Fixing issue with builder not always having the correct roles to view an app - global builders are now admins in all apps.

This commit is contained in:
mike12345567 2021-06-04 12:13:29 +01:00
parent 903adb40a8
commit fe4fcad77c
9 changed files with 31 additions and 46 deletions

View File

@ -13,7 +13,6 @@ const BUILTIN_IDS = {
POWER: "POWER", POWER: "POWER",
BASIC: "BASIC", BASIC: "BASIC",
PUBLIC: "PUBLIC", PUBLIC: "PUBLIC",
BUILDER: "BUILDER",
} }
// exclude internal roles like builder // exclude internal roles like builder

View File

@ -5,7 +5,7 @@ const { getFullUser } = require("../../utilities/users")
exports.fetchSelf = async ctx => { exports.fetchSelf = async ctx => {
const appId = ctx.appId const appId = ctx.appId
const { userId } = ctx.user let userId = ctx.user.userId || ctx.user._id
/* istanbul ignore next */ /* istanbul ignore next */
if (!userId) { if (!userId) {
ctx.body = {} ctx.body = {}

View File

@ -63,10 +63,6 @@ exports.fetch = async ctx => {
exports.clientFetch = async ctx => { exports.clientFetch = async ctx => {
const routing = await getRoutingStructure(ctx.appId) const routing = await getRoutingStructure(ctx.appId)
let roleId = ctx.user.role._id let roleId = ctx.user.role._id
// builder is a special case, always return the full routing structure
if (roleId === BUILTIN_ROLE_IDS.BUILDER) {
roleId = BUILTIN_ROLE_IDS.ADMIN
}
const roleIds = await getUserRoleHierarchy(ctx.appId, roleId) const roleIds = await getUserRoleHierarchy(ctx.appId, roleId)
for (let topLevel of Object.values(routing.routes)) { for (let topLevel of Object.values(routing.routes)) {
for (let subpathKey of Object.keys(topLevel.subpaths)) { for (let subpathKey of Object.keys(topLevel.subpaths)) {

View File

@ -4,7 +4,6 @@ const {
getUserMetadataParams, getUserMetadataParams,
} = require("../../db/utils") } = require("../../db/utils")
const { InternalTables } = require("../../db/utils") const { InternalTables } = require("../../db/utils")
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
const { const {
getGlobalUsers, getGlobalUsers,
addAppRoleToUser, addAppRoleToUser,
@ -47,10 +46,6 @@ exports.fetchMetadata = async function (ctx) {
exports.updateSelfMetadata = async function (ctx) { exports.updateSelfMetadata = async function (ctx) {
// overwrite the ID with current users // overwrite the ID with current users
ctx.request.body._id = ctx.user._id ctx.request.body._id = ctx.user._id
if (ctx.user.builder && ctx.user.builder.global) {
// specific case, update self role in global user
await addAppRoleToUser(ctx, ctx.appId, BUILTIN_ROLE_IDS.ADMIN)
}
// make sure no stale rev // make sure no stale rev
delete ctx.request.body._rev delete ctx.request.body._rev
await exports.updateMetadata(ctx) await exports.updateMetadata(ctx)

View File

@ -28,9 +28,7 @@ describe("/routing", () => {
it("returns the correct routing for basic user", async () => { it("returns the correct routing for basic user", async () => {
workerRequests.getGlobalUsers.mockImplementationOnce((ctx, appId) => { workerRequests.getGlobalUsers.mockImplementationOnce((ctx, appId) => {
return { return {
roles: { roleId: BUILTIN_ROLE_IDS.BASIC,
[appId]: BUILTIN_ROLE_IDS.BASIC,
}
} }
}) })
const res = await request const res = await request

View File

@ -2,6 +2,7 @@ const rowController = require("../../../controllers/row")
const appController = require("../../../controllers/application") const appController = require("../../../controllers/application")
const CouchDB = require("../../../../db") const CouchDB = require("../../../../db")
const { AppStatus } = require("../../../../db/utils") const { AppStatus } = require("../../../../db/utils")
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
function Request(appId, params) { function Request(appId, params) {
this.appId = appId this.appId = appId
@ -77,11 +78,17 @@ exports.checkPermissionsEndpoint = async ({
.set(passHeader) .set(passHeader)
.expect(200) .expect(200)
let failHeader
if (failRole === BUILTIN_ROLE_IDS.PUBLIC) {
failHeader = config.publicHeaders()
} else {
user = await config.createUser("fail@budibase.com", password, failRole) user = await config.createUser("fail@budibase.com", password, failRole)
const failHeader = await config.login("fail@budibase.com", password, { failHeader = await config.login("fail@budibase.com", password, {
roleId: failRole, roleId: failRole,
userId: user.globalId, userId: user.globalId,
builder: false,
}) })
}
await exports await exports
.createRequest(config.request, method, url, body) .createRequest(config.request, method, url, body)

View File

@ -33,7 +33,7 @@ module.exports = async (ctx, next) => {
updateCookie = true updateCookie = true
appId = requestAppId appId = requestAppId
// retrieving global user gets the right role // retrieving global user gets the right role
roleId = globalUser.roleId roleId = globalUser.roleId || BUILTIN_ROLE_IDS.PUBLIC
} else if (appCookie != null) { } else if (appCookie != null) {
appId = appCookie.appId appId = appCookie.appId
roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC

View File

@ -101,7 +101,7 @@ class TestConfiguration {
userId: GLOBAL_USER_ID, userId: GLOBAL_USER_ID,
} }
const app = { const app = {
roleId: BUILTIN_ROLE_IDS.BUILDER, roleId: BUILTIN_ROLE_IDS.ADMIN,
appId: this.appId, appId: this.appId,
} }
const authToken = jwt.sign(auth, env.JWT_SECRET) const authToken = jwt.sign(auth, env.JWT_SECRET)
@ -306,11 +306,10 @@ class TestConfiguration {
return await this._req(config, null, controllers.layout.save) return await this._req(config, null, controllers.layout.save)
} }
async createUser(roleId = BUILTIN_ROLE_IDS.POWER) { async createUser() {
const globalId = `us_${Math.random()}` const globalId = `us_${Math.random()}`
const resp = await this.globalUser( const resp = await this.globalUser(
globalId, globalId,
roleId === BUILTIN_ROLE_IDS.BUILDER
) )
return { return {
...resp, ...resp,
@ -319,7 +318,6 @@ class TestConfiguration {
} }
async login(email, password, { roleId, userId, builder } = {}) { async login(email, password, { roleId, userId, builder } = {}) {
roleId = !roleId ? BUILTIN_ROLE_IDS.BUILDER : roleId
userId = !userId ? `us_uuid1` : userId userId = !userId ? `us_uuid1` : userId
if (!this.request) { if (!this.request) {
throw "Server has not been opened, cannot login." throw "Server has not been opened, cannot login."

View File

@ -9,19 +9,26 @@ function getAppRole(appId, user) {
if (!user.roles) { if (!user.roles) {
return user return user
} }
if (user.builder && user.builder.global) {
user.roleId = BUILTIN_ROLE_IDS.ADMIN
} else {
// always use the deployed app // always use the deployed app
user.roleId = user.roles[getDeployedAppID(appId)] user.roleId = user.roles[getDeployedAppID(appId)]
if (!user.roleId) { if (!user.roleId) {
user.roleId = BUILTIN_ROLE_IDS.PUBLIC user.roleId = BUILTIN_ROLE_IDS.PUBLIC
} }
}
delete user.roles delete user.roles
return user return user
} }
function request(ctx, request) { function request(ctx, request, noApiKey) {
if (!request.headers) { if (!request.headers) {
request.headers = {} request.headers = {}
} }
if (!noApiKey) {
request.headers["x-budibase-api-key"] = env.INTERNAL_API_KEY
}
if (request.body && Object.keys(request.body).length > 0) { if (request.body && Object.keys(request.body).length > 0) {
request.headers["Content-Type"] = "application/json" request.headers["Content-Type"] = "application/json"
request.body = request.body =
@ -44,9 +51,6 @@ exports.sendSmtpEmail = async (to, from, subject, contents) => {
checkSlashesInUrl(env.WORKER_URL + `/api/admin/email/send`), checkSlashesInUrl(env.WORKER_URL + `/api/admin/email/send`),
request(null, { request(null, {
method: "POST", method: "POST",
headers: {
"x-budibase-api-key": env.INTERNAL_API_KEY,
},
body: { body: {
email: to, email: to,
from, from,
@ -86,16 +90,6 @@ exports.getDeployedApps = async ctx => {
} }
} }
exports.deleteGlobalUser = async (ctx, globalId) => {
const endpoint = `/api/admin/users/${globalId}`
const reqCfg = { method: "DELETE" }
const response = await fetch(
checkSlashesInUrl(env.WORKER_URL + endpoint),
request(ctx, reqCfg)
)
return response.json()
}
exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => { exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {
const endpoint = globalId const endpoint = globalId
? `/api/admin/users/${globalId}` ? `/api/admin/users/${globalId}`
@ -121,7 +115,8 @@ exports.getGlobalSelf = async (ctx, appId = null) => {
const endpoint = `/api/admin/users/self` const endpoint = `/api/admin/users/self`
const response = await fetch( const response = await fetch(
checkSlashesInUrl(env.WORKER_URL + endpoint), checkSlashesInUrl(env.WORKER_URL + endpoint),
request(ctx, { method: "GET" }) // we don't want to use API key when getting self
request(ctx, { method: "GET" }, true)
) )
if (response.status !== 200) { if (response.status !== 200) {
ctx.throw(400, "Unable to get self globally.") ctx.throw(400, "Unable to get self globally.")
@ -172,9 +167,6 @@ exports.removeAppFromUserRoles = async appId => {
checkSlashesInUrl(env.WORKER_URL + `/api/admin/roles/${deployedAppId}`), checkSlashesInUrl(env.WORKER_URL + `/api/admin/roles/${deployedAppId}`),
request(null, { request(null, {
method: "DELETE", method: "DELETE",
headers: {
"x-budibase-api-key": env.INTERNAL_API_KEY,
},
}) })
) )
if (response.status !== 200) { if (response.status !== 200) {