diff --git a/packages/backend-core/src/middleware/adminOnly.ts b/packages/backend-core/src/middleware/adminOnly.ts index dc2fe9064e..6b2ee87c01 100644 --- a/packages/backend-core/src/middleware/adminOnly.ts +++ b/packages/backend-core/src/middleware/adminOnly.ts @@ -1,10 +1,8 @@ import { UserCtx } from "@budibase/types" +import { isAdmin } from "../users" export default async (ctx: UserCtx, next: any) => { - if ( - !ctx.internal && - (!ctx.user || !ctx.user.admin || !ctx.user.admin.global) - ) { + if (!ctx.internal && !isAdmin(ctx.user)) { ctx.throw(403, "Admin user only endpoint.") } return next() diff --git a/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte index 1dd4453537..db56602463 100644 --- a/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte +++ b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte @@ -12,12 +12,12 @@ } from "@budibase/bbui" import { store } from "builderStore" import { groups, licensing, apps, users, auth, admin } from "stores/portal" - import { fetchData } from "@budibase/frontend-core" + import { fetchData, Constants, Utils } from "@budibase/frontend-core" + import { sdk } from "@budibase/shared-core" import { API } from "api" import GroupIcon from "../../../portal/users/groups/_components/GroupIcon.svelte" import RoleSelect from "components/common/RoleSelect.svelte" import UpgradeModal from "components/common/users/UpgradeModal.svelte" - import { Constants, Utils } from "@budibase/frontend-core" import { emailValidator } from "helpers/validation" import { roles } from "stores/backend" import { fly } from "svelte/transition" @@ -108,7 +108,7 @@ await usersFetch.refresh() filteredUsers = $usersFetch.rows.map(user => { - const isBuilderOrAdmin = user.admin?.global || user.builder?.global + const isBuilderOrAdmin = sdk.users.isBuilderOrAdmin(user, prodAppId) let role = undefined if (isBuilderOrAdmin) { role = Constants.Roles.ADMIN @@ -258,7 +258,7 @@ } // Must exclude users who have explicit privileges const userByEmail = filteredUsers.reduce((acc, user) => { - if (user.role || user.admin?.global || user.builder?.global) { + if (user.role || sdk.users.isBuilderOrAdmin(user, prodAppId)) { acc.push(user.email) } return acc @@ -389,9 +389,9 @@ } const userTitle = user => { - if (user.admin?.global) { + if (sdk.users.isAdmin(user)) { return "Admin" - } else if (user.builder?.global) { + } else if (sdk.users.isBuilder(user, prodAppId)) { return "Developer" } else { return "App user" diff --git a/packages/builder/src/pages/builder/apps/index.svelte b/packages/builder/src/pages/builder/apps/index.svelte index ab75c50747..f6c5df17c9 100644 --- a/packages/builder/src/pages/builder/apps/index.svelte +++ b/packages/builder/src/pages/builder/apps/index.svelte @@ -22,7 +22,7 @@ import Spaceman from "assets/bb-space-man.svg" import Logo from "assets/bb-emblem.svg" import { UserAvatar } from "@budibase/frontend-core" - import { helpers } from "@budibase/shared-core" + import { helpers, sdk } from "@budibase/shared-core" let loaded = false let userInfoModal @@ -43,32 +43,30 @@ $: userGroups = $groups.filter(group => group.users.find(user => user._id === $auth.user?._id) ) - let userApps = [] $: publishedApps = $apps.filter(publishedAppsOnly) + $: userApps = getUserApps($auth.user) - $: { - if (!Object.keys($auth.user?.roles).length && $auth.user?.userGroups) { - userApps = - $auth.user?.builder?.global || $auth.user?.admin?.global - ? publishedApps - : publishedApps.filter(app => { - return userGroups.find(group => { - return groups.actions - .getGroupAppIds(group) - .map(role => apps.extractAppId(role)) - .includes(app.appId) - }) - }) - } else { - userApps = - $auth.user?.builder?.global || $auth.user?.admin?.global - ? publishedApps - : publishedApps.filter(app => - Object.keys($auth.user?.roles) - .map(x => apps.extractAppId(x)) - .includes(app.appId) - ) + function getUserApps(user) { + if (sdk.users.isAdmin(user)) { + return publishedApps } + return publishedApps.filter(app => { + if (sdk.users.isBuilder(user, app.appId)) { + return true + } + if (!Object.keys(user?.roles).length && user?.userGroups) { + return userGroups.find(group => { + return groups.actions + .getGroupAppIds(group) + .map(role => apps.extractAppId(role)) + .includes(app.appId) + }) + } else { + return Object.keys($auth.user?.roles) + .map(x => apps.extractAppId(x)) + .includes(app.appId) + } + }) } function getUrl(app) { diff --git a/packages/builder/src/pages/builder/index.svelte b/packages/builder/src/pages/builder/index.svelte index fcaa7fc55b..c6d9d3c1c3 100644 --- a/packages/builder/src/pages/builder/index.svelte +++ b/packages/builder/src/pages/builder/index.svelte @@ -1,11 +1,12 @@ diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/UpdateRolesModal.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/UpdateRolesModal.svelte index a9399fcca7..9ad41ad652 100644 --- a/packages/builder/src/pages/builder/portal/users/users/_components/UpdateRolesModal.svelte +++ b/packages/builder/src/pages/builder/portal/users/users/_components/UpdateRolesModal.svelte @@ -2,6 +2,7 @@ import { createEventDispatcher } from "svelte" import { Body, Select, ModalContent, notifications } from "@budibase/bbui" import { users } from "stores/portal" + import { sdk } from "@budibase/shared-core" export let app export let user @@ -15,7 +16,7 @@ .filter(role => role._id !== "PUBLIC") .map(role => ({ value: role._id, label: role.name })) - if (!user?.builder?.global) { + if (!sdk.users.isBuilder(user, app?.appId)) { options.push({ value: NO_ACCESS, label: "No Access" }) } let selectedRole = user?.roles?.[app?._id] diff --git a/packages/builder/src/stores/portal/auth.js b/packages/builder/src/stores/portal/auth.js index ce64965af7..40113e2f76 100644 --- a/packages/builder/src/stores/portal/auth.js +++ b/packages/builder/src/stores/portal/auth.js @@ -2,6 +2,7 @@ import { derived, writable, get } from "svelte/store" import { API } from "api" import { admin } from "stores/portal" import analytics from "analytics" +import { sdk } from "@budibase/shared-core" export function createAuthStore() { const auth = writable({ @@ -17,8 +18,8 @@ export function createAuthStore() { let isBuilder = false if ($store.user) { const user = $store.user - isAdmin = !!user.admin?.global - isBuilder = !!user.builder?.global + isAdmin = sdk.users.isAdmin(user) + isBuilder = sdk.users.isBuilder(user) } return { user: $store.user, @@ -57,8 +58,8 @@ export function createAuthStore() { name: user.account?.name, user_id: user._id, tenant: user.tenantId, - admin: user?.admin?.global, - builder: user?.builder?.global, + admin: sdk.users.isAdmin(user), + builder: sdk.users.isBuilder(user), "Company size": user.account?.size, "Job role": user.account?.profession, }, diff --git a/packages/builder/src/stores/portal/users.js b/packages/builder/src/stores/portal/users.js index e522cd7958..992f6a5418 100644 --- a/packages/builder/src/stores/portal/users.js +++ b/packages/builder/src/stores/portal/users.js @@ -2,6 +2,7 @@ import { writable } from "svelte/store" import { API } from "api" import { update } from "lodash" import { licensing } from "." +import { sdk } from "@budibase/shared-core" export function createUsersStore() { const { subscribe, set } = writable({}) @@ -111,8 +112,12 @@ export function createUsersStore() { return await API.saveUser(user) } - const getUserRole = ({ admin, builder }) => - admin?.global ? "admin" : builder?.global ? "developer" : "appUser" + const getUserRole = user => + sdk.users.isAdmin(user) + ? "admin" + : sdk.users.isBuilder(user) + ? "developer" + : "appUser" const refreshUsage = fn => diff --git a/packages/shared-core/src/sdk/documents/users.ts b/packages/shared-core/src/sdk/documents/users.ts index df3ef0025f..931f651a0e 100644 --- a/packages/shared-core/src/sdk/documents/users.ts +++ b/packages/shared-core/src/sdk/documents/users.ts @@ -18,6 +18,10 @@ export function isAdmin(user: User | ContextUser) { return hasAdminPermissions(user) } +export function isAdminOrBuilder(user: User | ContextUser, appId?: string) { + return isBuilder(user, appId) || isAdmin(user) +} + // checks if a user is capable of building any app export function hasBuilderPermissions(user?: User | ContextUser) { if (!user) {