Updating a few core endpoints to better integrate the groups system and make sure users always have the correct role ID updated onto them.

This commit is contained in:
mike12345567 2022-09-22 18:27:43 +01:00
parent 7a732b8155
commit fa8fb88f82
4 changed files with 28 additions and 8 deletions

View File

@ -78,7 +78,7 @@ function isBuiltin(role) {
*/ */
exports.builtinRoleToNumber = id => { exports.builtinRoleToNumber = id => {
const builtins = exports.getBuiltinRoles() const builtins = exports.getBuiltinRoles()
const MAX = Object.values(BUILTIN_IDS).length + 1 const MAX = Object.values(builtins).length + 1
if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) { if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) {
return MAX return MAX
} }
@ -94,6 +94,22 @@ exports.builtinRoleToNumber = id => {
return count return count
} }
/**
* Converts any role to a number, but has to be async to get the roles from db.
*/
exports.roleToNumber = async id => {
if (exports.isBuiltin(id)) {
return exports.builtinRoleToNumber(id)
}
const hierarchy = await exports.getUserRoleHierarchy(id)
for (let role of hierarchy) {
if (isBuiltin(role.inherits)) {
return exports.builtinRoleToNumber(role.inherits) + 1
}
}
return 0
}
/** /**
* Returns whichever builtin roleID is lower. * Returns whichever builtin roleID is lower.
*/ */
@ -172,7 +188,7 @@ async function getAllUserRoles(userRoleId) {
* to determine if a user can access something that requires a specific role. * to determine if a user can access something that requires a specific role.
* @param {string} userRoleId The user's role ID, this can be found in their access token. * @param {string} userRoleId The user's role ID, this can be found in their access token.
* @param {object} opts Various options, such as whether to only retrieve the IDs (default true). * @param {object} opts Various options, such as whether to only retrieve the IDs (default true).
* @returns {Promise<string[]>} returns an ordered array of the roles, with the first being their * @returns {Promise<string[]|object[]>} returns an ordered array of the roles, with the first being their
* highest level of access and the last being the lowest level. * highest level of access and the last being the lowest level.
*/ */
exports.getUserRoleHierarchy = async (userRoleId, opts = { idOnly: true }) => { exports.getUserRoleHierarchy = async (userRoleId, opts = { idOnly: true }) => {

View File

@ -52,9 +52,9 @@ const checkAuthorizedResource = async (
) => { ) => {
// get the user's roles // get the user's roles
const roleId = ctx.roleId || BUILTIN_ROLE_IDS.PUBLIC const roleId = ctx.roleId || BUILTIN_ROLE_IDS.PUBLIC
const userRoles = await getUserRoleHierarchy(roleId, { const userRoles = (await getUserRoleHierarchy(roleId, {
idOnly: false, idOnly: false,
}) })) as { _id: string }[]
const permError = "User does not have permission" const permError = "User does not have permission"
// check if the user has the required role // check if the user has the required role
if (resourceRoles.length > 0) { if (resourceRoles.length > 0) {

View File

@ -43,9 +43,10 @@ exports.updateAppRole = (user, { appId } = {}) => {
} }
async function checkGroupRoles(user, { appId } = {}) { async function checkGroupRoles(user, { appId } = {}) {
let roleId = await groups.getGroupRoleId(user, appId) if (user.roleId && user.roleId !== BUILTIN_ROLE_IDS.PUBLIC) {
user.roleId = roleId return user
}
user.roleId = await groups.getGroupRoleId(user, appId)
return user return user
} }

View File

@ -10,6 +10,8 @@ import {
encryption, encryption,
} from "@budibase/backend-core" } from "@budibase/backend-core"
import env from "../../../environment" import env from "../../../environment"
import { groups } from "@budibase/pro"
import { enrichUserRolesFromGroups } from "../../../../../../../budibase-pro/packages/pro/src/sdk/groups"
const { hash, platformLogout, getCookie, clearCookie, newid } = utils const { hash, platformLogout, getCookie, clearCookie, newid } = utils
const { user: userCache } = cache const { user: userCache } = cache
@ -115,7 +117,8 @@ export async function getSelf(ctx: any) {
checkCurrentApp(ctx) checkCurrentApp(ctx)
// get the main body of the user // get the main body of the user
ctx.body = await users.getUser(userId) const user = await users.getUser(userId)
ctx.body = await groups.enrichUserRolesFromGroups(user)
// add the feature flags for this tenant // add the feature flags for this tenant
const tenantId = tenancy.getTenantId() const tenantId = tenancy.getTenantId()