Fixing a few issues with roles being correctly reverted.

2022-09-23 17:45:26 +01:00 · 2022-09-23 17:45:26 +01:00 · e0b6ef66ac
parent 6bef55843a
commit e0b6ef66ac
3 changed files with 8 additions and 10 deletions
--- a/packages/server/src/api/controllers/auth.ts
+++ b/packages/server/src/api/controllers/auth.ts
@ -23,13 +23,13 @@ export async function fetchSelf(ctx: any) {
    return
  }

+  const appId = context.getAppId()
  const user = await getFullUser(ctx, userId)
  // this shouldn't be returned by the app self
  delete user.roles
  // forward the csrf token from the session
  user.csrfToken = ctx.user.csrfToken

-  const appId = context.getAppId()
  if (appId) {
    const db = context.getAppDB()
    // check for group permissions
@ -41,14 +41,8 @@ export async function fetchSelf(ctx: any) {
    delete user.roles
    try {
      const userTable = await db.get(InternalTables.USER_METADATA)
-      const metadata = await db.get(userId)
-      // make sure there is never a stale csrf token
-      delete metadata.csrfToken
      // specifically needs to make sure is enriched
-      ctx.body = await outputProcessing(userTable, {
-        ...user,
-        ...metadata,
-      })
+      ctx.body = await outputProcessing(userTable, user)
    } catch (err: any) {
      let response
      // user didn't exist in app, don't pretend they do
--- a/packages/server/src/utilities/global.js
+++ b/packages/server/src/utilities/global.js
@ -75,8 +75,9 @@ exports.getRawGlobalUser = async userId => {
 }

 exports.getGlobalUser = async userId => {
+  const appId = getAppId()
  let user = await exports.getRawGlobalUser(userId)
-  return processUser(user)
+  return processUser(user, { appId })
 }

 exports.getGlobalUsers = async (users = null) => {
--- a/packages/server/src/utilities/users.js
+++ b/packages/server/src/utilities/users.js
@ -2,6 +2,7 @@ const { InternalTables } = require("../db/utils")
 const { getGlobalUser } = require("../utilities/global")
 const { getAppDB } = require("@budibase/backend-core/context")
 const { getProdAppID } = require("@budibase/backend-core/db")
+const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")

 exports.getFullUser = async (ctx, userId) => {
  const global = await getGlobalUser(userId)
@ -15,9 +16,11 @@ exports.getFullUser = async (ctx, userId) => {
    delete global._id
    delete global._rev
  }
+  delete metadata.csrfToken
  return {
-    ...global,
    ...metadata,
+    ...global,
+    roleId: global.roleId || BUILTIN_ROLE_IDS.PUBLIC,
    tableId: InternalTables.USER_METADATA,
    // make sure the ID is always a local ID, not a global one
    _id: userId,