  <div class="app-row-actions">
+  {#if isBuilder}
-    <Button size="S" secondary on:click={lockedAction || goToOverview}>
+    <div class="app-row-actions">
-      Manage
+      <Button size="S" secondary on:click={lockedAction || goToOverview}>
-    </Button>
+        Manage
-    <Button size="S" primary on:click={lockedAction || goToBuilder}>
+      </Button>
-      Edit
+      <Button size="S" primary on:click={lockedAction || goToBuilder}>
-    </Button>
+        Edit
-  </div>
+      </Button>
+    </div>
+  {:else}
+    <!-- this can happen if an app builder has app user access to an app -->
+    <div class="app-row-actions">
+      <Button size="S" secondary>View</Button>
+    </div>
+  {/if}
 </div>
 
 <style>

packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte

@@ -12,12 +12,12 @@
   } from "@budibase/bbui"
   import { store } from "builderStore"
   import { groups, licensing, apps, users, auth, admin } from "stores/portal"
-  import { fetchData } from "@budibase/frontend-core"
+  import { fetchData, Constants, Utils } from "@budibase/frontend-core"
+  import { sdk } from "@budibase/shared-core"
   import { API } from "api"
   import GroupIcon from "../../../portal/users/groups/_components/GroupIcon.svelte"
   import RoleSelect from "components/common/RoleSelect.svelte"
   import UpgradeModal from "components/common/users/UpgradeModal.svelte"
-  import { Constants, Utils } from "@budibase/frontend-core"
   import { emailValidator } from "helpers/validation"
   import { roles } from "stores/backend"
   import { fly } from "svelte/transition"
@@ -108,9 +108,9 @@
     await usersFetch.refresh()
 
     filteredUsers = $usersFetch.rows.map(user => {
-      const isBuilderOrAdmin = user.admin?.global || user.builder?.global
+      const isAdminOrBuilder = sdk.users.isAdminOrBuilder(user, prodAppId)
       let role = undefined
-      if (isBuilderOrAdmin) {
+      if (isAdminOrBuilder) {
         role = Constants.Roles.ADMIN
       } else {
         const appRole = Object.keys(user.roles).find(x => x === prodAppId)
@@ -122,7 +122,7 @@
       return {
         ...user,
         role,
-        isBuilderOrAdmin,
+        isAdminOrBuilder,
       }
     })
   }
@@ -258,7 +258,7 @@
     }
     // Must exclude users who have explicit privileges
     const userByEmail = filteredUsers.reduce((acc, user) => {
-      if (user.role || user.admin?.global || user.builder?.global) {
+      if (user.role || sdk.users.isAdminOrBuilder(user, prodAppId)) {
         acc.push(user.email)
       }
       return acc
@@ -389,9 +389,9 @@
   }
 
   const userTitle = user => {
-    if (user.admin?.global) {
+    if (sdk.users.isAdmin(user)) {
       return "Admin"
-    } else if (user.builder?.global) {
+    } else if (sdk.users.isBuilder(user, prodAppId)) {
       return "Developer"
     } else {
       return "App user"
@@ -403,7 +403,7 @@
       const role = $roles.find(role => role._id === user.role)
       return `This user has been given ${role?.name} access from the ${user.group} group`
     }
-    if (user.isBuilderOrAdmin) {
+    if (user.isAdminOrBuilder) {
       return "This user's role grants admin access to all apps"
     }
     return null
@@ -614,7 +614,7 @@
                     }}
                     autoWidth
                     align="right"
-                    allowedRoles={user.isBuilderOrAdmin
+                    allowedRoles={user.isAdminOrBuilder
                       ? [Constants.Roles.ADMIN]
                       : null}
                   />

packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte

@@ -4,6 +4,8 @@
   import { url, isActive } from "@roxi/routify"
   import DeleteModal from "components/deploy/DeleteModal.svelte"
   import { isOnlyUser } from "builderStore"
+  import { auth } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"
 
   let deleteModal
 </script>
@@ -44,22 +46,24 @@
             url={$url("./version")}
             active={$isActive("./version")}
           />
-          <div class="delete-action">
+          {#if sdk.users.isGlobalBuilder($auth.user)}
-            <AbsTooltip
+            <div class="delete-action">
-              position={TooltipPosition.Bottom}
+              <AbsTooltip
-              text={$isOnlyUser
+                position={TooltipPosition.Bottom}
-                ? null
+                text={$isOnlyUser
-                : "Unavailable - another user is editing this app"}
+                  ? null
-            >
+                  : "Unavailable - another user is editing this app"}
-              <SideNavItem
+              >
-                text="Delete app"
+                <SideNavItem
-                disabled={!$isOnlyUser}
+                  text="Delete app"
-                on:click={() => {
+                  disabled={!$isOnlyUser}
-                  deleteModal.show()
+                  on:click={() => {
-                }}
+                    deleteModal.show()
-              />
+                  }}
-            </AbsTooltip>
+                />
-          </div>
+              </AbsTooltip>
+            </div>
+          {/if}
         </SideNav>
         <slot />
       </Content>

packages/builder/src/pages/builder/apps/index.svelte

@@ -22,7 +22,7 @@
   import Spaceman from "assets/bb-space-man.svg"
   import Logo from "assets/bb-emblem.svg"
   import { UserAvatar } from "@budibase/frontend-core"
-  import { helpers } from "@budibase/shared-core"
+  import { helpers, sdk } from "@budibase/shared-core"
 
   let loaded = false
   let userInfoModal
@@ -43,32 +43,30 @@
   $: userGroups = $groups.filter(group =>
     group.users.find(user => user._id === $auth.user?._id)
   )
-  let userApps = []
   $: publishedApps = $apps.filter(publishedAppsOnly)
+  $: userApps = getUserApps($auth.user)
 
-  $: {
+  function getUserApps(user) {
-    if (!Object.keys($auth.user?.roles).length && $auth.user?.userGroups) {
+    if (sdk.users.isAdmin(user)) {
-      userApps =
+      return publishedApps
-        $auth.user?.builder?.global || $auth.user?.admin?.global
-          ? publishedApps
-          : publishedApps.filter(app => {
-              return userGroups.find(group => {
-                return groups.actions
-                  .getGroupAppIds(group)
-                  .map(role => apps.extractAppId(role))
-                  .includes(app.appId)
-              })
-            })
-    } else {
-      userApps =
-        $auth.user?.builder?.global || $auth.user?.admin?.global
-          ? publishedApps
-          : publishedApps.filter(app =>
-              Object.keys($auth.user?.roles)
-                .map(x => apps.extractAppId(x))
-                .includes(app.appId)
-            )
     }
+    return publishedApps.filter(app => {
+      if (sdk.users.isBuilder(user, app.appId)) {
+        return true
+      }
+      if (!Object.keys(user?.roles).length && user?.userGroups) {
+        return userGroups.find(group => {
+          return groups.actions
+            .getGroupAppIds(group)
+            .map(role => apps.extractAppId(role))
+            .includes(app.appId)
+        })
+      } else {
+        return Object.keys($auth.user?.roles)
+          .map(x => apps.extractAppId(x))
+          .includes(app.appId)
+      }
+    })
   }
 
   function getUrl(app) {
@@ -109,7 +107,7 @@
               >
                 Update password
               </MenuItem>
-              {#if $auth.isBuilder}
+              {#if sdk.users.hasBuilderPermissions($auth.user)}
                 <MenuItem
                   icon="UserDeveloper"
                   on:click={() => $goto("../portal")}

packages/builder/src/pages/builder/index.svelte

@@ -1,11 +1,12 @@
 <script>
   import { redirect } from "@roxi/routify"
   import { auth } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"
 
   auth.checkQueryString()
 
   $: {
-    if ($auth.user?.builder?.global) {
+    if (sdk.users.hasBuilderPermissions($auth.user)) {
       $redirect(`./portal`)
     } else if ($auth.user) {
       $redirect(`./apps`)

packages/builder/src/pages/builder/portal/_components/UpgradeButton.svelte

@@ -3,6 +3,7 @@
   import { goto } from "@roxi/routify"
   import { auth, admin, licensing } from "stores/portal"
   import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags"
+  import { sdk } from "@budibase/shared-core"
 </script>
 
 {#if isEnabled(TENANT_FEATURE_FLAGS.LICENSING) && !$licensing.isEnterprisePlan}
@@ -17,7 +18,7 @@
     >
       Upgrade
     </Button>
-  {:else if !$admin.cloud && $auth.isAdmin}
+  {:else if !$admin.cloud && sdk.users.isAdmin($auth.user)}
     <Button
       cta
       size="S"

packages/builder/src/pages/builder/portal/_layout.svelte

@@ -8,13 +8,14 @@
   import Logo from "./_components/Logo.svelte"
   import UserDropdown from "./_components/UserDropdown.svelte"
   import HelpMenu from "components/common/HelpMenu.svelte"
+  import { sdk } from "@budibase/shared-core"
 
   let loaded = false
   let mobileMenuVisible = false
   let activeTab = "Apps"
 
   $: $url(), updateActiveTab($menu)
-  $: fullscreen = !$apps.length
+  $: isOnboarding = !$apps.length && sdk.users.isGlobalBuilder($auth.user)
 
   const updateActiveTab = menu => {
     for (let entry of menu) {
@@ -33,7 +34,7 @@
   onMount(async () => {
     // Prevent non-builders from accessing the portal
     if ($auth.user) {
-      if (!$auth.user?.builder?.global) {
+      if (!sdk.users.hasBuilderPermissions($auth.user)) {
         $redirect("../")
       } else {
         try {
@@ -49,7 +50,7 @@
 </script>
 
 {#if $auth.user && loaded}
-  {#if fullscreen}
+  {#if isOnboarding}
     <slot />
   {:else}
     <HelpMenu />

packages/builder/src/pages/builder/portal/account/upgrade.svelte

@@ -19,6 +19,7 @@
   import DeleteLicenseKeyModal from "../../../../components/portal/licensing/DeleteLicenseKeyModal.svelte"
   import { API } from "api"
   import { onMount } from "svelte"
+  import { sdk } from "@budibase/shared-core"
 
   $: license = $auth.user.license
   $: upgradeUrl = `${$admin.accountPortalUrl}/portal/upgrade`
@@ -176,7 +177,7 @@
   })
 </script>
 
-{#if $auth.isAdmin}
+{#if sdk.users.isAdmin($auth.user)}
   <DeleteLicenseKeyModal
     bind:this={deleteLicenseKeyModal}
     onConfirm={deleteLicenseKey}

packages/builder/src/pages/builder/portal/account/usage.svelte

@@ -14,6 +14,7 @@
   import { Constants } from "@budibase/frontend-core"
   import { DashCard, Usage } from "components/usage"
   import { PlanModel } from "constants"
+  import { sdk } from "@budibase/shared-core"
 
   let staticUsage = []
   let monthlyUsage = []
@@ -51,7 +52,8 @@
   $: accountPortalAccess = $auth?.user?.accountPortalAccess
   $: quotaReset = quotaUsage?.quotaReset
   $: canManagePlan =
-    ($admin.cloud && accountPortalAccess) || (!$admin.cloud && $auth.isAdmin)
+    ($admin.cloud && accountPortalAccess) ||
+    (!$admin.cloud && sdk.users.isAdmin($auth.user))
 
   $: showButton = !usesInvoicing && accountPortalAccess
 

packages/builder/src/pages/builder/portal/apps/_layout.svelte

@@ -1,11 +1,19 @@
 <script>
   import { notifications } from "@budibase/bbui"
-  import { admin, apps, templates, licensing, groups } from "stores/portal"
+  import {
+    admin,
+    apps,
+    templates,
+    licensing,
+    groups,
+    auth,
+  } from "stores/portal"
   import { onMount } from "svelte"
   import { redirect } from "@roxi/routify"
+  import { sdk } from "@budibase/shared-core"
 
   // Don't block loading if we've already hydrated state
-  let loaded = $apps.length > 0
+  let loaded = $apps.length != null
 
   onMount(async () => {
     try {
@@ -25,7 +33,7 @@
       }
 
       // Go to new app page if no apps exists
-      if (!$apps.length) {
+      if (!$apps.length && sdk.users.isGlobalBuilder($auth.user)) {
         $redirect("./onboarding")
       }
     } catch (error) {

packages/builder/src/pages/builder/portal/apps/index.svelte

@@ -15,6 +15,7 @@
   import CreateAppModal from "components/start/CreateAppModal.svelte"
   import AppLimitModal from "components/portal/licensing/AppLimitModal.svelte"
   import AccountLockedModal from "components/portal/licensing/AccountLockedModal.svelte"
+  import { sdk } from "@budibase/shared-core"
 
   import { store, automationStore } from "builderStore"
   import { API } from "api"
@@ -203,40 +204,40 @@
   })
 </script>
 
-{#if $apps.length}
+<Page>
-  <Page>
+  <Layout noPadding gap="L">
-    <Layout noPadding gap="L">
+    {#each Object.keys(automationErrors || {}) as appId}
-      {#each Object.keys(automationErrors || {}) as appId}
+      <Notification
-        <Notification
+        wide
-          wide
+        dismissable
-          dismissable
+        action={() => goToAutomationError(appId)}
-          action={() => goToAutomationError(appId)}
+        type="error"
-          type="error"
+        icon="Alert"
-          icon="Alert"
+        actionMessage={errorCount(automationErrors[appId]) > 1
-          actionMessage={errorCount(automationErrors[appId]) > 1
+          ? "View errors"
-            ? "View errors"
+          : "View error"}
-            : "View error"}
+        on:dismiss={async () => {
-          on:dismiss={async () => {
+          await automationStore.actions.clearLogErrors({ appId })
-            await automationStore.actions.clearLogErrors({ appId })
+          await apps.load()
-            await apps.load()
+        }}
-          }}
+        message={automationErrorMessage(appId)}
-          message={automationErrorMessage(appId)}
+      />
-        />
+    {/each}
-      {/each}
+    <div class="title">
-      <div class="title">
+      <div class="welcome">
-        <div class="welcome">
+        <Layout noPadding gap="XS">
-          <Layout noPadding gap="XS">
+          <Heading size="L">{welcomeHeader}</Heading>
-            <Heading size="L">{welcomeHeader}</Heading>
+          <Body size="M">
-            <Body size="M">
+            Below you'll find the list of apps that you have access to
-              Manage your apps and get a head start with templates
+          </Body>
-            </Body>
+        </Layout>
-          </Layout>
-        </div>
       </div>
+    </div>
 
-      {#if enrichedApps.length}
+    {#if enrichedApps.length}
-        <Layout noPadding gap="L">
+      <Layout noPadding gap="L">
-          <div class="title">
+        <div class="title">
+          {#if $auth.user && sdk.users.isGlobalBuilder($auth.user)}
             <div class="buttons">
               <Button
                 size="M"
@@ -266,41 +267,46 @@
                 </Button>
               {/if}
             </div>
-            {#if enrichedApps.length > 1}
+          {/if}
-              <div class="app-actions">
+          {#if enrichedApps.length > 1}
-                <Select
+            <div class="app-actions">
-                  autoWidth
+              <Select
-                  bind:value={sortBy}
+                autoWidth
-                  placeholder={null}
+                bind:value={sortBy}
-                  options={[
+                placeholder={null}
-                    { label: "Sort by name", value: "name" },
+                options={[
-                    { label: "Sort by recently updated", value: "updated" },
+                  { label: "Sort by name", value: "name" },
-                    { label: "Sort by status", value: "status" },
+                  { label: "Sort by recently updated", value: "updated" },
-                  ]}
+                  { label: "Sort by status", value: "status" },
-                />
+                ]}
-                <Search placeholder="Search" bind:value={searchTerm} />
+              />
-              </div>
+              <Search placeholder="Search" bind:value={searchTerm} />
-            {/if}
+            </div>
-          </div>
+          {/if}
-
-          <div class="app-table">
-            {#each filteredApps as app (app.appId)}
-              <AppRow {app} lockedAction={usersLimitLockAction} />
-            {/each}
-          </div>
-        </Layout>
-      {/if}
-
-      {#if creatingFromTemplate}
-        <div class="empty-wrapper">
-          <img class="img-logo img-size" alt="logo" src={Logo} />
-          <p>Creating your Budibase app from your selected template...</p>
-          <Spinner size="10" />
         </div>
-      {/if}
+
-    </Layout>
+        <div class="app-table">
-  </Page>
+          {#each filteredApps as app (app.appId)}
-{/if}
+            <AppRow {app} lockedAction={usersLimitLockAction} />
+          {/each}
+        </div>
+      </Layout>
+    {:else}
+      <div class="no-apps">
+        <img class="spaceman" alt="spaceman" src={Logo} width="100px" />
+        <Body weight="700">You haven't been given access to any apps yet</Body>
+      </div>
+    {/if}
+
+    {#if creatingFromTemplate}
+      <div class="empty-wrapper">
+        <img class="img-logo img-size" alt="logo" src={Logo} />
+        <p>Creating your Budibase app from your selected template...</p>
+        <Spinner size="10" />
+      </div>
+    {/if}
+  </Layout>
+</Page>
 
 <Modal
   bind:this={creationModal}
@@ -368,6 +374,16 @@
     height: 160px;
   }
 
+  .no-apps {
+    background-color: var(--spectrum-global-color-gray-100);
+    padding: calc(var(--spacing-xl) * 2);
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    flex-direction: column;
+    gap: var(--spacing-xl);
+  }
+
   @media (max-width: 1000px) {
     .img-logo {
       display: none;

packages/builder/src/pages/builder/portal/settings/branding.svelte

@@ -18,6 +18,7 @@
   import { API } from "api"
   import { onMount } from "svelte"
   import { goto } from "@roxi/routify"
+  import { sdk } from "@budibase/shared-core"
 
   const imageExtensions = [
     ".png",
@@ -206,7 +207,7 @@
   })
 </script>
 
-{#if $auth.isAdmin && mounted}
+{#if sdk.users.isAdmin($auth.user) && mounted}
   <Layout noPadding>
     <Layout gap="XS" noPadding>
       <div class="title">
@@ -400,7 +401,7 @@
           on:click={() => {
             if (isCloud && $auth?.user?.accountPortalAccess) {
               window.open($admin.accountPortalUrl + "/portal/upgrade", "_blank")
-            } else if ($auth.isAdmin) {
+            } else if (sdk.users.isAdmin($auth.user)) {
               $goto("/builder/portal/account/upgrade")
             }
           }}

packages/builder/src/pages/builder/portal/settings/diagnostics.svelte

@@ -13,6 +13,7 @@
   import { redirect } from "@roxi/routify"
   import { API } from "api"
   import { onMount } from "svelte"
+  import { sdk } from "@budibase/shared-core"
 
   let diagnosticInfo = ""
 
@@ -46,7 +47,7 @@
   })
 </script>
 
-{#if $auth.isAdmin && diagnosticInfo}
+{#if sdk.users.isAdmin($auth.user) && diagnosticInfo}
   <Layout noPadding>
     <Layout gap="XS">
       <Heading size="M">Diagnostics</Heading>

packages/builder/src/pages/builder/portal/settings/organisation.svelte

@@ -13,10 +13,11 @@
   import { auth, organisation, admin } from "stores/portal"
   import { writable } from "svelte/store"
   import { redirect } from "@roxi/routify"
+  import { sdk } from "@budibase/shared-core"
 
   // Only admins allowed here
   $: {
-    if (!$auth.isAdmin) {
+    if (!sdk.users.isAdmin($auth.user)) {
       $redirect("../../portal")
     }
   }
@@ -50,7 +51,7 @@
   }
 </script>
 
-{#if $auth.isAdmin}
+{#if sdk.users.isAdmin($auth.user)}
   <Layout noPadding>
     <Layout gap="XS" noPadding>
       <Heading size="M">Organisation</Heading>

packages/builder/src/pages/builder/portal/settings/version.svelte

@@ -14,6 +14,7 @@
   import { API } from "api"
   import { auth, admin } from "stores/portal"
   import { redirect } from "@roxi/routify"
+  import { sdk } from "@budibase/shared-core"
 
   let version
   let loaded = false
@@ -25,7 +26,7 @@
 
   // Only admins allowed here
   $: {
-    if (!$auth.isAdmin || $admin.cloud) {
+    if (!sdk.users.isAdmin($auth.user) || $admin.cloud) {
       $redirect("../../portal")
     }
   }
@@ -89,7 +90,7 @@
   })
 </script>
 
-{#if $auth.isAdmin}
+{#if sdk.users.isAdmin($auth.user)}
   <Layout noPadding>
     <Layout gap="XS" noPadding>
       <Heading size="M">Version</Heading>

packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte

@@ -20,6 +20,7 @@
   import CreateEditGroupModal from "./_components/CreateEditGroupModal.svelte"
   import GroupIcon from "./_components/GroupIcon.svelte"
   import GroupUsers from "./_components/GroupUsers.svelte"
+  import { sdk } from "@budibase/shared-core"
 
   export let groupId
 
@@ -46,7 +47,7 @@
   let editModal, deleteModal
 
   $: scimEnabled = $features.isScimEnabled
-  $: readonly = !$auth.isAdmin || scimEnabled
+  $: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
   $: group = $groups.find(x => x._id === groupId)
   $: groupApps = $apps
     .filter(app =>

packages/builder/src/pages/builder/portal/users/groups/_components/EditUserPicker.svelte

@@ -3,6 +3,7 @@
   import UserGroupPicker from "components/settings/UserGroupPicker.svelte"
   import { createPaginationStore } from "helpers/pagination"
   import { auth, groups, users } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"
 
   export let groupId
   export let onUsersUpdated
@@ -13,7 +14,7 @@
   let prevSearch = undefined
   let pageInfo = createPaginationStore()
 
-  $: readonly = !$auth.isAdmin
+  $: readonly = !sdk.users.isAdmin($auth.user)
   $: page = $pageInfo.page
   $: searchUsers(page, searchTerm)
   $: group = $groups.find(x => x._id === groupId)

packages/builder/src/pages/builder/portal/users/groups/_components/GroupUsers.svelte

@@ -9,6 +9,7 @@
   import { setContext } from "svelte"
   import ScimBanner from "../../_components/SCIMBanner.svelte"
   import RemoveUserTableRenderer from "../_components/RemoveUserTableRenderer.svelte"
+  import { sdk } from "@budibase/shared-core"
 
   export let groupId
 
@@ -49,7 +50,7 @@
   ]
 
   $: scimEnabled = $features.isScimEnabled
-  $: readonly = !$auth.isAdmin || scimEnabled
+  $: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
 
   const removeUser = async id => {
     await groups.actions.removeUser(groupId, id)

packages/builder/src/pages/builder/portal/users/groups/_components/RemoveUserTableRenderer.svelte

@@ -2,6 +2,7 @@
   import { ActionButton } from "@budibase/bbui"
   import { getContext } from "svelte"
   import { auth } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"
 
   export let value
 
@@ -13,6 +14,10 @@
   }
 </script>
 
-<ActionButton disabled={!$auth.isAdmin} size="S" on:click={onClick}>
+<ActionButton
+  disabled={!sdk.users.isAdmin($auth.user)}
+  size="S"
+  on:click={onClick}
+>
   Remove
 </ActionButton>

packages/builder/src/pages/builder/portal/users/groups/index.svelte

@@ -22,6 +22,7 @@
   import GroupNameTableRenderer from "./_components/GroupNameTableRenderer.svelte"
   import { goto } from "@roxi/routify"
   import ScimBanner from "../_components/SCIMBanner.svelte"
+  import { sdk } from "@budibase/shared-core"
 
   const DefaultGroup = {
     name: "",
@@ -40,7 +41,7 @@
     { column: "roles", component: GroupAppsTableRenderer },
   ]
 
-  $: readonly = !$auth.isAdmin
+  $: readonly = !sdk.users.isAdmin($auth.user)
   $: schema = {
     name: { displayName: "Group", width: "2fr", minWidth: "200px" },
     users: { sortable: false, width: "1fr" },

packages/builder/src/pages/builder/portal/users/users/[userId].svelte

@@ -31,6 +31,7 @@
   import AppNameTableRenderer from "./_components/AppNameTableRenderer.svelte"
   import AppRoleTableRenderer from "./_components/AppRoleTableRenderer.svelte"
   import ScimBanner from "../_components/SCIMBanner.svelte"
+  import { sdk } from "@budibase/shared-core"
 
   export let userId
 
@@ -87,8 +88,8 @@
 
   $: scimEnabled = $features.isScimEnabled
   $: isSSO = !!user?.provider
-  $: readonly = !$auth.isAdmin || scimEnabled
+  $: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
-  $: privileged = user?.admin?.global || user?.builder?.global
+  $: privileged = sdk.users.isAdminOrBuilder(user)
   $: nameLabel = getNameLabel(user)
   $: filteredGroups = getFilteredGroups($groups, searchTerm)
   $: availableApps = getAvailableApps($apps, privileged, user?.roles)
@@ -97,9 +98,9 @@
       return y._id === userId
     })
   })
-  $: globalRole = user?.admin?.global
+  $: globalRole = sdk.users.isAdmin(user)
     ? "admin"
-    : user?.builder?.global
+    : sdk.users.isBuilder(user)
     ? "developer"
     : "appUser"
 
@@ -285,7 +286,7 @@
           <div class="field">
             <Label size="L">Role</Label>
             <Select
-              disabled={!$auth.isAdmin}
+              disabled={!sdk.users.isAdmin($auth.user)}
               value={globalRole}
               options={Constants.BudibaseRoleOptions}
               on:change={updateUserRole}

packages/builder/src/pages/builder/portal/users/users/_components/AppsTableRenderer.svelte

@@ -1,11 +1,12 @@
 <script>
   import { Icon } from "@budibase/bbui"
   import { apps } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"
 
   export let value
   export let row
 
-  $: priviliged = row?.admin?.global || row?.builder?.global
+  $: priviliged = sdk.users.isAdminOrBuilder(row)
   $: count = priviliged ? $apps.length : value?.length || 0
 </script>
 

packages/builder/src/pages/builder/portal/users/users/_components/RemoveGroupTableRenderer.svelte

@@ -2,6 +2,7 @@
   import { ActionButton } from "@budibase/bbui"
   import { getContext } from "svelte"
   import { auth } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"
 
   export let value
 
@@ -13,6 +14,10 @@
   }
 </script>
 
-<ActionButton disabled={!$auth.isAdmin} size="S" on:click={onClick}>
+<ActionButton
+  disabled={!sdk.users.isAdmin($auth.user)}
+  size="S"
+  on:click={onClick}
+>
   Remove
 </ActionButton>

packages/builder/src/pages/builder/portal/users/users/_components/UpdateRolesModal.svelte

@@ -2,6 +2,7 @@
   import { createEventDispatcher } from "svelte"
   import { Body, Select, ModalContent, notifications } from "@budibase/bbui"
   import { users } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"
 
   export let app
   export let user
@@ -15,7 +16,7 @@
     .filter(role => role._id !== "PUBLIC")
     .map(role => ({ value: role._id, label: role.name }))
 
-  if (!user?.builder?.global) {
+  if (!sdk.users.isBuilder(user, app?.appId)) {
     options.push({ value: NO_ACCESS, label: "No Access" })
   }
   let selectedRole = user?.roles?.[app?._id]

packages/builder/src/pages/builder/portal/users/users/index.svelte

@@ -39,6 +39,7 @@
   import { API } from "api"
   import { OnboardingType } from "../../../../../constants"
   import ScimBanner from "../_components/SCIMBanner.svelte"
+  import { sdk } from "@budibase/shared-core"
 
   const fetch = fetchData({
     API,
@@ -66,7 +67,7 @@
   let userData = []
 
   $: isOwner = $auth.accountPortalAccess && $admin.cloud
-  $: readonly = !$auth.isAdmin || $features.isScimEnabled
+  $: readonly = !sdk.users.isAdmin($auth.user) || $features.isScimEnabled
 
   $: debouncedUpdateFetch(searchEmail)
   $: schema = {

packages/builder/src/stores/portal/auth.js

@@ -2,6 +2,7 @@ import { derived, writable, get } from "svelte/store"
 import { API } from "api"
 import { admin } from "stores/portal"
 import analytics from "analytics"
+import { sdk } from "@budibase/shared-core"
 
 export function createAuthStore() {
   const auth = writable({
@@ -13,13 +14,6 @@ export function createAuthStore() {
     postLogout: false,
   })
   const store = derived(auth, $store => {
-    let isAdmin = false
-    let isBuilder = false
-    if ($store.user) {
-      const user = $store.user
-      isAdmin = !!user.admin?.global
-      isBuilder = !!user.builder?.global
-    }
     return {
       user: $store.user,
       accountPortalAccess: $store.accountPortalAccess,
@@ -27,8 +21,6 @@ export function createAuthStore() {
       tenantSet: $store.tenantSet,
       loaded: $store.loaded,
       postLogout: $store.postLogout,
-      isAdmin,
-      isBuilder,
       isSSO: !!$store.user?.provider,
     }
   })
@@ -57,8 +49,8 @@ export function createAuthStore() {
               name: user.account?.name,
               user_id: user._id,
               tenant: user.tenantId,
-              admin: user?.admin?.global,
+              admin: sdk.users.isAdmin(user),
-              builder: user?.builder?.global,
+              builder: sdk.users.isBuilder(user),
               "Company size": user.account?.size,
               "Job role": user.account?.profession,
             },

packages/builder/src/stores/portal/menu.js

@@ -2,8 +2,12 @@ import { derived } from "svelte/store"
 import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags"
 import { admin } from "./admin"
 import { auth } from "./auth"
+import { sdk } from "@budibase/shared-core"
 
 export const menu = derived([admin, auth], ([$admin, $auth]) => {
+  const user = $auth?.user
+  const isAdmin = sdk.users.isAdmin(user)
+  const cloud = $admin?.cloud
   // Determine user sub pages
   let userSubPages = [
     {
@@ -24,19 +28,21 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
       title: "Apps",
       href: "/builder/portal/apps",
     },
-    {
+  ]
+  if (sdk.users.isGlobalBuilder(user)) {
+    menu.push({
       title: "Users",
       href: "/builder/portal/users",
       subPages: userSubPages,
-    },
+    })
-    {
+    menu.push({
       title: "Plugins",
       href: "/builder/portal/plugins",
-    },
+    })
-  ]
+  }
 
   // Add settings page for admins
-  if ($auth.isAdmin) {
+  if (isAdmin) {
     let settingsSubPages = [
       {
         title: "Auth",
@@ -59,7 +65,7 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
         href: "/builder/portal/settings/environment",
       },
     ]
-    if (!$admin.cloud) {
+    if (!cloud) {
       settingsSubPages.push({
         title: "Version",
         href: "/builder/portal/settings/version",
@@ -84,38 +90,35 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
         href: "/builder/portal/account/usage",
       },
     ]
-    if ($auth.isAdmin) {
+    if (isAdmin) {
       accountSubPages.push({
         title: "Audit Logs",
         href: "/builder/portal/account/auditLogs",
       })
 
-      if (!$admin.cloud) {
+      if (!cloud) {
         accountSubPages.push({
           title: "System Logs",
           href: "/builder/portal/account/systemLogs",
         })
       }
     }
-    if ($admin.cloud && $auth?.user?.accountPortalAccess) {
+    if (cloud && user?.accountPortalAccess) {
       accountSubPages.push({
         title: "Upgrade",
-        href: $admin.accountPortalUrl + "/portal/upgrade",
+        href: $admin?.accountPortalUrl + "/portal/upgrade",
       })
-    } else if (!$admin.cloud && $auth.isAdmin) {
+    } else if (!cloud && isAdmin) {
       accountSubPages.push({
         title: "Upgrade",
         href: "/builder/portal/account/upgrade",
       })
     }
     // add license check here
-    if (
+    if (user?.accountPortalAccess && user.account.stripeCustomerId) {
-      $auth?.user?.accountPortalAccess &&
-      $auth.user.account.stripeCustomerId
-    ) {
       accountSubPages.push({
         title: "Billing",
-        href: $admin.accountPortalUrl + "/portal/billing",
+        href: $admin?.accountPortalUrl + "/portal/billing",
       })
     }
     menu.push({

packages/builder/src/stores/portal/users.js

@@ -2,6 +2,7 @@ import { writable } from "svelte/store"
 import { API } from "api"
 import { update } from "lodash"
 import { licensing } from "."
+import { sdk } from "@budibase/shared-core"
 
 export function createUsersStore() {
   const { subscribe, set } = writable({})
@@ -111,8 +112,12 @@ export function createUsersStore() {
     return await API.saveUser(user)
   }
 
-  const getUserRole = ({ admin, builder }) =>
+  const getUserRole = user =>
-    admin?.global ? "admin" : builder?.global ? "developer" : "appUser"
+    sdk.users.isAdmin(user)
+      ? "admin"
+      : sdk.users.isBuilder(user)
+      ? "developer"
+      : "appUser"
 
   const refreshUsage =
     fn =>

packages/server/src/api/controllers/application.ts

@@ -30,6 +30,7 @@ import {
   objectStore,
   roles,
   tenancy,
+  users,
 } from "@budibase/backend-core"
 import { USERS_TABLE_SCHEMA } from "../../constants"
 import {
@@ -49,8 +50,8 @@ import {
   MigrationType,
   PlanType,
   Screen,
-  SocketSession,
   UserCtx,
+  ContextUser,
 } from "@budibase/types"
 import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
 import sdk from "../../sdk"
@@ -177,32 +178,10 @@ export const addSampleData = async (ctx: UserCtx) => {
 }
 
 export async function fetch(ctx: UserCtx) {
-  const dev = ctx.query && ctx.query.status === AppStatus.DEV
+  ctx.body = await sdk.applications.fetch(
-  const all = ctx.query && ctx.query.status === AppStatus.ALL
+    ctx.query.status as AppStatus,
-  const apps = (await dbCore.getAllApps({ dev, all })) as App[]
+    ctx.user
-
+  )
-  const appIds = apps
-    .filter((app: any) => app.status === "development")
-    .map((app: any) => app.appId)
-
-  // get the locks for all the dev apps
-  if (dev || all) {
-    const locks = await getLocksById(appIds)
-    for (let app of apps) {
-      const lock = locks[app.appId]
-      if (lock) {
-        app.lockedBy = lock
-      } else {
-        // make sure its definitely not present
-        delete app.lockedBy
-      }
-    }
-  }
-
-  // Enrich apps with all builder user sessions
-  const enrichedApps = await sdk.users.sessions.enrichApps(apps)
-
-  ctx.body = await checkAppMetadata(enrichedApps)
 }
 
 export async function fetchAppDefinition(ctx: UserCtx) {
@@ -222,6 +201,7 @@ export async function fetchAppDefinition(ctx: UserCtx) {
 
 export async function fetchAppPackage(ctx: UserCtx) {
   const db = context.getAppDB()
+  const appId = context.getAppId()
   let application = await db.get<any>(DocumentType.APP_METADATA)
   const layouts = await getLayouts()
   let screens = await getScreens()
@@ -233,7 +213,7 @@ export async function fetchAppPackage(ctx: UserCtx) {
   )
 
   // Only filter screens if the user is not a builder
-  if (!(ctx.user.builder && ctx.user.builder.global)) {
+  if (!users.isBuilder(ctx.user, appId)) {
     const userRoleId = getUserRoleId(ctx)
     const accessController = new roles.AccessController()
     screens = await accessController.checkScreensAccess(screens, userRoleId)

packages/server/src/api/routes/application.ts

@@ -15,7 +15,7 @@ router
   )
   .post(
     "/api/applications",
-    authorized(permissions.BUILDER),
+    authorized(permissions.GLOBAL_BUILDER),
     applicationValidator(),
     controller.create
   )
@@ -55,7 +55,7 @@ router
   )
   .delete(
     "/api/applications/:appId",
-    authorized(permissions.BUILDER),
+    authorized(permissions.GLOBAL_BUILDER),
     controller.destroy
   )
 

packages/server/src/api/routes/plugin.ts

@@ -8,14 +8,18 @@ const router: Router = new Router()
 router
   .post(
     "/api/plugin/upload",
-    authorized(permissions.BUILDER),
+    authorized(permissions.GLOBAL_BUILDER),
     controller.upload
   )
-  .post("/api/plugin", authorized(permissions.BUILDER), controller.create)
+  .post(
-  .get("/api/plugin", authorized(permissions.BUILDER), controller.fetch)
+    "/api/plugin",
+    authorized(permissions.GLOBAL_BUILDER),
+    controller.create
+  )
+  .get("/api/plugin", authorized(permissions.GLOBAL_BUILDER), controller.fetch)
   .delete(
     "/api/plugin/:pluginId",
-    authorized(permissions.BUILDER),
+    authorized(permissions.GLOBAL_BUILDER),
     controller.destroy
   )
 

packages/server/src/api/routes/public/index.ts

@@ -7,14 +7,14 @@ import userEndpoints from "./users"
 import authorized from "../../../middleware/authorized"
 import publicApi from "../../../middleware/publicApi"
 import { paramResource, paramSubResource } from "../../../middleware/resourceId"
+import { PermissionType, PermissionLevel } from "@budibase/types"
 import { CtxFn } from "./utils/Endpoint"
 import mapperMiddleware from "./middleware/mapper"
 import env from "../../../environment"
 // below imports don't have declaration files
 const Router = require("@koa/router")
 const { RateLimit, Stores } = require("koa2-ratelimit")
-import { middleware, redis, permissions } from "@budibase/backend-core"
+import { middleware, redis } from "@budibase/backend-core"
-const { PermissionType, PermissionLevel } = permissions
 
 const PREFIX = "/api/public/v1"
 // allow a lot more requests when in test
@@ -111,7 +111,7 @@ function applyAdminRoutes(endpoints: any) {
 
 function applyRoutes(
   endpoints: any,
-  permType: string,
+  permType: PermissionType,
   resource: string,
   subResource?: string
 ) {

packages/server/src/api/routes/tests/utilities/TestFunctions.ts

@@ -36,7 +36,10 @@ export const clearAllApps = async (
   exceptions: Array<string> = []
 ) => {
   await tenancy.doInTenant(tenantId, async () => {
-    const req: any = { query: { status: AppStatus.DEV }, user: { tenantId } }
+    const req: any = {
+      query: { status: AppStatus.DEV },
+      user: { tenantId, builder: { global: true } },
+    }
     await appController.fetch(req)
     const apps = req.body
     if (!apps || apps.length <= 0) {

packages/server/src/app.ts

@@ -15,7 +15,15 @@ import * as api from "./api"
 import * as automations from "./automations"
 import { Thread } from "./threads"
 import * as redis from "./utilities/redis"
-import { events, logging, middleware, timers } from "@budibase/backend-core"
+import { ServiceType } from "@budibase/types"
+import {
+  events,
+  logging,
+  middleware,
+  timers,
+  env as coreEnv,
+} from "@budibase/backend-core"
+coreEnv._set("SERVICE_TYPE", ServiceType.APPS)
 import { startup } from "./startup"
 const Sentry = require("@sentry/node")
 const destroyable = require("server-destroy")

packages/server/src/db/utils.ts

@@ -3,10 +3,10 @@ import { db as dbCore } from "@budibase/backend-core"
 
 type Optional = string | null
 
-export const AppStatus = {
+export const enum AppStatus {
-  DEV: "development",
+  DEV = "development",
-  ALL: "all",
+  ALL = "all",
-  DEPLOYED: "published",
+  DEPLOYED = "published",
 }
 
 export const BudibaseInternalDB = {

packages/server/src/environment.ts

@@ -1,3 +1,6 @@
+import { env as coreEnv } from "@budibase/backend-core"
+import { ServiceType } from "@budibase/types"
+coreEnv._set("SERVICE_TYPE", ServiceType.APPS)
 import { join } from "path"
 
 function isTest() {

packages/server/src/middleware/authorized.ts

@@ -1,5 +1,11 @@
-import { roles, permissions, auth, context } from "@budibase/backend-core"
+import {
-import { Role } from "@budibase/types"
+  auth,
+  context,
+  permissions,
+  roles,
+  users,
+} from "@budibase/backend-core"
+import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types"
 import builderMiddleware from "./builder"
 import { isWebhookEndpoint } from "./utils"
 
@@ -16,15 +22,20 @@ const csrf = auth.buildCsrfMiddleware()
  * - Otherwise the user must have the required role.
  */
 const checkAuthorized = async (
-  ctx: any,
+  ctx: UserCtx,
   resourceRoles: any,
-  permType: any,
+  permType: PermissionType,
-  permLevel: any
+  permLevel: PermissionLevel
 ) => {
+  const appId = context.getAppId()
+  const isGlobalBuilderApi = permType === PermissionType.GLOBAL_BUILDER
+  const isBuilderApi = permType === PermissionType.BUILDER
+  const globalBuilder = users.isGlobalBuilder(ctx.user)
+  let isBuilder = appId
+    ? users.isBuilder(ctx.user, appId)
+    : users.hasBuilderPermissions(ctx.user)
   // check if this is a builder api and the user is not a builder
-  const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global
+  if ((isGlobalBuilderApi && !globalBuilder) || (isBuilderApi && !isBuilder)) {
-  const isBuilderApi = permType === permissions.PermissionType.BUILDER
-  if (isBuilderApi && !isBuilder) {
     return ctx.throw(403, "Not Authorized")
   }
 
@@ -35,10 +46,10 @@ const checkAuthorized = async (
 }
 
 const checkAuthorizedResource = async (
-  ctx: any,
+  ctx: UserCtx,
   resourceRoles: any,
-  permType: any,
+  permType: PermissionType,
-  permLevel: any
+  permLevel: PermissionLevel
 ) => {
   // get the user's roles
   const roleId = ctx.roleId || roles.BUILTIN_ROLE_IDS.PUBLIC
@@ -64,8 +75,8 @@ const checkAuthorizedResource = async (
 }
 
 export default (
-    permType: any,
+    permType: PermissionType,
-    permLevel: any = null,
+    permLevel?: PermissionLevel,
     opts = { schema: false }
   ) =>
   async (ctx: any, next: any) => {
@@ -83,12 +94,12 @@ export default (
     let resourceRoles: any = []
     let otherLevelRoles: any = []
     const otherLevel =
-      permLevel === permissions.PermissionLevel.READ
+      permLevel === PermissionLevel.READ
-        ? permissions.PermissionLevel.WRITE
+        ? PermissionLevel.WRITE
-        : permissions.PermissionLevel.READ
+        : PermissionLevel.READ
     const appId = context.getAppId()
     if (appId && hasResource(ctx)) {
-      resourceRoles = await roles.getRequiredResourceRole(permLevel, ctx)
+      resourceRoles = await roles.getRequiredResourceRole(permLevel!, ctx)
       if (opts && opts.schema) {
         otherLevelRoles = await roles.getRequiredResourceRole(otherLevel, ctx)
       }
@@ -110,13 +121,16 @@ export default (
 
     // check general builder stuff, this middleware is a good way
     // to find API endpoints which are builder focused
-    if (permType === permissions.PermissionType.BUILDER) {
+    if (
+      permType === PermissionType.BUILDER ||
+      permType === PermissionType.GLOBAL_BUILDER
+    ) {
       await builderMiddleware(ctx)
     }
 
     try {
       // check authorized
-      await checkAuthorized(ctx, resourceRoles, permType, permLevel)
+      await checkAuthorized(ctx, resourceRoles, permType, permLevel!)
     } catch (err) {
       // this is a schema, check if
       if (opts && opts.schema && permLevel) {

packages/server/src/middleware/builder.ts

@@ -10,7 +10,7 @@ import {
   setDebounce,
 } from "../utilities/redis"
 import { db as dbCore, cache } from "@budibase/backend-core"
-import { UserCtx, Database, App } from "@budibase/types"
+import { UserCtx, Database } from "@budibase/types"
 
 const DEBOUNCE_TIME_SEC = 30
 

packages/server/src/middleware/currentapp.ts

@@ -4,12 +4,13 @@ import {
   roles,
   tenancy,
   context,
+  users,
 } from "@budibase/backend-core"
 import { generateUserMetadataID, isDevAppID } from "../db/utils"
 import { getCachedSelf } from "../utilities/global"
 import env from "../environment"
 import { isWebhookEndpoint } from "./utils"
-import { UserCtx } from "@budibase/types"
+import { UserCtx, ContextUser } from "@budibase/types"
 
 export default async (ctx: UserCtx, next: any) => {
   // try to get the appID from the request
@@ -23,7 +24,7 @@ export default async (ctx: UserCtx, next: any) => {
     if (
       isDevAppID(requestAppId) &&
       !isWebhookEndpoint(ctx) &&
-      (!ctx.user || !ctx.user.builder || !ctx.user.builder.global)
+      !users.isBuilder(ctx.user, requestAppId)
     ) {
       return ctx.redirect("/")
     }
@@ -42,8 +43,7 @@ export default async (ctx: UserCtx, next: any) => {
     roleId = globalUser.roleId || roleId
 
     // Allow builders to specify their role via a header
-    const isBuilder =
+    const isBuilder = users.isBuilder(globalUser, appId)
-      globalUser && globalUser.builder && globalUser.builder.global
     const isDevApp = appId && isDevAppID(appId)
     const roleHeader =
       ctx.request &&
@@ -56,8 +56,7 @@ export default async (ctx: UserCtx, next: any) => {
           roleId = roleHeader
 
           // Delete admin and builder flags so that the specified role is honoured
-          delete ctx.user.builder
+          ctx.user = users.removePortalUserPermissions(ctx.user) as ContextUser
-          delete ctx.user.admin
         }
       } catch (error) {
         // Swallow error and do nothing
@@ -71,7 +70,6 @@ export default async (ctx: UserCtx, next: any) => {
   }
 
   return context.doInAppContext(appId, async () => {
-    let skipCookie = false
     // if the user not in the right tenant then make sure they have no permissions
     // need to judge this only based on the request app ID,
     if (
@@ -81,12 +79,9 @@ export default async (ctx: UserCtx, next: any) => {
       !tenancy.isUserInAppTenant(requestAppId, ctx.user)
     ) {
       // don't error, simply remove the users rights (they are a public user)
-      delete ctx.user.builder
+      ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
-      delete ctx.user.admin
-      delete ctx.user.roles
       ctx.isAuthenticated = false
       roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
-      skipCookie = true
     }
 
     ctx.appId = appId

packages/server/src/middleware/tests/authorized.spec.js

@@ -9,7 +9,7 @@ jest.mock("../../environment", () => ({
 )
 const authorizedMiddleware = require("../authorized").default
 const env = require("../../environment")
-const { permissions } = require("@budibase/backend-core")
+const { PermissionType, PermissionLevel } = require("@budibase/types")
 
 const APP_ID = ""
 
@@ -112,7 +112,7 @@ describe("Authorization middleware", () => {
     
     it("throws if the user does not have builder permissions", async () => {
       config.setEnvironment(false)
-      config.setMiddlewareRequiredPermission(permissions.PermissionType.BUILDER)
+      config.setMiddlewareRequiredPermission(PermissionType.BUILDER)
       config.setUser({
         role: {
           _id: ""
@@ -124,13 +124,13 @@ describe("Authorization middleware", () => {
     })
 
     it("passes on to next() middleware if the user has resource permission", async () => {
-      config.setResourceId(permissions.PermissionType.QUERY)
+      config.setResourceId(PermissionType.QUERY)
       config.setUser({
         role: {
           _id: ""
         }
       })
-      config.setMiddlewareRequiredPermission(permissions.PermissionType.QUERY)
+      config.setMiddlewareRequiredPermission(PermissionType.QUERY)
 
       await config.executeMiddleware()
       expect(config.next).toHaveBeenCalled()
@@ -154,7 +154,7 @@ describe("Authorization middleware", () => {
           _id: ""
         },
       })
-      config.setMiddlewareRequiredPermission(permissions.PermissionType.ADMIN, permissions.PermissionLevel.BASIC)
+      config.setMiddlewareRequiredPermission(PermissionType.ADMIN, PermissionLevel.BASIC)
       
       await config.executeMiddleware()
       expect(config.throw).toHaveBeenCalledWith(403, "User does not have permission")

packages/server/src/migrations/functions/backfill/global/users.ts

@@ -1,4 +1,8 @@
-import { events, db as dbUtils } from "@budibase/backend-core"
+import {
+  events,
+  db as dbUtils,
+  users as usersCore,
+} from "@budibase/backend-core"
 import { User, CloudAccount } from "@budibase/types"
 import { DEFAULT_TIMESTAMP } from ".."
 
@@ -30,11 +34,11 @@ export const backfill = async (
     await events.identification.identifyUser(user, account, timestamp)
     await events.user.created(user, timestamp)
 
-    if (user.admin?.global) {
+    if (usersCore.hasAdminPermissions(user)) {
       await events.user.permissionAdminAssigned(user, timestamp)
     }
 
-    if (user.builder?.global) {
+    if (usersCore.hasBuilderPermissions(user)) {
       await events.user.permissionBuilderAssigned(user, timestamp)
     }
 

packages/server/src/sdk/app/applications/applications.ts

@@ -0,0 +1,50 @@
+import { AppStatus } from "../../../db/utils"
+import { App, ContextUser } from "@budibase/types"
+import { getLocksById } from "../../../utilities/redis"
+import { enrichApps } from "../../users/sessions"
+import { checkAppMetadata } from "../../../automations/logging"
+import { db as dbCore, users } from "@budibase/backend-core"
+
+export function filterAppList(user: ContextUser, apps: App[]) {
+  let appList: string[] = []
+  const roleApps = Object.keys(user.roles || {})
+  if (users.hasAppBuilderPermissions(user)) {
+    appList = user.builder?.apps || []
+    appList = appList.concat(roleApps)
+  } else if (!users.isAdminOrBuilder(user)) {
+    appList = roleApps
+  } else {
+    return apps
+  }
+  return apps.filter(app => appList.includes(dbCore.getProdAppID(app.appId)))
+}
+
+export async function fetch(status: AppStatus, user: ContextUser) {
+  const dev = status === AppStatus.DEV
+  const all = status === AppStatus.ALL
+  let apps = (await dbCore.getAllApps({ dev, all })) as App[]
+  apps = filterAppList(user, apps)
+
+  const appIds = apps
+    .filter((app: any) => app.status === "development")
+    .map((app: any) => app.appId)
+
+  // get the locks for all the dev apps
+  if (dev || all) {
+    const locks = await getLocksById(appIds)
+    for (let app of apps) {
+      const lock = locks[app.appId]
+      if (lock) {
+        app.lockedBy = lock
+      } else {
+        // make sure its definitely not present
+        delete app.lockedBy
+      }
+    }
+  }
+
+  // Enrich apps with all builder user sessions
+  const enrichedApps = await enrichApps(apps)
+
+  return await checkAppMetadata(enrichedApps)
+}

packages/server/src/sdk/app/applications/index.ts

@@ -1,7 +1,9 @@
 import * as sync from "./sync"
 import * as utils from "./utils"
+import * as applications from "./applications"
 
 export default {
   ...sync,
   ...utils,
+  ...applications,
 }

packages/server/src/utilities/global.ts

@@ -5,6 +5,7 @@ import {
   cache,
   tenancy,
   context,
+  users,
 } from "@budibase/backend-core"
 import env from "../environment"
 import { groups } from "@budibase/pro"
@@ -22,8 +23,7 @@ export function updateAppRole(
   }
   // if in an multi-tenancy environment make sure roles are never updated
   if (env.MULTI_TENANCY && appId && !tenancy.isUserInAppTenant(appId, user)) {
-    delete user.builder
+    user = users.removePortalUserPermissions(user)
-    delete user.admin
     user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
     return user
   }
@@ -32,7 +32,7 @@ export function updateAppRole(
     user.roleId = user.roles[dbCore.getProdAppID(appId)]
   }
   // if a role wasn't found then either set as admin (builder) or public (everyone else)
-  if (!user.roleId && user.builder && user.builder.global) {
+  if (!user.roleId && users.isBuilder(user, appId)) {
     user.roleId = roles.BUILTIN_ROLE_IDS.ADMIN
   } else if (!user.roleId && !user?.userGroups?.length) {
     user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC

packages/shared-core/src/index.ts

@@ -2,3 +2,4 @@ export * from "./constants"
 export * as dataFilters from "./filters"
 export * as helpers from "./helpers"
 export * as utils from "./utils"
+export * as sdk from "./sdk"

packages/shared-core/src/sdk/documents/applications.ts

@@ -0,0 +1,35 @@
+import { DocumentType, prefixed } from "@budibase/types"
+
+const APP_PREFIX = prefixed(DocumentType.APP)
+const APP_DEV_PREFIX = prefixed(DocumentType.APP_DEV)
+
+export function getDevAppID(appId: string) {
+  if (!appId) {
+    throw new Error("No app ID provided")
+  }
+  if (appId.startsWith(APP_DEV_PREFIX)) {
+    return appId
+  }
+  // split to take off the app_ element, then join it together incase any other app_ exist
+  const split = appId.split(APP_PREFIX)
+  split.shift()
+  const rest = split.join(APP_PREFIX)
+  return `${APP_DEV_PREFIX}${rest}`
+}
+
+/**
+ * Convert a development app ID to a deployed app ID.
+ */
+export function getProdAppID(appId: string) {
+  if (!appId) {
+    throw new Error("No app ID provided")
+  }
+  if (!appId.startsWith(APP_DEV_PREFIX)) {
+    return appId
+  }
+  // split to take off the app_dev element, then join it together incase any other app_ exist
+  const split = appId.split(APP_DEV_PREFIX)
+  split.shift()
+  const rest = split.join(APP_DEV_PREFIX)
+  return `${APP_PREFIX}${rest}`
+}

packages/shared-core/src/sdk/documents/index.ts

@@ -0,0 +1,2 @@
+export * as applications from "./applications"
+export * as users from "./users"

packages/shared-core/src/sdk/documents/users.ts

@@ -0,0 +1,62 @@
+import { ContextUser, User } from "@budibase/types"
+import { getProdAppID } from "./applications"
+
+// checks if a user is specifically a builder, given an app ID
+export function isBuilder(user: User | ContextUser, appId?: string): boolean {
+  if (!user) {
+    return false
+  }
+  if (user.builder?.global) {
+    return true
+  } else if (appId && user.builder?.apps?.includes(getProdAppID(appId))) {
+    return true
+  }
+  return false
+}
+
+export function isGlobalBuilder(user: User | ContextUser): boolean {
+  return (isBuilder(user) && !hasAppBuilderPermissions(user)) || isAdmin(user)
+}
+
+// alias for hasAdminPermission, currently do the same thing
+// in future whether someone has admin permissions and whether they are
+// an admin for a specific resource could be separated
+export function isAdmin(user: User | ContextUser): boolean {
+  if (!user) {
+    return false
+  }
+  return hasAdminPermissions(user)
+}
+
+export function isAdminOrBuilder(
+  user: User | ContextUser,
+  appId?: string
+): boolean {
+  return isBuilder(user, appId) || isAdmin(user)
+}
+
+// check if they are a builder within an app (not necessarily a global builder)
+export function hasAppBuilderPermissions(user?: User | ContextUser): boolean {
+  if (!user) {
+    return false
+  }
+  const appLength = user.builder?.apps?.length
+  const isGlobalBuilder = !!user.builder?.global
+  return !isGlobalBuilder && appLength != null && appLength > 0
+}
+
+// checks if a user is capable of building any app
+export function hasBuilderPermissions(user?: User | ContextUser): boolean {
+  if (!user) {
+    return false
+  }
+  return user.builder?.global || hasAppBuilderPermissions(user)
+}
+
+// checks if a user is capable of being an admin
+export function hasAdminPermissions(user?: User | ContextUser): boolean {
+  if (!user) {
+    return false
+  }
+  return !!user.admin?.global
+}

packages/shared-core/src/sdk/index.ts

@@ -0,0 +1 @@
+export * from "./documents"

packages/types/src/core/index.ts

@@ -0,0 +1 @@
+export * from "./installation"

packages/types/src/core/installation.ts

@@ -0,0 +1,4 @@
+export enum ServiceType {
+  WORKER = "worker",
+  APPS = "apps",
+}

packages/types/src/documents/document.ts

@@ -1,3 +1,44 @@
+export const SEPARATOR = "_"
+export const UNICODE_MAX = "\ufff0"
+
+export const prefixed = (type: DocumentType) => `${type}${SEPARATOR}`
+
+export enum DocumentType {
+  USER = "us",
+  GROUP = "gr",
+  WORKSPACE = "workspace",
+  CONFIG = "config",
+  TEMPLATE = "template",
+  APP = "app",
+  DEV = "dev",
+  APP_DEV = "app_dev",
+  APP_METADATA = "app_metadata",
+  ROLE = "role",
+  MIGRATIONS = "migrations",
+  DEV_INFO = "devinfo",
+  AUTOMATION_LOG = "log_au",
+  ACCOUNT_METADATA = "acc_metadata",
+  PLUGIN = "plg",
+  DATASOURCE = "datasource",
+  DATASOURCE_PLUS = "datasource_plus",
+  APP_BACKUP = "backup",
+  TABLE = "ta",
+  ROW = "ro",
+  AUTOMATION = "au",
+  LINK = "li",
+  WEBHOOK = "wh",
+  INSTANCE = "inst",
+  LAYOUT = "layout",
+  SCREEN = "screen",
+  QUERY = "query",
+  DEPLOYMENTS = "deployments",
+  METADATA = "metadata",
+  MEM_VIEW = "view",
+  USER_FLAG = "flag",
+  AUTOMATION_METADATA = "meta_au",
+  AUDIT_LOG = "al",
+}
+
 export interface Document {
   _id?: string
   _rev?: string

packages/types/src/documents/global/user.ts

@@ -42,7 +42,8 @@ export interface User extends Document {
   forceResetPassword?: boolean
   roles: UserRoles
   builder?: {
-    global: boolean
+    global?: boolean
+    apps?: string[]
   }
   admin?: {
     global: boolean
@@ -69,7 +70,8 @@ export interface UserRoles {
 
 export interface BuilderUser extends User {
   builder: {
-    global: boolean
+    global?: boolean
+    apps?: string[]
   }
 }
 
@@ -82,6 +84,12 @@ export interface AdminUser extends User {
   }
 }
 
+export interface AdminOnlyUser extends User {
+  admin: {
+    global: boolean
+  }
+}
+
 export function isUser(user: object): user is User {
   return !!(user as User).roles
 }

packages/types/src/index.ts

@@ -1,4 +1,5 @@
 export * from "./documents"
 export * from "./sdk"
 export * from "./api"
+export * from "./core"
 export * from "./shared"

packages/types/src/sdk/index.ts

@@ -18,3 +18,4 @@ export * from "./sso"
 export * from "./user"
 export * from "./cli"
 export * from "./websocket"
+export * from "./permissions"

packages/types/src/sdk/koa.ts

@@ -38,6 +38,7 @@ export interface Ctx<RequestBody = any, ResponseBody = any> extends Context {
 export interface UserCtx<RequestBody = any, ResponseBody = any>
   extends Ctx<RequestBody, ResponseBody> {
   user: ContextUser
+  roleId?: string
 }
 
 /**

packages/types/src/sdk/licensing/feature.ts

@@ -9,6 +9,7 @@ export enum Feature {
   BRANDING = "branding",
   SCIM = "scim",
   SYNC_AUTOMATIONS = "syncAutomations",
+  APP_BUILDERS = "appBuilders",
   OFFLINE = "offline",
 }
 

packages/types/src/sdk/permissions.ts

@@ -0,0 +1,19 @@
+export enum PermissionLevel {
+  READ = "read",
+  WRITE = "write",
+  EXECUTE = "execute",
+  ADMIN = "admin",
+}
+
+// these are the global types, that govern the underlying default behaviour
+export enum PermissionType {
+  APP = "app",
+  TABLE = "table",
+  USER = "user",
+  AUTOMATION = "automation",
+  WEBHOOK = "webhook",
+  BUILDER = "builder",
+  GLOBAL_BUILDER = "globalBuilder",
+  VIEW = "view",
+  QUERY = "query",
+}

packages/worker/src/api/controllers/global/auth.ts

@@ -55,8 +55,8 @@ async function passportCallback(
 export const login = async (ctx: Ctx<LoginRequest>, next: any) => {
   const email = ctx.request.body.username
 
-  const user = await userSdk.getUserByEmail(email)
+  const user = await userSdk.db.getUserByEmail(email)
-  if (user && (await userSdk.isPreventPasswordActions(user))) {
+  if (user && (await userSdk.db.isPreventPasswordActions(user))) {
     ctx.throw(403, "Invalid credentials")
   }
 
@@ -174,7 +174,7 @@ export const googlePreAuth = async (ctx: any, next: any) => {
   const strategy = await google.strategyFactory(
     config,
     callbackUrl,
-    userSdk.save
+    userSdk.db.save
   )
 
   return passport.authenticate(strategy, {
@@ -193,7 +193,7 @@ export const googleCallback = async (ctx: any, next: any) => {
   const strategy = await google.strategyFactory(
     config,
     callbackUrl,
-    userSdk.save
+    userSdk.db.save
   )
 
   return passport.authenticate(
@@ -228,7 +228,7 @@ export const oidcStrategyFactory = async (ctx: any, configId: any) => {
 
   //Remote Config
   const enrichedConfig = await oidc.fetchStrategyConfig(config, callbackUrl)
-  return oidc.strategyFactory(enrichedConfig, userSdk.save)
+  return oidc.strategyFactory(enrichedConfig, userSdk.db.save)
 }
 
 /**

packages/worker/src/api/controllers/global/roles.ts

@@ -5,10 +5,10 @@ import {
   cache,
   tenancy,
 } from "@budibase/backend-core"
-import { BBContext, App } from "@budibase/types"
+import sdk from "../../../sdk"
-import { allUsers } from "../../../sdk/users"
+import { Ctx, App } from "@budibase/types"
 
-export async function fetch(ctx: BBContext) {
+export async function fetch(ctx: Ctx) {
   const tenantId = ctx.user!.tenantId
   // always use the dev apps as they'll be most up to date (true)
   const apps = (await dbCore.getAllApps({ tenantId, all: true })) as App[]
@@ -31,7 +31,7 @@ export async function fetch(ctx: BBContext) {
   ctx.body = response
 }
 
-export async function find(ctx: BBContext) {
+export async function find(ctx: Ctx) {
   const appId = ctx.params.appId
   await context.doInAppContext(dbCore.getDevAppID(appId), async () => {
     const db = context.getAppDB()
@@ -45,10 +45,10 @@ export async function find(ctx: BBContext) {
   })
 }
 
-export async function removeAppRole(ctx: BBContext) {
+export async function removeAppRole(ctx: Ctx) {
   const { appId } = ctx.params
   const db = tenancy.getGlobalDB()
-  const users = await allUsers()
+  const users = await sdk.users.db.allUsers()
   const bulk = []
   const cacheInvalidations = []
   for (let user of users) {

packages/worker/src/api/controllers/global/self.ts

@@ -91,7 +91,7 @@ export async function getSelf(ctx: any) {
   }
 
   // get the main body of the user
-  const user = await userSdk.getUser(userId)
+  const user = await userSdk.db.getUser(userId)
   ctx.body = await groups.enrichUserRolesFromGroups(user)
 
   // add the feature flags for this tenant
@@ -106,12 +106,12 @@ export async function updateSelf(
 ) {
   const update = ctx.request.body
 
-  let user = await userSdk.getUser(ctx.user._id!)
+  let user = await userSdk.db.getUser(ctx.user._id!)
   user = {
     ...user,
     ...update,
   }
-  user = await userSdk.save(user, { requirePassword: false })
+  user = await userSdk.db.save(user, { requirePassword: false })
 
   if (update.password) {
     // Log all other sessions out apart from the current one

packages/worker/src/api/controllers/global/users.ts

@@ -41,7 +41,7 @@ export const save = async (ctx: UserCtx<User, SaveUserResponse>) => {
     const currentUserId = ctx.user?._id
     const requestUser = ctx.request.body
 
-    const user = await userSdk.save(requestUser, { currentUserId })
+    const user = await userSdk.db.save(requestUser, { currentUserId })
 
     ctx.body = {
       _id: user._id!,
@@ -57,7 +57,7 @@ const bulkDelete = async (userIds: string[], currentUserId: string) => {
   if (userIds?.indexOf(currentUserId) !== -1) {
     throw new Error("Unable to delete self.")
   }
-  return await userSdk.bulkDelete(userIds)
+  return await userSdk.db.bulkDelete(userIds)
 }
 
 const bulkCreate = async (users: User[], groupIds: string[]) => {
@@ -66,7 +66,7 @@ const bulkCreate = async (users: User[], groupIds: string[]) => {
       "Max limit for upload is 1000 users. Please reduce file size and try again."
     )
   }
-  return await userSdk.bulkCreate(users, groupIds)
+  return await userSdk.db.bulkCreate(users, groupIds)
 }
 
 export const bulkUpdate = async (
@@ -141,7 +141,7 @@ export const adminUser = async (
       // always bust checklist beforehand, if an error occurs but can proceed, don't get
       // stuck in a cycle
       await cache.bustCache(cache.CacheKey.CHECKLIST)
-      const finalUser = await userSdk.save(user, {
+      const finalUser = await userSdk.db.save(user, {
         hashPassword,
         requirePassword,
       })
@@ -167,7 +167,7 @@ export const adminUser = async (
 export const countByApp = async (ctx: any) => {
   const appId = ctx.params.appId
   try {
-    ctx.body = await userSdk.countUsersByApp(appId)
+    ctx.body = await userSdk.db.countUsersByApp(appId)
   } catch (err: any) {
     ctx.throw(err.status || 400, err)
   }
@@ -179,7 +179,7 @@ export const destroy = async (ctx: any) => {
     ctx.throw(400, "Unable to delete self.")
   }
 
-  await userSdk.destroy(id)
+  await userSdk.db.destroy(id)
 
   ctx.body = {
     message: `User ${id} deleted.`,
@@ -188,7 +188,7 @@ export const destroy = async (ctx: any) => {
 
 export const getAppUsers = async (ctx: Ctx<SearchUsersRequest>) => {
   const body = ctx.request.body
-  const users = await userSdk.getUsersByAppAccess(body?.appId)
+  const users = await userSdk.db.getUsersByAppAccess(body?.appId)
 
   ctx.body = { data: users }
 }
@@ -212,7 +212,7 @@ export const search = async (ctx: Ctx<SearchUsersRequest>) => {
 
 // called internally by app server user fetch
 export const fetch = async (ctx: any) => {
-  const all = await userSdk.allUsers()
+  const all = await userSdk.db.allUsers()
   // user hashed password shouldn't ever be returned
   for (let user of all) {
     if (user) {
@@ -224,12 +224,12 @@ export const fetch = async (ctx: any) => {
 
 // called internally by app server user find
 export const find = async (ctx: any) => {
-  ctx.body = await userSdk.getUser(ctx.params.id)
+  ctx.body = await userSdk.db.getUser(ctx.params.id)
 }
 
 export const tenantUserLookup = async (ctx: any) => {
   const id = ctx.params.id
-  const user = await userSdk.getPlatformUser(id)
+  const user = await userSdk.core.getPlatformUser(id)
   if (user) {
     ctx.body = user
   } else {
@@ -252,7 +252,7 @@ export const onboardUsers = async (ctx: Ctx<InviteUsersRequest>) => {
     // @ts-ignore
     const { users, groups, roles } = request.create
     const assignUsers = users.map((user: User) => (user.roles = roles))
-    onboardingResponse = await userSdk.bulkCreate(assignUsers, groups)
+    onboardingResponse = await userSdk.db.bulkCreate(assignUsers, groups)
     ctx.body = onboardingResponse
   } else if (emailConfigured) {
     onboardingResponse = await inviteMultiple(ctx)
@@ -277,7 +277,7 @@ export const onboardUsers = async (ctx: Ctx<InviteUsersRequest>) => {
         tenantId: tenancy.getTenantId(),
       }
     })
-    let bulkCreateReponse = await userSdk.bulkCreate(users, [])
+    let bulkCreateReponse = await userSdk.db.bulkCreate(users, [])
 
     // Apply temporary credentials
     let createWithCredentials = {
@@ -410,7 +410,7 @@ export const inviteAccept = async (
         ...info,
       }
 
-      const saved = await userSdk.save(request)
+      const saved = await userSdk.db.save(request)
       const db = tenancy.getGlobalDB()
       const user = await db.get<User>(saved._id)
       await events.user.inviteAccepted(user)

packages/worker/src/api/routes/global/tests/appBuilder.spec.ts

@@ -0,0 +1,62 @@
+import { TestConfiguration, structures } from "../../../../tests"
+import { mocks } from "@budibase/backend-core/tests"
+import { User } from "@budibase/types"
+
+const MOCK_APP_ID = "app_a"
+
+describe("/api/global/users/:userId/app/builder", () => {
+  const config = new TestConfiguration()
+
+  beforeAll(async () => {
+    await config.beforeAll()
+  })
+
+  afterAll(async () => {
+    await config.afterAll()
+  })
+
+  async function newUser() {
+    const base = structures.users.user()
+    return await config.createUser(base)
+  }
+
+  async function getUser(userId: string) {
+    const response = await config.api.users.getUser(userId)
+    return response.body as User
+  }
+
+  describe("Confirm pro license", () => {
+    it("should 400 with licensing", async () => {
+      const user = await newUser()
+      const resp = await config.api.users.grantBuilderToApp(
+        user._id!,
+        MOCK_APP_ID,
+        400
+      )
+      expect(resp.body.message).toContain("Feature not enabled")
+    })
+  })
+
+  describe("PATCH /api/global/users/:userId/app/:appId/builder", () => {
+    it("should be able to grant a user access to a particular app", async () => {
+      mocks.licenses.useAppBuilders()
+      const user = await newUser()
+      await config.api.users.grantBuilderToApp(user._id!, MOCK_APP_ID)
+      const updated = await getUser(user._id!)
+      expect(updated.builder?.apps![0]).toBe(MOCK_APP_ID)
+    })
+  })
+
+  describe("DELETE /api/global/users/:userId/app/:appId/builder", () => {
+    it("should allow revoking access", async () => {
+      mocks.licenses.useAppBuilders()
+      const user = await newUser()
+      await config.api.users.grantBuilderToApp(user._id!, MOCK_APP_ID)
+      let updated = await getUser(user._id!)
+      expect(updated.builder?.apps![0]).toBe(MOCK_APP_ID)
+      await config.api.users.revokeBuilderFromApp(user._id!, MOCK_APP_ID)
+      updated = await getUser(user._id!)
+      expect(updated.builder?.apps!.length).toBe(0)
+    })
+  })
+})

packages/worker/src/api/routes/global/tests/auth.spec.ts

@@ -41,7 +41,7 @@ describe("/api/global/auth", () => {
 
   async function createSSOUser() {
     return config.doInTenant(async () => {
-      return userSdk.save(structures.users.ssoUser(), {
+      return userSdk.db.save(structures.users.ssoUser(), {
         requirePassword: false,
       })
     })
@@ -245,7 +245,7 @@ describe("/api/global/auth", () => {
             const ssoUser = user as SSOUser
             ssoUser.providerType = structures.sso.providerType()
             delete ssoUser.password
-            await config.doInTenant(() => userSdk.save(ssoUser))
+            await config.doInTenant(() => userSdk.db.save(ssoUser))
 
             await testSSOUser(code!)
           })

packages/worker/src/api/routes/global/tests/users.spec.ts

@@ -480,7 +480,7 @@ describe("/api/global/users", () => {
       function createSSOUser() {
         return config.doInTenant(() => {
           const user = structures.users.ssoUser()
-          return userSdk.save(user, { requirePassword: false })
+          return userSdk.db.save(user, { requirePassword: false })
         })
       }
 

packages/worker/src/api/routes/index.ts

@@ -23,6 +23,7 @@ import env from "../../environment"
 export const routes: Router[] = [
   configRoutes,
   userRoutes,
+  pro.users,
   workspaceRoutes,
   authRoutes,
   templateRoutes,

packages/worker/src/environment.ts

@@ -1,4 +1,8 @@
-const { join } = require("path")
+import { env as coreEnv } from "@budibase/backend-core"
+import { ServiceType } from "@budibase/types"
+import { join } from "path"
+
+coreEnv._set("SERVICE_TYPE", ServiceType.WORKER)
 
 function isDev() {
   return process.env.NODE_ENV !== "production"

packages/worker/src/initPro.ts

@@ -2,12 +2,5 @@ import { sdk as proSdk } from "@budibase/pro"
 import * as userSdk from "./sdk/users"
 
 export const initPro = async () => {
-  await proSdk.init({
+  await proSdk.init({})
-    scimUserServiceConfig: {
-      functions: {
-        saveUser: userSdk.save,
-        removeUser: (id: string) => userSdk.destroy(id),
-      },
-    },
-  })
 }

packages/worker/src/migrations/functions/globalInfoSyncUsers.ts

@@ -10,7 +10,7 @@ import { platform } from "@budibase/backend-core"
  * Re-sync the global-db users to the global-info db users
  */
 export const run = async (globalDb: any) => {
-  const users = (await usersSdk.allUsers()) as User[]
+  const users = (await usersSdk.db.allUsers()) as User[]
   const promises = []
   for (let user of users) {
     promises.push(

packages/worker/src/sdk/auth/auth.ts

@@ -1,11 +1,11 @@
 import {
   auth as authCore,
-  tenancy,
+  env as coreEnv,
-  utils as coreUtils,
-  sessions,
   events,
   HTTPError,
-  env as coreEnv,
+  sessions,
+  tenancy,
+  utils as coreUtils,
 } from "@budibase/backend-core"
 import { PlatformLogoutOpts, User } from "@budibase/types"
 import jwt from "jsonwebtoken"
@@ -20,7 +20,7 @@ export async function loginUser(user: User) {
   const sessionId = coreUtils.newid()
   const tenantId = tenancy.getTenantId()
   await sessions.createASession(user._id!, { sessionId, tenantId })
-  const token = jwt.sign(
+  return jwt.sign(
     {
       userId: user._id,
       sessionId,
@@ -28,7 +28,6 @@ export async function loginUser(user: User) {
     },
     coreEnv.JWT_SECRET!
   )
-  return token
 }
 
 export async function logout(opts: PlatformLogoutOpts) {
@@ -58,7 +57,7 @@ export const reset = async (email: string) => {
   }
 
   // exit if user has sso
-  if (await userSdk.isPreventPasswordActions(user)) {
+  if (await userSdk.db.isPreventPasswordActions(user)) {
     return
   }
 
@@ -76,9 +75,9 @@ export const reset = async (email: string) => {
 export const resetUpdate = async (resetCode: string, password: string) => {
   const { userId } = await redis.checkResetPasswordCode(resetCode)
 
-  let user = await userSdk.getUser(userId)
+  let user = await userSdk.db.getUser(userId)
   user.password = password
-  user = await userSdk.save(user)
+  user = await userSdk.db.save(user)
 
   // remove password from the user before sending events
   delete user.password

packages/worker/src/sdk/users/index.ts

@@ -1,2 +1,7 @@
 export * from "./users"
+import { users } from "@budibase/backend-core"
+import * as pro from "@budibase/pro"
+// pass in the components which are specific to the worker/the parts of pro which backend-core cannot access
+users.UserDB.init(pro.quotas, pro.groups, pro.features)
+export const db = users.UserDB
 export { users as core } from "@budibase/backend-core"

packages/worker/src/sdk/users/tests/users.spec.ts

@@ -1,8 +1,8 @@
 import { structures, mocks } from "../../../tests"
 import { env, context } from "@budibase/backend-core"
 import * as users from "../users"
+import { db as userDb } from "../"
 import { CloudAccount } from "@budibase/types"
-import { isPreventPasswordActions } from "../users"
 
 describe("users", () => {
   beforeEach(() => {
@@ -13,7 +13,7 @@ describe("users", () => {
     it("returns false for non sso user", async () => {
       await context.doInTenant(structures.tenant.id(), async () => {
         const user = structures.users.user()
-        const result = await users.isPreventPasswordActions(user)
+        const result = await userDb.isPreventPasswordActions(user)
         expect(result).toBe(false)
       })
     })
@@ -24,7 +24,7 @@ describe("users", () => {
         const account = structures.accounts.ssoAccount() as CloudAccount
         account.email = user.email
         mocks.accounts.getAccountByTenantId.mockResolvedValueOnce(account)
-        const result = await users.isPreventPasswordActions(user)
+        const result = await userDb.isPreventPasswordActions(user)
         expect(result).toBe(true)
       })
     })
@@ -34,7 +34,7 @@ describe("users", () => {
         const user = structures.users.user()
         const account = structures.accounts.ssoAccount() as CloudAccount
         mocks.accounts.getAccountByTenantId.mockResolvedValueOnce(account)
-        const result = await users.isPreventPasswordActions(user)
+        const result = await userDb.isPreventPasswordActions(user)
         expect(result).toBe(false)
       })
     })
@@ -42,7 +42,7 @@ describe("users", () => {
     it("returns true for sso user", async () => {
       await context.doInTenant(structures.tenant.id(), async () => {
         const user = structures.users.ssoUser()
-        const result = await users.isPreventPasswordActions(user)
+        const result = await userDb.isPreventPasswordActions(user)
         expect(result).toBe(true)
       })
     })
@@ -52,7 +52,7 @@ describe("users", () => {
         await context.doInTenant(structures.tenant.id(), async () => {
           const user = structures.users.user()
           mocks.pro.features.isSSOEnforced.mockResolvedValueOnce(true)
-          const result = await users.isPreventPasswordActions(user)
+          const result = await userDb.isPreventPasswordActions(user)
           expect(result).toBe(true)
         })
       })
@@ -70,7 +70,7 @@ describe("users", () => {
       describe("non-admin user", () => {
         it("returns true", async () => {
           const user = structures.users.ssoUser()
-          const result = await users.isPreventPasswordActions(user)
+          const result = await userDb.isPreventPasswordActions(user)
           expect(result).toBe(true)
         })
       })
@@ -80,7 +80,7 @@ describe("users", () => {
           const user = structures.users.ssoUser({
             user: structures.users.adminUser(),
           })
-          const result = await users.isPreventPasswordActions(user)
+          const result = await userDb.isPreventPasswordActions(user)
           expect(result).toBe(false)
         })
       })

packages/worker/src/sdk/users/users.ts

@@ -1,602 +1,19 @@
-import env from "../../environment"
+import { events, tenancy, users as usersCore } from "@budibase/backend-core"
-import * as eventHelpers from "./events"
+import { InviteUsersRequest, InviteUsersResponse } from "@budibase/types"
-import {
-  accounts,
-  cache,
-  constants,
-  db as dbUtils,
-  events,
-  HTTPError,
-  sessions,
-  tenancy,
-  platform,
-  users as usersCore,
-  utils,
-  ViewName,
-  env as coreEnv,
-  context,
-  EmailUnavailableError,
-} from "@budibase/backend-core"
-import {
-  AccountMetadata,
-  AllDocsResponse,
-  CloudAccount,
-  InviteUsersRequest,
-  InviteUsersResponse,
-  isSSOAccount,
-  isSSOUser,
-  PlatformUser,
-  PlatformUserByEmail,
-  RowResponse,
-  User,
-  SaveUserOpts,
-  BulkUserCreated,
-  BulkUserDeleted,
-  Account,
-} from "@budibase/types"
 import { sendEmail } from "../../utilities/email"
 import { EmailTemplatePurpose } from "../../constants"
-import * as pro from "@budibase/pro"
-import * as accountSdk from "../accounts"
 
-export const allUsers = async () => {
+export async function invite(
-  const db = tenancy.getGlobalDB()
-  const response = await db.allDocs(
-    dbUtils.getGlobalUserParams(null, {
-      include_docs: true,
-    })
-  )
-  return response.rows.map((row: any) => row.doc)
-}
-
-export const countUsersByApp = async (appId: string) => {
-  let response: any = await usersCore.searchGlobalUsersByApp(appId, {})
-  return {
-    userCount: response.length,
-  }
-}
-
-export const getUsersByAppAccess = async (appId?: string) => {
-  const opts: any = {
-    include_docs: true,
-    limit: 50,
-  }
-  let response: User[] = await usersCore.searchGlobalUsersByAppAccess(
-    appId,
-    opts
-  )
-  return response
-}
-
-export async function getUserByEmail(email: string) {
-  return usersCore.getGlobalUserByEmail(email)
-}
-
-/**
- * Gets a user by ID from the global database, based on the current tenancy.
- */
-export const getUser = async (userId: string) => {
-  const user = await usersCore.getById(userId)
-  if (user) {
-    delete user.password
-  }
-  return user
-}
-
-const buildUser = async (
-  user: User,
-  opts: SaveUserOpts = {
-    hashPassword: true,
-    requirePassword: true,
-  },
-  tenantId: string,
-  dbUser?: any,
-  account?: Account
-): Promise<User> => {
-  let { password, _id } = user
-
-  // don't require a password if the db user doesn't already have one
-  if (dbUser && !dbUser.password) {
-    opts.requirePassword = false
-  }
-
-  let hashedPassword
-  if (password) {
-    if (await isPreventPasswordActions(user, account)) {
-      throw new HTTPError("Password change is disabled for this user", 400)
-    }
-    hashedPassword = opts.hashPassword ? await utils.hash(password) : password
-  } else if (dbUser) {
-    hashedPassword = dbUser.password
-  }
-
-  // passwords are never required if sso is enforced
-  const requirePasswords =
-    opts.requirePassword && !(await pro.features.isSSOEnforced())
-  if (!hashedPassword && requirePasswords) {
-    throw "Password must be specified."
-  }
-
-  _id = _id || dbUtils.generateGlobalUserID()
-
-  const fullUser = {
-    createdAt: Date.now(),
-    ...dbUser,
-    ...user,
-    _id,
-    password: hashedPassword,
-    tenantId,
-  }
-  // make sure the roles object is always present
-  if (!fullUser.roles) {
-    fullUser.roles = {}
-  }
-  // add the active status to a user if its not provided
-  if (fullUser.status == null) {
-    fullUser.status = constants.UserStatus.ACTIVE
-  }
-
-  return fullUser
-}
-
-// lookup, could be email or userId, either will return a doc
-export const getPlatformUser = async (
-  identifier: string
-): Promise<PlatformUser | null> => {
-  // use the view here and allow to find anyone regardless of casing
-  // Use lowercase to ensure email login is case insensitive
-  const response = dbUtils.queryPlatformView(
-    ViewName.PLATFORM_USERS_LOWERCASE,
-    {
-      keys: [identifier.toLowerCase()],
-      include_docs: true,
-    }
-  ) as Promise<PlatformUser>
-  return response
-}
-
-const validateUniqueUser = async (email: string, tenantId: string) => {
-  // check budibase users in other tenants
-  if (env.MULTI_TENANCY) {
-    const tenantUser = await getPlatformUser(email)
-    if (tenantUser != null && tenantUser.tenantId !== tenantId) {
-      throw new EmailUnavailableError(email)
-    }
-  }
-
-  // check root account users in account portal
-  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
-    const account = await accounts.getAccount(email)
-    if (account && account.verified && account.tenantId !== tenantId) {
-      throw new EmailUnavailableError(email)
-    }
-  }
-}
-
-export async function isPreventPasswordActions(user: User, account?: Account) {
-  // when in maintenance mode we allow sso users with the admin role
-  // to perform any password action - this prevents lockout
-  if (coreEnv.ENABLE_SSO_MAINTENANCE_MODE && user.admin?.global) {
-    return false
-  }
-
-  // SSO is enforced for all users
-  if (await pro.features.isSSOEnforced()) {
-    return true
-  }
-
-  // Check local sso
-  if (isSSOUser(user)) {
-    return true
-  }
-
-  // Check account sso
-  if (!account) {
-    account = await accountSdk.api.getAccountByTenantId(tenancy.getTenantId())
-  }
-  return !!(account && account.email === user.email && isSSOAccount(account))
-}
-
-// TODO: The single save should re-use the bulk insert with a single
-// user so that we don't need to duplicate logic
-export const save = async (
-  user: User,
-  opts: SaveUserOpts = {}
-): Promise<User> => {
-  // default booleans to true
-  if (opts.hashPassword == null) {
-    opts.hashPassword = true
-  }
-  if (opts.requirePassword == null) {
-    opts.requirePassword = true
-  }
-  const tenantId = tenancy.getTenantId()
-  const db = tenancy.getGlobalDB()
-
-  let { email, _id, userGroups = [], roles } = user
-
-  if (!email && !_id) {
-    throw new Error("_id or email is required")
-  }
-
-  let dbUser: User | undefined
-  if (_id) {
-    // try to get existing user from db
-    try {
-      dbUser = (await db.get(_id)) as User
-      if (email && dbUser.email !== email) {
-        throw "Email address cannot be changed"
-      }
-      email = dbUser.email
-    } catch (e: any) {
-      if (e.status === 404) {
-        // do nothing, save this new user with the id specified - required for SSO auth
-      } else {
-        throw e
-      }
-    }
-  }
-
-  if (!dbUser && email) {
-    // no id was specified - load from email instead
-    dbUser = await usersCore.getGlobalUserByEmail(email)
-    if (dbUser && dbUser._id !== _id) {
-      throw new EmailUnavailableError(email)
-    }
-  }
-
-  const change = dbUser ? 0 : 1 // no change if there is existing user
-  return pro.quotas.addUsers(change, async () => {
-    await validateUniqueUser(email, tenantId)
-
-    let builtUser = await buildUser(user, opts, tenantId, dbUser)
-    // don't allow a user to update its own roles/perms
-    if (opts.currentUserId && opts.currentUserId === dbUser?._id) {
-      builtUser.builder = dbUser.builder
-      builtUser.admin = dbUser.admin
-      builtUser.roles = dbUser.roles
-    }
-
-    if (!dbUser && roles?.length) {
-      builtUser.roles = { ...roles }
-    }
-
-    // make sure we set the _id field for a new user
-    // Also if this is a new user, associate groups with them
-    let groupPromises = []
-    if (!_id) {
-      _id = builtUser._id!
-
-      if (userGroups.length > 0) {
-        for (let groupId of userGroups) {
-          groupPromises.push(pro.groups.addUsers(groupId, [_id]))
-        }
-      }
-    }
-
-    try {
-      // save the user to db
-      let response = await db.put(builtUser)
-      builtUser._rev = response.rev
-
-      await eventHelpers.handleSaveEvents(builtUser, dbUser)
-      await platform.users.addUser(tenantId, builtUser._id!, builtUser.email)
-      await cache.user.invalidateUser(response.id)
-
-      await Promise.all(groupPromises)
-
-      // finally returned the saved user from the db
-      return db.get(builtUser._id!)
-    } catch (err: any) {
-      if (err.status === 409) {
-        throw "User exists already"
-      } else {
-        throw err
-      }
-    }
-  })
-}
-
-const getExistingTenantUsers = async (emails: string[]): Promise<User[]> => {
-  const lcEmails = emails.map(email => email.toLowerCase())
-  const params = {
-    keys: lcEmails,
-    include_docs: true,
-  }
-
-  const opts = {
-    arrayResponse: true,
-  }
-
-  return dbUtils.queryGlobalView(
-    ViewName.USER_BY_EMAIL,
-    params,
-    undefined,
-    opts
-  ) as Promise<User[]>
-}
-
-const getExistingPlatformUsers = async (
-  emails: string[]
-): Promise<PlatformUserByEmail[]> => {
-  const lcEmails = emails.map(email => email.toLowerCase())
-  const params = {
-    keys: lcEmails,
-    include_docs: true,
-  }
-
-  const opts = {
-    arrayResponse: true,
-  }
-  return dbUtils.queryPlatformView(
-    ViewName.PLATFORM_USERS_LOWERCASE,
-    params,
-    opts
-  ) as Promise<PlatformUserByEmail[]>
-}
-
-const getExistingAccounts = async (
-  emails: string[]
-): Promise<AccountMetadata[]> => {
-  const lcEmails = emails.map(email => email.toLowerCase())
-  const params = {
-    keys: lcEmails,
-    include_docs: true,
-  }
-
-  const opts = {
-    arrayResponse: true,
-  }
-
-  return dbUtils.queryPlatformView(
-    ViewName.ACCOUNT_BY_EMAIL,
-    params,
-    opts
-  ) as Promise<AccountMetadata[]>
-}
-
-/**
- * Apply a system-wide search on emails:
- * - in tenant
- * - cross tenant
- * - accounts
- * return an array of emails that match the supplied emails.
- */
-const searchExistingEmails = async (emails: string[]) => {
-  let matchedEmails: string[] = []
-
-  const existingTenantUsers = await getExistingTenantUsers(emails)
-  matchedEmails.push(...existingTenantUsers.map(user => user.email))
-
-  const existingPlatformUsers = await getExistingPlatformUsers(emails)
-  matchedEmails.push(...existingPlatformUsers.map(user => user._id!))
-
-  const existingAccounts = await getExistingAccounts(emails)
-  matchedEmails.push(...existingAccounts.map(account => account.email))
-
-  return [...new Set(matchedEmails.map(email => email.toLowerCase()))]
-}
-
-export const bulkCreate = async (
-  newUsersRequested: User[],
-  groups: string[]
-): Promise<BulkUserCreated> => {
-  const tenantId = tenancy.getTenantId()
-
-  let usersToSave: any[] = []
-  let newUsers: any[] = []
-
-  const emails = newUsersRequested.map((user: User) => user.email)
-  const existingEmails = await searchExistingEmails(emails)
-  const unsuccessful: { email: string; reason: string }[] = []
-
-  for (const newUser of newUsersRequested) {
-    if (
-      newUsers.find(
-        (x: User) => x.email.toLowerCase() === newUser.email.toLowerCase()
-      ) ||
-      existingEmails.includes(newUser.email.toLowerCase())
-    ) {
-      unsuccessful.push({
-        email: newUser.email,
-        reason: `Unavailable`,
-      })
-      continue
-    }
-    newUser.userGroups = groups
-    newUsers.push(newUser)
-  }
-
-  const account = await accountSdk.api.getAccountByTenantId(tenantId)
-  return pro.quotas.addUsers(newUsers.length, async () => {
-    // create the promises array that will be called by bulkDocs
-    newUsers.forEach((user: any) => {
-      usersToSave.push(
-        buildUser(
-          user,
-          {
-            hashPassword: true,
-            requirePassword: user.requirePassword,
-          },
-          tenantId,
-          undefined, // no dbUser
-          account
-        )
-      )
-    })
-
-    const usersToBulkSave = await Promise.all(usersToSave)
-    await usersCore.bulkUpdateGlobalUsers(usersToBulkSave)
-
-    // Post-processing of bulk added users, e.g. events and cache operations
-    for (const user of usersToBulkSave) {
-      // TODO: Refactor to bulk insert users into the info db
-      // instead of relying on looping tenant creation
-      await platform.users.addUser(tenantId, user._id, user.email)
-      await eventHelpers.handleSaveEvents(user, undefined)
-    }
-
-    const saved = usersToBulkSave.map(user => {
-      return {
-        _id: user._id,
-        email: user.email,
-      }
-    })
-
-    // now update the groups
-    if (Array.isArray(saved) && groups) {
-      const groupPromises = []
-      const createdUserIds = saved.map(user => user._id)
-      for (let groupId of groups) {
-        groupPromises.push(pro.groups.addUsers(groupId, createdUserIds))
-      }
-      await Promise.all(groupPromises)
-    }
-
-    return {
-      successful: saved,
-      unsuccessful,
-    }
-  })
-}
-
-/**
- * For the given user id's, return the account holder if it is in the ids.
- */
-const getAccountHolderFromUserIds = async (
-  userIds: string[]
-): Promise<CloudAccount | undefined> => {
-  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
-    const tenantId = tenancy.getTenantId()
-    const account = await accounts.getAccountByTenantId(tenantId)
-    if (!account) {
-      throw new Error(`Account not found for tenantId=${tenantId}`)
-    }
-
-    const budibaseUserId = account.budibaseUserId
-    if (userIds.includes(budibaseUserId)) {
-      return account
-    }
-  }
-}
-
-export const bulkDelete = async (
-  userIds: string[]
-): Promise<BulkUserDeleted> => {
-  const db = tenancy.getGlobalDB()
-
-  const response: BulkUserDeleted = {
-    successful: [],
-    unsuccessful: [],
-  }
-
-  // remove the account holder from the delete request if present
-  const account = await getAccountHolderFromUserIds(userIds)
-  if (account) {
-    userIds = userIds.filter(u => u !== account.budibaseUserId)
-    // mark user as unsuccessful
-    response.unsuccessful.push({
-      _id: account.budibaseUserId,
-      email: account.email,
-      reason: "Account holder cannot be deleted",
-    })
-  }
-
-  // Get users and delete
-  const allDocsResponse: AllDocsResponse<User> = await db.allDocs({
-    include_docs: true,
-    keys: userIds,
-  })
-  const usersToDelete: User[] = allDocsResponse.rows.map(
-    (user: RowResponse<User>) => {
-      return user.doc
-    }
-  )
-
-  // Delete from DB
-  const toDelete = usersToDelete.map(user => ({
-    ...user,
-    _deleted: true,
-  }))
-  const dbResponse = await usersCore.bulkUpdateGlobalUsers(toDelete)
-
-  await pro.quotas.removeUsers(toDelete.length)
-  for (let user of usersToDelete) {
-    await bulkDeleteProcessing(user)
-  }
-
-  // Build Response
-  // index users by id
-  const userIndex: { [key: string]: User } = {}
-  usersToDelete.reduce((prev, current) => {
-    prev[current._id!] = current
-    return prev
-  }, userIndex)
-
-  // add the successful and unsuccessful users to response
-  dbResponse.forEach(item => {
-    const email = userIndex[item.id].email
-    if (item.ok) {
-      response.successful.push({ _id: item.id, email })
-    } else {
-      response.unsuccessful.push({
-        _id: item.id,
-        email,
-        reason: "Database error",
-      })
-    }
-  })
-
-  return response
-}
-
-// TODO: The single delete should re-use the bulk delete with a single
-// user so that we don't need to duplicate logic
-export const destroy = async (id: string) => {
-  const db = tenancy.getGlobalDB()
-  const dbUser = (await db.get(id)) as User
-  const userId = dbUser._id as string
-
-  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
-    // root account holder can't be deleted from inside budibase
-    const email = dbUser.email
-    const account = await accounts.getAccount(email)
-    if (account) {
-      if (dbUser.userId === context.getIdentity()!._id) {
-        throw new HTTPError('Please visit "Account" to delete this user', 400)
-      } else {
-        throw new HTTPError("Account holder cannot be deleted", 400)
-      }
-    }
-  }
-
-  await platform.users.removeUser(dbUser)
-
-  await db.remove(userId, dbUser._rev)
-
-  await pro.quotas.removeUsers(1)
-  await eventHelpers.handleDeleteEvents(dbUser)
-  await cache.user.invalidateUser(userId)
-  await sessions.invalidateSessions(userId, { reason: "deletion" })
-}
-
-const bulkDeleteProcessing = async (dbUser: User) => {
-  const userId = dbUser._id as string
-  await platform.users.removeUser(dbUser)
-  await eventHelpers.handleDeleteEvents(dbUser)
-  await cache.user.invalidateUser(userId)
-  await sessions.invalidateSessions(userId, { reason: "bulk-deletion" })
-}
-
-export const invite = async (
   users: InviteUsersRequest
-): Promise<InviteUsersResponse> => {
+): Promise<InviteUsersResponse> {
   const response: InviteUsersResponse = {
     successful: [],
     unsuccessful: [],
   }
 
-  const matchedEmails = await searchExistingEmails(users.map(u => u.email))
+  const matchedEmails = await usersCore.searchExistingEmails(
+    users.map(u => u.email)
+  )
   const newUsers = []
 
   // separate duplicates from new users

packages/worker/src/tests/TestConfiguration.ts

@@ -251,9 +251,9 @@ class TestConfiguration {
     })
   }
 
-  async getUser(email: string): Promise<User | undefined> {
+  async getUser(email: string): Promise<User> {
-    return context.doInTenant(this.getTenantId(), () => {
+    return context.doInTenant(this.getTenantId(), async () => {
-      return users.getGlobalUserByEmail(email)
+      return (await users.getGlobalUserByEmail(email)) as User
     })
   }
 
@@ -263,7 +263,7 @@ class TestConfiguration {
     }
     const response = await this._req(user, null, controllers.users.save)
     const body = response as SaveUserResponse
-    return this.getUser(body.email) as Promise<User>
+    return (await this.getUser(body.email)) as User
   }
 
   // CONFIGS

packages/worker/src/tests/api/users.ts

@@ -140,4 +140,24 @@ export class UserAPI extends TestAPI {
       .expect("Content-Type", /json/)
       .expect(opts?.status ? opts.status : 200)
   }
+
+  grantBuilderToApp = (
+    userId: string,
+    appId: string,
+    statusCode: number = 200
+  ) => {
+    return this.request
+      .post(`/api/global/users/${userId}/app/${appId}/builder`)
+      .set(this.config.defaultHeaders())
+      .expect("Content-Type", /json/)
+      .expect(statusCode)
+  }
+
+  revokeBuilderFromApp = (userId: string, appId: string) => {
+    return this.request
+      .delete(`/api/global/users/${userId}/app/${appId}/builder`)
+      .set(this.config.defaultHeaders())
+      .expect("Content-Type", /json/)
+      .expect(200)
+  }
 }