Updating a few core endpoints to better integrate the groups system and make sure users always have the correct role ID updated onto them.
This commit is contained in:
parent
429a89159c
commit
e3f054470a
|
@ -78,7 +78,7 @@ function isBuiltin(role) {
|
||||||
*/
|
*/
|
||||||
exports.builtinRoleToNumber = id => {
|
exports.builtinRoleToNumber = id => {
|
||||||
const builtins = exports.getBuiltinRoles()
|
const builtins = exports.getBuiltinRoles()
|
||||||
const MAX = Object.values(BUILTIN_IDS).length + 1
|
const MAX = Object.values(builtins).length + 1
|
||||||
if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) {
|
if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) {
|
||||||
return MAX
|
return MAX
|
||||||
}
|
}
|
||||||
|
@ -94,6 +94,22 @@ exports.builtinRoleToNumber = id => {
|
||||||
return count
|
return count
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Converts any role to a number, but has to be async to get the roles from db.
|
||||||
|
*/
|
||||||
|
exports.roleToNumber = async id => {
|
||||||
|
if (exports.isBuiltin(id)) {
|
||||||
|
return exports.builtinRoleToNumber(id)
|
||||||
|
}
|
||||||
|
const hierarchy = await exports.getUserRoleHierarchy(id)
|
||||||
|
for (let role of hierarchy) {
|
||||||
|
if (isBuiltin(role.inherits)) {
|
||||||
|
return exports.builtinRoleToNumber(role.inherits) + 1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns whichever builtin roleID is lower.
|
* Returns whichever builtin roleID is lower.
|
||||||
*/
|
*/
|
||||||
|
@ -172,7 +188,7 @@ async function getAllUserRoles(userRoleId) {
|
||||||
* to determine if a user can access something that requires a specific role.
|
* to determine if a user can access something that requires a specific role.
|
||||||
* @param {string} userRoleId The user's role ID, this can be found in their access token.
|
* @param {string} userRoleId The user's role ID, this can be found in their access token.
|
||||||
* @param {object} opts Various options, such as whether to only retrieve the IDs (default true).
|
* @param {object} opts Various options, such as whether to only retrieve the IDs (default true).
|
||||||
* @returns {Promise<string[]>} returns an ordered array of the roles, with the first being their
|
* @returns {Promise<string[]|object[]>} returns an ordered array of the roles, with the first being their
|
||||||
* highest level of access and the last being the lowest level.
|
* highest level of access and the last being the lowest level.
|
||||||
*/
|
*/
|
||||||
exports.getUserRoleHierarchy = async (userRoleId, opts = { idOnly: true }) => {
|
exports.getUserRoleHierarchy = async (userRoleId, opts = { idOnly: true }) => {
|
||||||
|
|
|
@ -52,9 +52,9 @@ const checkAuthorizedResource = async (
|
||||||
) => {
|
) => {
|
||||||
// get the user's roles
|
// get the user's roles
|
||||||
const roleId = ctx.roleId || BUILTIN_ROLE_IDS.PUBLIC
|
const roleId = ctx.roleId || BUILTIN_ROLE_IDS.PUBLIC
|
||||||
const userRoles = await getUserRoleHierarchy(roleId, {
|
const userRoles = (await getUserRoleHierarchy(roleId, {
|
||||||
idOnly: false,
|
idOnly: false,
|
||||||
})
|
})) as { _id: string }[]
|
||||||
const permError = "User does not have permission"
|
const permError = "User does not have permission"
|
||||||
// check if the user has the required role
|
// check if the user has the required role
|
||||||
if (resourceRoles.length > 0) {
|
if (resourceRoles.length > 0) {
|
||||||
|
|
|
@ -43,9 +43,10 @@ exports.updateAppRole = (user, { appId } = {}) => {
|
||||||
}
|
}
|
||||||
|
|
||||||
async function checkGroupRoles(user, { appId } = {}) {
|
async function checkGroupRoles(user, { appId } = {}) {
|
||||||
let roleId = await groups.getGroupRoleId(user, appId)
|
if (user.roleId && user.roleId !== BUILTIN_ROLE_IDS.PUBLIC) {
|
||||||
user.roleId = roleId
|
return user
|
||||||
|
}
|
||||||
|
user.roleId = await groups.getGroupRoleId(user, appId)
|
||||||
return user
|
return user
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,8 @@ import {
|
||||||
encryption,
|
encryption,
|
||||||
} from "@budibase/backend-core"
|
} from "@budibase/backend-core"
|
||||||
import env from "../../../environment"
|
import env from "../../../environment"
|
||||||
|
import { groups } from "@budibase/pro"
|
||||||
|
import { enrichUserRolesFromGroups } from "../../../../../../../budibase-pro/packages/pro/src/sdk/groups"
|
||||||
const { hash, platformLogout, getCookie, clearCookie, newid } = utils
|
const { hash, platformLogout, getCookie, clearCookie, newid } = utils
|
||||||
const { user: userCache } = cache
|
const { user: userCache } = cache
|
||||||
|
|
||||||
|
@ -115,7 +117,8 @@ export async function getSelf(ctx: any) {
|
||||||
checkCurrentApp(ctx)
|
checkCurrentApp(ctx)
|
||||||
|
|
||||||
// get the main body of the user
|
// get the main body of the user
|
||||||
ctx.body = await users.getUser(userId)
|
const user = await users.getUser(userId)
|
||||||
|
ctx.body = await groups.enrichUserRolesFromGroups(user)
|
||||||
|
|
||||||
// add the feature flags for this tenant
|
// add the feature flags for this tenant
|
||||||
const tenantId = tenancy.getTenantId()
|
const tenantId = tenancy.getTenantId()
|
||||||
|
|
Loading…
Reference in New Issue