budibase/packages/server/src/api/controllers/user.js

const CouchDB = require("../../db")
const {
  generateUserMetadataID,
  getUserMetadataParams,
  getEmailFromUserMetadataID,
} = require("../../db/utils")
const { InternalTables } = require("../../db/utils")
const { getRole } = require("../../utilities/security/roles")
const {
  getGlobalUsers,
  saveGlobalUser,
  deleteGlobalUser,
} = require("../../utilities/workerRequests")
const { getFullUser } = require("../../utilities/users")

exports.fetchMetadata = async function(ctx) {
  const database = new CouchDB(ctx.appId)
  const global = await getGlobalUsers(ctx, ctx.appId)
  const metadata = (
    await database.allDocs(
      getUserMetadataParams(null, {
        include_docs: true,
      })
    )
  ).rows.map(row => row.doc)
  const users = []
  for (let user of global) {
    const info = metadata.find(meta => meta._id.includes(user.email))
    // remove these props, not for the correct DB
    delete user._id
    delete user._rev
    users.push({
      ...user,
      ...info,
      // make sure the ID is always a local ID, not a global one
      _id: generateUserMetadataID(user.email),
    })
  }
  ctx.body = users
}

exports.createMetadata = async function(ctx) {
  const appId = ctx.appId
  const db = new CouchDB(appId)
  const { roleId } = ctx.request.body
  const email = ctx.request.body.email || ctx.user.email

  // check role valid
  const role = await getRole(appId, roleId)
  if (!role) ctx.throw(400, "Invalid Role")

  const metadata = await saveGlobalUser(ctx, appId, email, ctx.request.body)

  const user = {
    ...metadata,
    _id: generateUserMetadataID(email),
    type: "user",
    tableId: InternalTables.USER_METADATA,
  }

  const response = await db.post(user)
  // for automations to make it obvious was successful
  ctx.status = 200
  ctx.body = {
    _id: response.id,
    _rev: response.rev,
    email,
  }
}

exports.updateMetadata = async function(ctx) {
  const appId = ctx.appId
  const db = new CouchDB(appId)
  const user = ctx.request.body
  let email = user.email || getEmailFromUserMetadataID(user._id)
  const metadata = await saveGlobalUser(ctx, appId, email, ctx.request.body)
  if (!metadata._id) {
    metadata._id = generateUserMetadataID(email)
  }
  if (!metadata._rev) {
    metadata._rev = ctx.request.body._rev
  }
  ctx.body = await db.put({
    ...metadata,
  })
}

exports.destroyMetadata = async function(ctx) {
  const db = new CouchDB(ctx.appId)
  const email =
    ctx.params.email || getEmailFromUserMetadataID(ctx.params.userId)
  await deleteGlobalUser(ctx, email)
  try {
    const dbUser = await db.get(generateUserMetadataID(email))
    await db.remove(dbUser._id, dbUser._rev)
  } catch (err) {
    // error just means the global user has no config in this app
  }
  ctx.body = {
    message: `User ${ctx.params.email} deleted.`,
  }
}

exports.findMetadata = async function(ctx) {
  ctx.body = await getFullUser({
    ctx,
    email: ctx.params.email,
    userId: ctx.params.userId,
  })
}
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`const CouchDB = require("../../db")`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`const {`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`generateUserMetadataID,`
			`getUserMetadataParams,`
			`getEmailFromUserMetadataID,`
			`} = require("../../db/utils")`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`const { InternalTables } = require("../../db/utils")`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`const { getRole } = require("../../utilities/security/roles")`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`const {`
			`getGlobalUsers,`
			`saveGlobalUser,`
			`deleteGlobalUser,`
			`} = require("../../utilities/workerRequests")`
Updating fetch self to get the global user as well as local metadata. 2021-04-13 02:54:14 +12:00			`const { getFullUser } = require("../../utilities/users")`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00
			`exports.fetchMetadata = async function(ctx) {`
Removing use of the , replacing to ctx.appId to make it clear appId not part of the auth. 2021-03-30 05:32:05 +13:00			`const database = new CouchDB(ctx.appId)`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`const global = await getGlobalUsers(ctx, ctx.appId)`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`const metadata = (`
Updating builder/server in a few ways, to allow creating users with extra columns attached, allowing password to be updated in the builder and making sure that all row endpoints correctly pass through the user controller so that we can still have customised functionality for users (such as making sure password is never returned). 2020-12-09 06:33:08 +13:00			`await database.allDocs(`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`getUserMetadataParams(null, {`
Updating builder/server in a few ways, to allow creating users with extra columns attached, allowing password to be updated in the builder and making sure that all row endpoints correctly pass through the user controller so that we can still have customised functionality for users (such as making sure password is never returned). 2020-12-09 06:33:08 +13:00			`include_docs: true,`
			`})`
			`)`
			`).rows.map(row => row.doc)`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`const users = []`
			`for (let user of global) {`
			`const info = metadata.find(meta => meta._id.includes(user.email))`
Removing the lookup of _id in usage quota when in dev/self host for performance reasons as part of usage quota, re-writing some bits of fetch self for cleaner implementation, fixing some issues with updating/saving users from within app. 2021-04-14 04:11:55 +12:00			`// remove these props, not for the correct DB`
			`delete user._id`
			`delete user._rev`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`users.push({`
			`...user,`
			`...info,`
Global user management now functioning as expected, there were some errant db.destroy functions from the system previously, this is now cleaned up. 2021-04-10 03:55:56 +12:00			`// make sure the ID is always a local ID, not a global one`
			`_id: generateUserMetadataID(user.email),`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`})`
Updating builder/server in a few ways, to allow creating users with extra columns attached, allowing password to be updated in the builder and making sure that all row endpoints correctly pass through the user controller so that we can still have customised functionality for users (such as making sure password is never returned). 2020-12-09 06:33:08 +13:00			`}`
			`ctx.body = users`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`}`
added more endpoints 2020-04-08 04:25:09 +12:00
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`exports.createMetadata = async function(ctx) {`
			`const appId = ctx.appId`
			`const db = new CouchDB(appId)`
removing initial user creation 2021-04-15 04:02:12 +12:00			`const { roleId } = ctx.request.body`
			`const email = ctx.request.body.email \|\| ctx.user.email`
pouchDB integration, use app id instead of app name for keying app packages 2020-04-24 01:37:08 +12:00
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`// check role valid`
			`const role = await getRole(appId, roleId)`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`if (!role) ctx.throw(400, "Invalid Role")`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`const metadata = await saveGlobalUser(ctx, appId, email, ctx.request.body)`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`const user = {`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`...metadata,`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`_id: generateUserMetadataID(email),`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`type: "user",`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`tableId: InternalTables.USER_METADATA,`
Adding the ability to set whether a user is active or not rather than deleting them, stops them from being able to log in to the system. 2021-02-23 00:39:58 +13:00			`}`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`const response = await db.post(user)`
Updating some test cases to work with new system. 2021-04-10 04:33:21 +12:00			`// for automations to make it obvious was successful`
			`ctx.status = 200`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`ctx.body = {`
Updating some test cases to work with new system. 2021-04-10 04:33:21 +12:00			`_id: response.id,`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`_rev: response.rev,`
			`email,`
test coverage for user creation 2020-04-11 03:37:59 +12:00			`}`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`}`
api tests 2020-04-10 03:53:48 +12:00
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`exports.updateMetadata = async function(ctx) {`
			`const appId = ctx.appId`
			`const db = new CouchDB(appId)`
adds update functionality to users 2020-06-26 21:05:09 +12:00			`const user = ctx.request.body`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`let email = user.email \|\| getEmailFromUserMetadataID(user._id)`
			`const metadata = await saveGlobalUser(ctx, appId, email, ctx.request.body)`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`if (!metadata._id) {`
Fixing up tests, need to mock most of the worker functionality so that worker doesn't need to run during tests. 2021-04-14 07:25:43 +12:00			`metadata._id = generateUserMetadataID(email)`
			`}`
			`if (!metadata._rev) {`
			`metadata._rev = ctx.request.body._rev`
First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`}`
			`ctx.body = await db.put({`
			`...metadata,`
Adding the ability to set whether a user is active or not rather than deleting them, stops them from being able to log in to the system. 2021-02-23 00:39:58 +13:00			`})`
adds update functionality to users 2020-06-26 21:05:09 +12:00			`}`

First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`exports.destroyMetadata = async function(ctx) {`
			`const db = new CouchDB(ctx.appId)`
Global user management now functioning as expected, there were some errant db.destroy functions from the system previously, this is now cleaned up. 2021-04-10 03:55:56 +12:00			`const email =`
			`ctx.params.email \|\| getEmailFromUserMetadataID(ctx.params.userId)`
Global users now working through the server, all requests proxied. 2021-04-10 02:11:49 +12:00			`await deleteGlobalUser(ctx, email)`
Global user management now functioning as expected, there were some errant db.destroy functions from the system previously, this is now cleaned up. 2021-04-10 03:55:56 +12:00			`try {`
			`const dbUser = await db.get(generateUserMetadataID(email))`
			`await db.remove(dbUser._id, dbUser._rev)`
			`} catch (err) {`
			`// error just means the global user has no config in this app`
			`}`
Upping user test cases to cover all of controller. 2021-03-10 06:09:18 +13:00			`ctx.body = {`
			message: `User ${ctx.params.email} deleted.`,
			`}`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`}`

First pass of global user configuration through existing user API with role mappings. 2021-04-09 03:58:33 +12:00			`exports.findMetadata = async function(ctx) {`
Updating fetch self to get the global user as well as local metadata. 2021-04-13 02:54:14 +12:00			`ctx.body = await getFullUser({`
			`ctx,`
			`email: ctx.params.email,`
			`userId: ctx.params.userId,`
			`})`
formatting + fixing builder tests 2020-05-07 21:53:34 +12:00			`}`