Fixing issue with builder not always having the correct roles to view an app - global builders are now admins in all apps.
This commit is contained in:
parent
903adb40a8
commit
fe4fcad77c
|
@ -13,7 +13,6 @@ const BUILTIN_IDS = {
|
||||||
POWER: "POWER",
|
POWER: "POWER",
|
||||||
BASIC: "BASIC",
|
BASIC: "BASIC",
|
||||||
PUBLIC: "PUBLIC",
|
PUBLIC: "PUBLIC",
|
||||||
BUILDER: "BUILDER",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// exclude internal roles like builder
|
// exclude internal roles like builder
|
||||||
|
|
|
@ -5,7 +5,7 @@ const { getFullUser } = require("../../utilities/users")
|
||||||
|
|
||||||
exports.fetchSelf = async ctx => {
|
exports.fetchSelf = async ctx => {
|
||||||
const appId = ctx.appId
|
const appId = ctx.appId
|
||||||
const { userId } = ctx.user
|
let userId = ctx.user.userId || ctx.user._id
|
||||||
/* istanbul ignore next */
|
/* istanbul ignore next */
|
||||||
if (!userId) {
|
if (!userId) {
|
||||||
ctx.body = {}
|
ctx.body = {}
|
||||||
|
|
|
@ -63,10 +63,6 @@ exports.fetch = async ctx => {
|
||||||
exports.clientFetch = async ctx => {
|
exports.clientFetch = async ctx => {
|
||||||
const routing = await getRoutingStructure(ctx.appId)
|
const routing = await getRoutingStructure(ctx.appId)
|
||||||
let roleId = ctx.user.role._id
|
let roleId = ctx.user.role._id
|
||||||
// builder is a special case, always return the full routing structure
|
|
||||||
if (roleId === BUILTIN_ROLE_IDS.BUILDER) {
|
|
||||||
roleId = BUILTIN_ROLE_IDS.ADMIN
|
|
||||||
}
|
|
||||||
const roleIds = await getUserRoleHierarchy(ctx.appId, roleId)
|
const roleIds = await getUserRoleHierarchy(ctx.appId, roleId)
|
||||||
for (let topLevel of Object.values(routing.routes)) {
|
for (let topLevel of Object.values(routing.routes)) {
|
||||||
for (let subpathKey of Object.keys(topLevel.subpaths)) {
|
for (let subpathKey of Object.keys(topLevel.subpaths)) {
|
||||||
|
|
|
@ -4,7 +4,6 @@ const {
|
||||||
getUserMetadataParams,
|
getUserMetadataParams,
|
||||||
} = require("../../db/utils")
|
} = require("../../db/utils")
|
||||||
const { InternalTables } = require("../../db/utils")
|
const { InternalTables } = require("../../db/utils")
|
||||||
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
|
|
||||||
const {
|
const {
|
||||||
getGlobalUsers,
|
getGlobalUsers,
|
||||||
addAppRoleToUser,
|
addAppRoleToUser,
|
||||||
|
@ -47,10 +46,6 @@ exports.fetchMetadata = async function (ctx) {
|
||||||
exports.updateSelfMetadata = async function (ctx) {
|
exports.updateSelfMetadata = async function (ctx) {
|
||||||
// overwrite the ID with current users
|
// overwrite the ID with current users
|
||||||
ctx.request.body._id = ctx.user._id
|
ctx.request.body._id = ctx.user._id
|
||||||
if (ctx.user.builder && ctx.user.builder.global) {
|
|
||||||
// specific case, update self role in global user
|
|
||||||
await addAppRoleToUser(ctx, ctx.appId, BUILTIN_ROLE_IDS.ADMIN)
|
|
||||||
}
|
|
||||||
// make sure no stale rev
|
// make sure no stale rev
|
||||||
delete ctx.request.body._rev
|
delete ctx.request.body._rev
|
||||||
await exports.updateMetadata(ctx)
|
await exports.updateMetadata(ctx)
|
||||||
|
|
|
@ -28,9 +28,7 @@ describe("/routing", () => {
|
||||||
it("returns the correct routing for basic user", async () => {
|
it("returns the correct routing for basic user", async () => {
|
||||||
workerRequests.getGlobalUsers.mockImplementationOnce((ctx, appId) => {
|
workerRequests.getGlobalUsers.mockImplementationOnce((ctx, appId) => {
|
||||||
return {
|
return {
|
||||||
roles: {
|
roleId: BUILTIN_ROLE_IDS.BASIC,
|
||||||
[appId]: BUILTIN_ROLE_IDS.BASIC,
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
const res = await request
|
const res = await request
|
||||||
|
|
|
@ -2,6 +2,7 @@ const rowController = require("../../../controllers/row")
|
||||||
const appController = require("../../../controllers/application")
|
const appController = require("../../../controllers/application")
|
||||||
const CouchDB = require("../../../../db")
|
const CouchDB = require("../../../../db")
|
||||||
const { AppStatus } = require("../../../../db/utils")
|
const { AppStatus } = require("../../../../db/utils")
|
||||||
|
const { BUILTIN_ROLE_IDS } = require("@budibase/auth/roles")
|
||||||
|
|
||||||
function Request(appId, params) {
|
function Request(appId, params) {
|
||||||
this.appId = appId
|
this.appId = appId
|
||||||
|
@ -77,11 +78,17 @@ exports.checkPermissionsEndpoint = async ({
|
||||||
.set(passHeader)
|
.set(passHeader)
|
||||||
.expect(200)
|
.expect(200)
|
||||||
|
|
||||||
user = await config.createUser("fail@budibase.com", password, failRole)
|
let failHeader
|
||||||
const failHeader = await config.login("fail@budibase.com", password, {
|
if (failRole === BUILTIN_ROLE_IDS.PUBLIC) {
|
||||||
roleId: failRole,
|
failHeader = config.publicHeaders()
|
||||||
userId: user.globalId,
|
} else {
|
||||||
})
|
user = await config.createUser("fail@budibase.com", password, failRole)
|
||||||
|
failHeader = await config.login("fail@budibase.com", password, {
|
||||||
|
roleId: failRole,
|
||||||
|
userId: user.globalId,
|
||||||
|
builder: false,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
await exports
|
await exports
|
||||||
.createRequest(config.request, method, url, body)
|
.createRequest(config.request, method, url, body)
|
||||||
|
|
|
@ -33,7 +33,7 @@ module.exports = async (ctx, next) => {
|
||||||
updateCookie = true
|
updateCookie = true
|
||||||
appId = requestAppId
|
appId = requestAppId
|
||||||
// retrieving global user gets the right role
|
// retrieving global user gets the right role
|
||||||
roleId = globalUser.roleId
|
roleId = globalUser.roleId || BUILTIN_ROLE_IDS.PUBLIC
|
||||||
} else if (appCookie != null) {
|
} else if (appCookie != null) {
|
||||||
appId = appCookie.appId
|
appId = appCookie.appId
|
||||||
roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC
|
roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC
|
||||||
|
|
|
@ -101,7 +101,7 @@ class TestConfiguration {
|
||||||
userId: GLOBAL_USER_ID,
|
userId: GLOBAL_USER_ID,
|
||||||
}
|
}
|
||||||
const app = {
|
const app = {
|
||||||
roleId: BUILTIN_ROLE_IDS.BUILDER,
|
roleId: BUILTIN_ROLE_IDS.ADMIN,
|
||||||
appId: this.appId,
|
appId: this.appId,
|
||||||
}
|
}
|
||||||
const authToken = jwt.sign(auth, env.JWT_SECRET)
|
const authToken = jwt.sign(auth, env.JWT_SECRET)
|
||||||
|
@ -306,11 +306,10 @@ class TestConfiguration {
|
||||||
return await this._req(config, null, controllers.layout.save)
|
return await this._req(config, null, controllers.layout.save)
|
||||||
}
|
}
|
||||||
|
|
||||||
async createUser(roleId = BUILTIN_ROLE_IDS.POWER) {
|
async createUser() {
|
||||||
const globalId = `us_${Math.random()}`
|
const globalId = `us_${Math.random()}`
|
||||||
const resp = await this.globalUser(
|
const resp = await this.globalUser(
|
||||||
globalId,
|
globalId,
|
||||||
roleId === BUILTIN_ROLE_IDS.BUILDER
|
|
||||||
)
|
)
|
||||||
return {
|
return {
|
||||||
...resp,
|
...resp,
|
||||||
|
@ -319,7 +318,6 @@ class TestConfiguration {
|
||||||
}
|
}
|
||||||
|
|
||||||
async login(email, password, { roleId, userId, builder } = {}) {
|
async login(email, password, { roleId, userId, builder } = {}) {
|
||||||
roleId = !roleId ? BUILTIN_ROLE_IDS.BUILDER : roleId
|
|
||||||
userId = !userId ? `us_uuid1` : userId
|
userId = !userId ? `us_uuid1` : userId
|
||||||
if (!this.request) {
|
if (!this.request) {
|
||||||
throw "Server has not been opened, cannot login."
|
throw "Server has not been opened, cannot login."
|
||||||
|
|
|
@ -9,19 +9,26 @@ function getAppRole(appId, user) {
|
||||||
if (!user.roles) {
|
if (!user.roles) {
|
||||||
return user
|
return user
|
||||||
}
|
}
|
||||||
// always use the deployed app
|
if (user.builder && user.builder.global) {
|
||||||
user.roleId = user.roles[getDeployedAppID(appId)]
|
user.roleId = BUILTIN_ROLE_IDS.ADMIN
|
||||||
if (!user.roleId) {
|
} else {
|
||||||
user.roleId = BUILTIN_ROLE_IDS.PUBLIC
|
// always use the deployed app
|
||||||
|
user.roleId = user.roles[getDeployedAppID(appId)]
|
||||||
|
if (!user.roleId) {
|
||||||
|
user.roleId = BUILTIN_ROLE_IDS.PUBLIC
|
||||||
|
}
|
||||||
}
|
}
|
||||||
delete user.roles
|
delete user.roles
|
||||||
return user
|
return user
|
||||||
}
|
}
|
||||||
|
|
||||||
function request(ctx, request) {
|
function request(ctx, request, noApiKey) {
|
||||||
if (!request.headers) {
|
if (!request.headers) {
|
||||||
request.headers = {}
|
request.headers = {}
|
||||||
}
|
}
|
||||||
|
if (!noApiKey) {
|
||||||
|
request.headers["x-budibase-api-key"] = env.INTERNAL_API_KEY
|
||||||
|
}
|
||||||
if (request.body && Object.keys(request.body).length > 0) {
|
if (request.body && Object.keys(request.body).length > 0) {
|
||||||
request.headers["Content-Type"] = "application/json"
|
request.headers["Content-Type"] = "application/json"
|
||||||
request.body =
|
request.body =
|
||||||
|
@ -44,9 +51,6 @@ exports.sendSmtpEmail = async (to, from, subject, contents) => {
|
||||||
checkSlashesInUrl(env.WORKER_URL + `/api/admin/email/send`),
|
checkSlashesInUrl(env.WORKER_URL + `/api/admin/email/send`),
|
||||||
request(null, {
|
request(null, {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: {
|
|
||||||
"x-budibase-api-key": env.INTERNAL_API_KEY,
|
|
||||||
},
|
|
||||||
body: {
|
body: {
|
||||||
email: to,
|
email: to,
|
||||||
from,
|
from,
|
||||||
|
@ -86,16 +90,6 @@ exports.getDeployedApps = async ctx => {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.deleteGlobalUser = async (ctx, globalId) => {
|
|
||||||
const endpoint = `/api/admin/users/${globalId}`
|
|
||||||
const reqCfg = { method: "DELETE" }
|
|
||||||
const response = await fetch(
|
|
||||||
checkSlashesInUrl(env.WORKER_URL + endpoint),
|
|
||||||
request(ctx, reqCfg)
|
|
||||||
)
|
|
||||||
return response.json()
|
|
||||||
}
|
|
||||||
|
|
||||||
exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {
|
exports.getGlobalUsers = async (ctx, appId = null, globalId = null) => {
|
||||||
const endpoint = globalId
|
const endpoint = globalId
|
||||||
? `/api/admin/users/${globalId}`
|
? `/api/admin/users/${globalId}`
|
||||||
|
@ -121,7 +115,8 @@ exports.getGlobalSelf = async (ctx, appId = null) => {
|
||||||
const endpoint = `/api/admin/users/self`
|
const endpoint = `/api/admin/users/self`
|
||||||
const response = await fetch(
|
const response = await fetch(
|
||||||
checkSlashesInUrl(env.WORKER_URL + endpoint),
|
checkSlashesInUrl(env.WORKER_URL + endpoint),
|
||||||
request(ctx, { method: "GET" })
|
// we don't want to use API key when getting self
|
||||||
|
request(ctx, { method: "GET" }, true)
|
||||||
)
|
)
|
||||||
if (response.status !== 200) {
|
if (response.status !== 200) {
|
||||||
ctx.throw(400, "Unable to get self globally.")
|
ctx.throw(400, "Unable to get self globally.")
|
||||||
|
@ -172,9 +167,6 @@ exports.removeAppFromUserRoles = async appId => {
|
||||||
checkSlashesInUrl(env.WORKER_URL + `/api/admin/roles/${deployedAppId}`),
|
checkSlashesInUrl(env.WORKER_URL + `/api/admin/roles/${deployedAppId}`),
|
||||||
request(null, {
|
request(null, {
|
||||||
method: "DELETE",
|
method: "DELETE",
|
||||||
headers: {
|
|
||||||
"x-budibase-api-key": env.INTERNAL_API_KEY,
|
|
||||||
},
|
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
if (response.status !== 200) {
|
if (response.status !== 200) {
|
||||||
|
|
Loading…
Reference in New Issue